nginx-formula/nginx/templates/config.jinja

{% set nginx = pillar.get('nginx', {}) -%}
# defaults passed via context from the map.jinja
{% set user = nginx.get('user', default_user) -%}
{% set group = nginx.get('group', default_group) -%}
user   {{ user }} {{ group }};
worker_processes  {{ nginx.get('worker_processes', 1) }};
{% set worker_rlimit_nofile = nginx.get('worker_rlimit_nofile', '') -%}
{% if worker_rlimit_nofile -%}
worker_rlimit_nofile {{ worker_rlimit_nofile }};
{% endif -%}

{% set error_log_location = nginx.get('error_log',{}).get('location', '/var/log/nginx/error.fifo') -%}
{% set error_log_level = nginx.get('error_log',{}).get('level', 'warn') -%}
error_log {{ ' '.join([error_log_location, error_log_level]) }};
pid {{ nginx.get('pid', '/var/run/nginx.pid') }};
daemon {{ nginx.get('daemon', 'on') }};

events {
    worker_connections {{ nginx.get('events', {}).get('worker_connections', 1024) }};
    {% set use = nginx.get('events', {}).get('use', '') -%}
    {% if use -%}
    use {{ use }};
    {% endif %}
}

http {
    {% if 'set_real_ips' in nginx -%}
    {% for ip in nginx.get('set_real_ips', {}).get('from_ips', []) -%}
    set_real_ip_from {{ ip }};
    {% endfor -%}
    real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }};

    {% endif -%}
    include /etc/nginx/mime.types;
    default_type  {{ nginx.get('default_type', 'application/octet-stream') }};
    log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.fifo main;
    sendfile {{ nginx.get('sendfile', 'on') }};
    #tcp_nopush on;
    keepalive_timeout {{ nginx.get('keepalive_timeout', 65) }};
    server_names_hash_bucket_size {{ nginx.get('server_names_hash_bucket_size', 128) }};
    server_names_hash_max_size {{ nginx.get('server_names_hash_max_size', 1024) }};
    types_hash_max_size {{ nginx.get('types_hash_max_size', 8192) }};

    gzip {{ nginx.get('gzip', 'on') }};
    gzip_vary {{ nginx.get('gzip_vary', 'on') }};
    gzip_proxied {{ nginx.get('gzip_proxied', 'any') }};
    gzip_comp_level {{ nginx.get('gzip_comp_level', 6) }};
    gzip_buffers {{ nginx.get('gzip_buffers', '16 8k') }};
    gzip_http_version {{ nginx.get('gzip_http_version', '1.1') }};
    gzip_types {{ nginx.get('gzip_types', ['text/plain', 'text/css', 'application/json', 'application/x-javascript', 'text/xml', 'application/xml', 'application/xml+rss', 'text/javascript'])|join(' ') }};
    gzip_disable "{{ nginx.get('gzip_disable', 'msie6') }}";

    # turn on nginx_status on localhost
    server {
        listen 127.0.0.1:80;
        server_name 127.0.0.1;
        location /nginx_status {
            stub_status on;
            access_log off;
            allow 127.0.0.1;
            deny all;
        }
    }
{% if pillar['nginx'] is defined -%}
{% if pillar['nginx']['redirect_numeric_ip']|default(False) -%}
    server {
        server_name {% for ip in salt['network.interfaces']()['eth0']['inet'] %}{{ ip['address'] }}:80{% if not loop.last %} {% endif %}{% endfor %};
        return 302 {{ pillar['nginx']['redirect_numeric_ip'] }};
        access_log off;
    }
{% endif -%}
{% endif %}

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;
}