user nginx; worker_processes auto; error_log /var/log/nginx/error.log; error_log syslog:server=unix:/dev/log,nohostname; pid /run/nginx.pid; include /etc/nginx/ansible_modules.d/*.conf; events { worker_connections 1024; } http { log_format combined_virtual '$server_name $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" scheme="$scheme"'; log_format combined_virtual_backend '$server_name $http_x_forwarded_for - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" scheme="$scheme"'; {% if nginx_llng.stat.exists %} log_format combined_virtual_llng '$server_name $remote_addr - $lmremote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" scheme="$scheme"'; log_format combined_virtual_backend_llng '$server_name $http_x_forwarded_for - $lmremote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" scheme="$scheme"'; {% endif %} access_log /var/log/nginx/access.log {{ nginx_log_format }}; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; client_max_body_size 10m; server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/ansible_conf.d/*.conf; map $scheme $hsts_header { https 'max-age=31536000'; } server { listen 80 default_server; listen 443 default_server ssl http2; server_name _; root /usr/share/nginx/html; # Load location fragments in the default vhost include /etc/nginx/ansible_location.d/*.conf; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security $hsts_header; include /etc/nginx/ansible_conf.d/acme.inc; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } location ~ \.ht { deny all; } } }