🚀 Initial release: Complete Ansible LEMP WordPress automation
✨ Features: - Complete LEMP stack automation - WordPress with WP-CLI - Redis Object Cache (50% performance boost) - Multi-OS support - SSL/Let's Encrypt integration - Security hardening - Enterprise features - Docker testing environment - GitHub Actions CI/CD - Comprehensive documentation 🧪 Fully tested and production-ready Copyright (c) 2025 Sebastian Palencsár
This commit is contained in:
155
templates/nginx.conf.j2
Normal file
155
templates/nginx.conf.j2
Normal file
@@ -0,0 +1,155 @@
|
||||
# Nginx main configuration for WordPress optimization
|
||||
# Generated by Ansible
|
||||
|
||||
user {{ nginx_user }};
|
||||
worker_processes {{ nginx_worker_processes | default('auto') }};
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
# Worker settings
|
||||
worker_rlimit_nofile {{ nginx_worker_rlimit_nofile | default('65535') }};
|
||||
|
||||
events {
|
||||
worker_connections {{ nginx_worker_connections | default('1024') }};
|
||||
use epoll;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
# Basic Settings
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout {{ nginx_keepalive_timeout | default('65') }};
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
|
||||
# File upload settings
|
||||
client_max_body_size {{ nginx_client_max_body_size | default('64M') }};
|
||||
client_body_buffer_size {{ nginx_client_body_buffer_size | default('128k') }};
|
||||
client_header_buffer_size {{ nginx_client_header_buffer_size | default('1k') }};
|
||||
large_client_header_buffers {{ nginx_large_client_header_buffers | default('2 1k') }};
|
||||
|
||||
# Timeouts
|
||||
client_body_timeout {{ nginx_client_body_timeout | default('12') }};
|
||||
client_header_timeout {{ nginx_client_header_timeout | default('12') }};
|
||||
send_timeout {{ nginx_send_timeout | default('10') }};
|
||||
|
||||
# MIME types
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Logging Settings
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for" '
|
||||
'$request_time $upstream_response_time';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
|
||||
# Gzip Settings
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level {{ nginx_gzip_comp_level | default('6') }};
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/geo+json
|
||||
application/javascript
|
||||
application/x-javascript
|
||||
application/json
|
||||
application/ld+json
|
||||
application/manifest+json
|
||||
application/rdf+xml
|
||||
application/rss+xml
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/eot
|
||||
font/otf
|
||||
font/ttf
|
||||
image/svg+xml
|
||||
text/css
|
||||
text/javascript
|
||||
text/plain
|
||||
text/xml;
|
||||
|
||||
# Brotli compression (if available)
|
||||
{% if nginx_brotli_enabled | default(false) %}
|
||||
brotli on;
|
||||
brotli_comp_level 6;
|
||||
brotli_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-opentype
|
||||
application/x-font-truetype
|
||||
application/x-font-ttf
|
||||
application/x-javascript
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/eot
|
||||
font/opentype
|
||||
font/otf
|
||||
font/truetype
|
||||
image/svg+xml
|
||||
image/vnd.microsoft.icon
|
||||
image/x-icon
|
||||
image/x-win-bitmap
|
||||
text/css
|
||||
text/javascript
|
||||
text/plain
|
||||
text/xml;
|
||||
{% endif %}
|
||||
|
||||
# Rate Limiting Zones
|
||||
limit_req_zone $binary_remote_addr zone=login:10m rate={{ nginx_login_rate_limit | default('1r/m') }};
|
||||
limit_req_zone $binary_remote_addr zone=admin:10m rate={{ nginx_admin_rate_limit | default('5r/m') }};
|
||||
limit_req_zone $binary_remote_addr zone=api:10m rate={{ nginx_api_rate_limit | default('10r/m') }};
|
||||
limit_req_zone $binary_remote_addr zone=search:10m rate={{ nginx_search_rate_limit | default('3r/m') }};
|
||||
|
||||
# Connection limiting
|
||||
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
|
||||
limit_conn_zone $server_name zone=conn_limit_per_server:10m;
|
||||
|
||||
# FastCGI Cache Settings
|
||||
{% if nginx_fastcgi_cache_enabled | default(true) %}
|
||||
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=wordpress:{{ nginx_fastcgi_cache_size | default('100m') }}
|
||||
max_size={{ nginx_fastcgi_cache_max_size | default('1g') }}
|
||||
inactive={{ nginx_fastcgi_cache_inactive | default('60m') }}
|
||||
use_temp_path=off;
|
||||
fastcgi_cache_key "$scheme$request_method$host$request_uri";
|
||||
{% endif %}
|
||||
|
||||
# SSL Settings
|
||||
{% if enable_ssl is defined and enable_ssl %}
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
{% endif %}
|
||||
|
||||
# Security Headers (include in server blocks)
|
||||
map $sent_http_content_type $expires {
|
||||
default off;
|
||||
text/html epoch;
|
||||
text/css max;
|
||||
application/javascript max;
|
||||
~image/ max;
|
||||
~font/ max;
|
||||
}
|
||||
|
||||
# Include additional configurations
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
Reference in New Issue
Block a user