# {{ ansible_managed }} user www-data; worker_processes auto; pid /run/nginx.pid; error_log /var/log/nginx/error.log; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; ## # Gzip Settings ## gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } # Minecraft server and other non NGinx standard protocol proxying handled here stream { # UDP Reverse Proxying for the Technitium DNS service. TCP handled by Haproxy server { listen 53 udp; proxy_pass technitium; } upstream technitium { server 10.0.0.10:7649; } # This appears to work in the sense that the port is available when checking with telnet, but doesn't appear to be working in Minecraft # map $ssl_preread_server_name $name { # minecraft.{{ domain_name }} 10.0.0.2:25565; # } # server { # listen 25565; # listen [::]:25565; # # proxy_pass $name; # ssl_preread on; # } # Minecraft # upstream minecraft { # server 10.0.0.7:54376; # } # # server { # listen 25565; # # proxy_pass minecraft; # } # NOW HANDLED BY HAPROXY # For now instead of mail proxy, we will just reverse proxy the tcp traffic itself # upstream smtp { # server 10.0.0.2:25; # Cleartext Unsecure SMTP # } # server { # listen 25; # # proxy_pass smtp; # } # # upstream esmtp { # server 10.0.0.2:465; # ESMTP Implicit TLS # } # server { # listen 465; # # proxy_pass esmtp; # } # # upstream smtp_starttls { # server 10.0.0.2:587; # SMTP Explicit TLS # } # server { # listen 587; # # proxy_pass smtp_starttls; # } # # upstream imaps { # server 10.0.0.2:993; # IMAPS Implicit TLS # } # server { # listen 993; # # proxy_pass imaps; # } # # upstream imap_starttls { # server 10.0.0.2:143; # IMAP Explicit TLS # } # server { # listen 143; # # proxy_pass imap_starttls; # } } # Mail Proxy configuration #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # auth_http localhost/auth.php; # # server_name mail.{{ domain_name }}; # auth_http http://127.0.0.1:8000; # proxy_smtp_auth on; # smtp_auth plain; # xclient off; # # proxy_pass_error_message on; # # # ssl_certificate /etc/letsencrypt/live/mail.{{ domain_name }}/fullchain.pem; # managed by Certbot # # ssl_certificate_key /etc/letsencrypt/live/mail.{{ domain_name }}/privkey.pem; # managed by Certbot # # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # # server { # listen 25; # protocol smtp; # proxy on; # auth_http_header X-Auth-Port 25; # } # # server { # listen 465; #ssl; # protocol smtp; # proxy on; # auth_http_header X-Auth-Port 465; # } # # server { # listen 587; # protocol smtp; # proxy on; # # starttls on; # auth_http_header X-Auth-Port 587; # } # # server { # listen 993; #ssl; # protocol imap; # proxy on; # auth_http_header X-Auth-Port 993; # } # # server { # listen 143; # protocol imap; # proxy on; # # starttls on; # auth_http_header X-Auth-Port 143; # } #}