From 98deb6b468c52d09c69c699b02ab16791f557beb Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Thu, 21 Dec 2023 18:08:22 +0000
Subject: Enable certbot for certificates renewal

---
 roles/web/files/nginx                 | 12 --------
 roles/web/files/nginx/nginx.conf      | 55 +++++++++++++++++++++++++++++++++++
 roles/web/files/nginx/nginx.logrotate | 12 ++++++++
 3 files changed, 67 insertions(+), 12 deletions(-)
 delete mode 100644 roles/web/files/nginx
 create mode 100644 roles/web/files/nginx/nginx.conf
 create mode 100644 roles/web/files/nginx/nginx.logrotate

(limited to 'roles/web/files/nginx')

diff --git a/roles/web/files/nginx b/roles/web/files/nginx
deleted file mode 100644
index da8ba47..0000000
--- a/roles/web/files/nginx
+++ /dev/null
@@ -1,12 +0,0 @@
-/var/log/nginx/*log {
-	missingok
-	notifempty
-	create 640 http root
-	daily
-	rotate 14
-	sharedscripts
-	compress
-	postrotate
-		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
-	endscript
-}
diff --git a/roles/web/files/nginx/nginx.conf b/roles/web/files/nginx/nginx.conf
new file mode 100644
index 0000000..ce8302d
--- /dev/null
+++ b/roles/web/files/nginx/nginx.conf
@@ -0,0 +1,55 @@
+# Run workers under http user.
+user http;
+
+# Set number of worker processes to number of available CPU cores.
+worker_processes 1;
+
+# Log errors in a separate file.
+error_log /var/log/nginx/error.log;
+
+# Write a PID-file.
+pid /run/nginx.pid;
+
+
+events {
+    # Maximum number of simultaneous connections that can be opened by a worker
+    # process.
+    # worker_connections 512;
+}
+
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    # Use log_format defined above.
+    access_log /var/log/nginx/access.log main;
+
+    # Enable use of sendfile.
+    sendfile on;
+
+    # Set keepalive timeout to 65 seconds.
+    keepalive_timeout 65;
+
+    # Set types_hash_max_size to 2048 to avoid warning in logs.
+    types_hash_max_size 4096;
+
+    # Load configs for all enabled sites.
+    include /etc/nginx/sites-enabled/*;
+
+    server {
+        # Listen on port 80 and become a default server.
+        listen 80;
+        listen [::]:80 default_server;
+
+        # Serve as a default server block.
+        server_name _;
+
+        # Redirect any non-matched request to default page.
+        return 301 https://ilvokhin.com$request_uri;
+    }
+}
diff --git a/roles/web/files/nginx/nginx.logrotate b/roles/web/files/nginx/nginx.logrotate
new file mode 100644
index 0000000..da8ba47
--- /dev/null
+++ b/roles/web/files/nginx/nginx.logrotate
@@ -0,0 +1,12 @@
+/var/log/nginx/*log {
+	missingok
+	notifempty
+	create 640 http root
+	daily
+	rotate 14
+	sharedscripts
+	compress
+	postrotate
+		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
+	endscript
+}
-- 
cgit v1.2.3-70-g09d2