ansible/roles/nginx/templates/nginx.conf.j2

# {{ ansible_managed }}

user {{ nginx_user }};
worker_processes {{ nginx_worker_processes }};

error_log {{ nginx_error_log }};
pid {{ nginx_pid }};


events {
    worker_connections {{ nginx_worker_connections }};
}


http {
    include {{ nginx_mime_types_path }};
    default_type {{ nginx_default_type }};

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log {{ nginx_access_log }};

    sendfile {{ nginx_sendfile }};
    #tcp_nopush on;

    keepalive_timeout {{ nginx_keepalive_timeout }};
    gzip {{ nginx_gzip }};

    geo $bad_actors {
        default 0;
    }
    
    map $bad_actors $limit_key {
        0 "";
        1 $binary_remote_addr;
    }
    
    limit_req_zone $limit_key zone=req_bad_actors:10m rate=5r/s;

    include {{ nginx_conf_d_path }}/*.conf;
}
use upstream nginx package 2020-09-21 03:44:45 +00:00			`# {{ ansible_managed }}`

			`user {{ nginx_user }};`
			`worker_processes {{ nginx_worker_processes }};`

			`error_log {{ nginx_error_log }};`
			`pid {{ nginx_pid }};`


			`events {`
			`worker_connections {{ nginx_worker_connections }};`
			`}`


			`http {`
			`include {{ nginx_mime_types_path }};`
			`default_type {{ nginx_default_type }};`

			`log_format main '$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for"';`

			`access_log {{ nginx_access_log }};`

			`sendfile {{ nginx_sendfile }};`
			`#tcp_nopush on;`

			`keepalive_timeout {{ nginx_keepalive_timeout }};`
			`gzip {{ nginx_gzip }};`

			`geo $bad_actors {`
			`default 0;`
			`}`

			`map $bad_actors $limit_key {`
			`0 "";`
			`1 $binary_remote_addr;`
			`}`

			`limit_req_zone $limit_key zone=req_bad_actors:10m rate=5r/s;`

			`include {{ nginx_conf_d_path }}/*.conf;`
			`}`