worker_processes auto; pid /tmp/nginx.pid; include /etc/nginx/modules-enabled/*.conf; error_log /dev/stdout; user www-data; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## log_format json_combined escape=json '{' '"timestamp":"$time_local",' '"host":"$remote_addr",' '"request_username":"$remote_user",' '"event":"$request",' '"status": "$status",' '"size":"$body_bytes_sent",' '"runtime":"$request_time",' '"logger":"nginx",' '"request_useragent":"$http_user_agent"' '}'; access_log /dev/null json_combined; ## # Gzip Settings ## gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## server { listen 80; server_name _; charset utf-8; root /usr/share/nginx/html; index index.html; location / { access_log /dev/stdout json_combined; } location /static/ { expires 31d; add_header Cache-Control "public, no-transform"; add_header X-authentik-version "2021.3.4"; add_header Vary X-authentik-version; } location /if/admin { root /usr/share/nginx/html/static/dist; try_files $uri /static/dist/if/admin/index.html; } location /if/flow { root /usr/share/nginx/html/static/dist; try_files $uri /static/dist/if/flow/index.html; } } }