initial commit

angie/angie.conf

@@ -0,0 +1,15 @@
+daemon off;
+pid /run/ngx/angie.pid;
+
+include mod-core.conf;
+# mod-http.conf
+# mod-mail.conf
+# mod-stream.conf
+include /run/ngx/conf.ctx/mod-*.conf;
+
+include ctx-core_ev.conf;
+include ctx-core.conf;
+# ctx-http.conf
+# ctx-mail.conf
+# ctx-stream.conf
+include /run/ngx/conf.ctx/ctx-*.conf;

angie/autoconf/core-error-log.conf.j2

@@ -0,0 +1,4 @@
+{%- import 'snip/log.j2mod' as ngx_log -%}
+
+{# {{ ngx_log.error_log(dest='error.log', level=env.NGX_LOGLEVEL) }} #}
+{{ ngx_log.error_log(level=env.NGX_LOGLEVEL) }}

angie/autoconf/core-lock-file.conf

@@ -0,0 +1,2 @@
+## not a real file but prefix for filenames
+lock_file  /run/ngx/lock/a;

angie/autoconf/core-pcre-jit.conf

@@ -0,0 +1 @@
+pcre_jit on;

angie/autoconf/core-user.conf.in

@@ -0,0 +1,3 @@
+## if container is running in non-privileged mode,
+## then this file is going to be removed by /image-entry/75-adjust-core-user.sh
+user ${NGX_USER} ${NGX_GROUP};

angie/autoconf/core-worker-env.conf.j2

@@ -0,0 +1,31 @@
+{# TODO: investigate error with "include" #}
+{# {%- include 'core-worker-env.j2inc' -%} #}
+{%- set w_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set w_vars_passthrough = w_env | dict_empty_keys | list_diff(env_vars_preserve + ['TZ']) -%}
+{%- set vars_passthrough = (env_vars_passthrough + w_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
+
+## NB: "TZ" is always provided by Angie itself
+
+## preserve
+{%- for k in env_vars_preserve %}
+env {{ k | ngx_esc }};
+{%- endfor %}
+
+## passthrough
+{%- for k in vars_passthrough %}
+env {{ k | ngx_esc }};
+{%- endfor %}
+
+{%- set w_vars_override = w_env | dict_non_empty_keys -%}
+{% if w_vars_override %}
+## WARNING!
+## explicit environment variables are NOT implemented
+## reason: envs are supported only for http_perl but not for http_js/stream_js
+## solution: provide environment variables explicitly
+##   and then list them in "core_worker_env" key in config
+##
+  {%- for k in w_vars_override %}
+## env {{ "{}={}".format(k, w_env[k]) | ngx_esc }}
+  {%- endfor %}
+{%- endif %}

angie/autoconf/core-worker-env.j2inc

@@ -0,0 +1,4 @@
+{%- set w_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set w_vars_passthrough = w_env | dict_empty_keys | list_diff(env_vars_preserve + ['TZ']) -%}
+{%- set vars_passthrough = (env_vars_passthrough + w_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}

angie/autoconf/core-worker-env.txt.j2

@@ -0,0 +1,12 @@
+{# TODO: investigate error with "include" #}
+{# {%- include 'core-worker-env.j2inc' -%} #}
+{%- set w_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set w_vars_passthrough = w_env | dict_empty_keys | list_diff(env_vars_preserve + ['TZ']) -%}
+{%- set vars_passthrough = (env_vars_passthrough + w_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
+
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set all_vars = (env_vars_preserve + vars_passthrough + ['TZ']) | uniq -%}
+{%- for k in all_vars %}
+{{ k | ngx_esc }}
+{%- endfor %}

angie/autoconf/core-worker.conf.j2

@@ -0,0 +1,10 @@
+worker_processes {{ env.NGX_WORKER_PROCESSES }};
+{%- if env.NGX_WORKER_CPU_AFFINITY %}
+worker_cpu_affinity {{ env.NGX_WORKER_CPU_AFFINITY }};
+{%- endif %}
+{%- if env.NGX_WORKER_PRIORITY %}
+worker_priority {{ env.NGX_WORKER_PRIORITY }};
+{%- endif %}
+{%- if env.NGX_WORKER_RLIMIT_NOFILE %}
+worker_rlimit_nofile {{ env.NGX_WORKER_RLIMIT_NOFILE }};
+{%- endif %}

angie/autoconf/core_ev-worker.conf.j2

@@ -0,0 +1,7 @@
+worker_connections {{ env.NGX_WORKER_CONNECTIONS }};
+{%- if env.NGX_WORKER_AIO_REQUESTS %}
+worker_aio_requests {{ env.NGX_WORKER_AIO_REQUESTS }};
+{%- endif %}
+{%- if env.NGX_WORKER_PRIORITY %}
+worker_priority {{ env.NGX_WORKER_PRIORITY }};
+{%- endif %}

angie/autoconf/http-access-log.conf

@@ -0,0 +1,2 @@
+include autoconf/http-access-log/format/*.conf;
+include autoconf/http-access-log/*.conf;

angie/autoconf/http-access-log/default.conf.j2

@@ -0,0 +1,4 @@
+{%- import 'snip/log.j2mod' as ngx_log -%}
+
+{# {{ ngx_log.access_log(dest='access.log', format='main') }} #}
+{{ ngx_log.access_log(format='main') }}

angie/autoconf/http-access-log/format/extended.conf

@@ -0,0 +1,7 @@
+log_format  extended
+    '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" rt="$request_time" '
+    '"$http_user_agent" "$http_x_forwarded_for" '
+    'h="$host" sn="$server_name" ru="$request_uri" u="$uri" '
+    'ucs="$upstream_cache_status" ua="$upstream_addr" us="$upstream_status" '
+    'uct="$upstream_connect_time" urt="$upstream_response_time"';

angie/autoconf/http-access-log/format/main.conf

@@ -0,0 +1,4 @@
+log_format  main
+    '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';

angie/autoconf/http-alt-svc.conf

@@ -0,0 +1 @@
+include snip/http-alt-svc;

angie/autoconf/http-buffers.conf

@@ -0,0 +1,4 @@
+subrequest_output_buffer_size     16k;
+client_body_buffer_size           16k;
+client_header_buffer_size          4k;
+large_client_header_buffers    8  16k;

angie/autoconf/http-client-body-temp.conf

@@ -0,0 +1 @@
+client_body_temp_path /run/ngx/cache/temp_client_body 2 2;

angie/autoconf/http-max-ranges.conf.j2

@@ -0,0 +1,3 @@
+{%- if env.NGX_HTTP_MAX_RANGES %}
+max_ranges {{ env.NGX_HTTP_MAX_RANGES }};
+{%- endif %}

angie/autoconf/http-mime-types.conf

@@ -0,0 +1,8 @@
+include snip/mime.types;
+
+types {
+    font/ttf               ttf;
+    application/font-sfnt  otf;
+}
+
+default_type  application/octet-stream;

angie/autoconf/http-request-headers-basic.conf.j2

@@ -0,0 +1,26 @@
+map $http_upgrade
+    $req_connection
+{
+    default  upgrade;
+    ""       "";
+}
+
+map $http_user_agent
+    $req_user_agent
+{
+    default  $http_user_agent;
+{%- if env.NGX_HTTP_FAKE_UA %}
+    ## merely fake
+    ""  {{ env.NGX_HTTP_FAKE_UA | ngx_esc }};
+{%- else %}
+    ""  "Angie/$angie_version";
+{%- endif %}
+}
+
+map $http_accept
+    $req_accept
+{
+    volatile;
+    default  $http_accept;
+    ""       "*/*";
+}

angie/autoconf/http-request-headers-forwarded.conf

@@ -0,0 +1,27 @@
+## ref:
+## - https://www.digitalocean.com/community/tools/nginx?domains.0.reverseProxy.reverseProxy=true
+map $remote_addr
+    $proxy_forwarded_elem
+{
+    ## IPv4 addresses can be sent as-is
+    ~^[0-9.]+$         "for=$remote_addr";
+    ## IPv6 addresses need to be bracketed and quoted
+    ~^[0-9A-Fa-f:.]+$  "for=\"[$remote_addr]\"";
+    ## Unix domain socket names cannot be represented in RFC 7239 syntax
+    default            "for=unknown";
+}
+
+## ref:
+## - https://www.digitalocean.com/community/tools/nginx?domains.0.reverseProxy.reverseProxy=true
+## - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
+map $http_forwarded
+    $proxy_add_forwarded
+{
+    volatile;
+
+    ## if the incoming Forwarded header is syntactically valid, append to it
+    "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
+
+    ## otherwise, replace it
+    default  "$proxy_forwarded_elem";
+}

angie/autoconf/http-resolver.conf.j2

@@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'http_resolver' -%}
+{% include 'snip/resolver.j2inc' %}

angie/autoconf/http-response-headers.conf

@@ -0,0 +1 @@
+include snip/http-response-headers;

angie/autoconf/http-v2.conf.j2

@@ -0,0 +1,3 @@
+{%- if env.NGX_HTTP_V2 == '0' %}
+http2 off;
+{%- endif %}

angie/autoconf/http-v3.conf.j2

@@ -0,0 +1,3 @@
+{%- if env.NGX_HTTP_V3 == '0' %}
+http3 off;
+{%- endif %}

angie/autoconf/http-webroot.conf

@@ -0,0 +1 @@
+root static;

angie/autoconf/mail-resolver.conf.j2

@@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'mail_resolver' -%}
+{% include 'snip/resolver.j2inc' %}

angie/autoconf/stream-resolver.conf.j2

@@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'stream_resolver' -%}
+{% include 'snip/resolver.j2inc' %}

angie/conf/acme/path.conf

@@ -0,0 +1 @@
+acme_client_path /run/ngx/lib/acme;

angie/conf/brotli/buffers.conf

@@ -0,0 +1,5 @@
+brotli_comp_level  5; # default: 6
+brotli_window      128k; # default: 512k
+
+brotli_min_length  1024;
+brotli_buffers     32  16k;

angie/conf/brotli/types.conf.j2

@@ -0,0 +1,9 @@
+{%- set mime_types = j2cfg.compress_types or [] -%}
+{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
+{%- if mime_types -%}
+brotli_types
+{%- for t in mime_types %}
+    {{ t }}
+{%- endfor %}
+;
+{%- endif -%}

angie/conf/core-quic-bpf.conf

@@ -0,0 +1 @@
+quic_bpf on;

angie/conf/core_ev-accept-mutex-delay.conf

@@ -0,0 +1 @@
+accept_mutex_delay 200ms;

angie/conf/core_ev-accept-mutex.conf

@@ -0,0 +1 @@
+accept_mutex on;

angie/conf/core_ev-multi-accept.conf

@@ -0,0 +1 @@
+multi_accept on;

angie/conf/fastcgi/buffers.conf

@@ -0,0 +1,4 @@
+fastcgi_buffers           16  16k;
+fastcgi_buffer_size           16k;
+fastcgi_busy_buffers_size     32k;
+fastcgi_temp_file_write_size  32k;

angie/conf/fastcgi/cache-bypass.conf.j2

@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+fastcgi_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+fastcgi_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}

angie/conf/fastcgi/headers.conf

@@ -0,0 +1,2 @@
+include snip/fastcgi-request-headers;
+include snip/fastcgi-response-headers;

angie/conf/fastcgi/param.conf

@@ -0,0 +1,7 @@
+include snip/fastcgi.conf;
+
+fastcgi_param  PATH_INFO    $path_info;
+
+fastcgi_param  AUTH_USER    $remote_user;
+fastcgi_param  REMOTE_USER  $remote_user;
+fastcgi_param  HTTP_HOST    $host;

angie/conf/fastcgi/temp.conf

@@ -0,0 +1 @@
+fastcgi_temp_path /run/ngx/cache/temp_fastcgi 2 2;

angie/conf/grpc/buffers.conf

@@ -0,0 +1 @@
+grpc_buffer_size  16k;

angie/conf/grpc/headers.conf

@@ -0,0 +1,2 @@
+include snip/grpc-request-headers;
+include snip/grpc-response-headers;

angie/conf/grpc/ssl.conf.j2

@@ -0,0 +1,7 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+grpc_ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
+
+grpc_ssl_trusted_certificate {{ env.NGX_SSL_CERT_FILE }};
+grpc_ssl_verify on;
+grpc_ssl_server_name on;

angie/conf/gzip/buffers.conf

@@ -0,0 +1,4 @@
+gzip_comp_level  2; # default: 1
+
+gzip_min_length  1024;
+gzip_buffers     32  16k;

angie/conf/gzip/proxied.conf

@@ -0,0 +1 @@
+gzip_proxied any;

angie/conf/gzip/types.conf.j2

@@ -0,0 +1,9 @@
+{%- set mime_types = j2cfg.compress_types or [] -%}
+{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
+{%- if mime_types -%}
+gzip_types
+{%- for t in mime_types %}
+    {{ t }}
+{%- endfor %}
+;
+{%- endif -%}

angie/conf/gzip/vary.conf

@@ -0,0 +1 @@
+gzip_vary on;

angie/conf/http-acme.conf

@@ -0,0 +1 @@
+include conf/acme/*.conf;

angie/conf/http-brotli-static.conf

@@ -0,0 +1 @@
+brotli_static on;

angie/conf/http-brotli.conf

@@ -0,0 +1,2 @@
+include conf/brotli/*.conf;
+brotli on;

angie/conf/http-fastcgi.conf

@@ -0,0 +1 @@
+include conf/fastcgi/*.conf;

angie/conf/http-grpc.conf

@@ -0,0 +1 @@
+include conf/grpc/*.conf;

angie/conf/http-gunzip.conf

@@ -0,0 +1,2 @@
+gunzip_buffers  16  16k;
+gunzip on;

angie/conf/http-gzip-static.conf

@@ -0,0 +1 @@
+gzip_static on;

angie/conf/http-gzip.conf

@@ -0,0 +1,2 @@
+include conf/gzip/*.conf;
+gzip on;

angie/conf/http-modsecurity.conf

@@ -0,0 +1,4 @@
+modsecurity_rules_file modsecurity/rules.conf;
+
+## NOT enabling ModSecurity by default!
+# modsecurity on;

angie/conf/http-njs.conf

@@ -0,0 +1 @@
+include conf/njs/*.conf;

angie/conf/http-perl.conf

@@ -0,0 +1 @@
+include conf/perl/*.conf;

angie/conf/http-proxy.conf

@@ -0,0 +1,2 @@
+include conf/proxy/*.conf;
+include conf/proxy-http/*.conf;

angie/conf/http-quic-gso.conf.j2

@@ -0,0 +1,5 @@
+quic_gso on;
+
+{%- if env.NGX_HTTP_PROXY == '1' %}
+proxy_quic_gso on;
+{%- endif %}

angie/conf/http-scgi.conf

@@ -0,0 +1 @@
+include conf/scgi/*.conf;

angie/conf/http-ssl.conf.j2

@@ -0,0 +1,25 @@
+include conf/ssl/*.conf;
+
+## lowering from 16k to 4k to improve time-to-first-byte
+ssl_buffer_size  4k;
+
+{%- if env.NGX_HTTP_SSL_PROFILE %}
+include snip/ssl-{{ env.NGX_HTTP_SSL_PROFILE }};
+{%- endif %}
+
+{%- if j2cfg.tls.stapling.enable %}
+ssl_stapling on;
+  {%- if j2cfg.tls.stapling.verify %}
+ssl_stapling_verify on;
+  {%- else %}
+ssl_stapling_verify off;
+  {%- endif %}
+  {%- if j2cfg.tls.stapling.file %}
+ssl_stapling_file {{ j2cfg.tls.stapling.file | ngx_esc }};
+  {%- endif %}
+  {%- if j2cfg.tls.stapling.responder %}
+ssl_stapling_responder {{ j2cfg.tls.stapling.responder | ngx_esc }};
+  {%- endif %}
+{%- else %}
+ssl_stapling off;
+{%- endif %}

angie/conf/http-uwsgi.conf

@@ -0,0 +1 @@
+include conf/uwsgi/*.conf;

angie/conf/http-v2.conf

@@ -0,0 +1,2 @@
+include conf/http2/*.conf;
+http2 on;

angie/conf/http-v3.conf

@@ -0,0 +1,2 @@
+include conf/http3/*.conf;
+http3 on;

angie/conf/http-zstd-static.conf

@@ -0,0 +1 @@
+zstd_static on;

angie/conf/http-zstd.conf

@@ -0,0 +1,2 @@
+include conf/zstd/*.conf;
+zstd on;

angie/conf/http2/param.conf

@@ -0,0 +1,2 @@
+http2_chunk_size 16k;
+http2_body_preread_size 64k;

angie/conf/http3/param.conf.j2

@@ -0,0 +1,9 @@
+http3_max_concurrent_streams 128; #default
+http3_stream_buffer_size 64k; #default
+quic_active_connection_id_limit 3;
+
+{%- if env.NGX_HTTP_PROXY == '1' %}
+proxy_http3_max_concurrent_streams 128; #default
+proxy_http3_stream_buffer_size 64k; #default
+proxy_quic_active_connection_id_limit 3;
+{%- endif %}

angie/conf/mail-ssl.conf.j2

@@ -0,0 +1,5 @@
+include conf/ssl/*.conf;
+
+{%- if env.NGX_MAIL_SSL_PROFILE %}
+include snip/ssl-{{ env.NGX_MAIL_SSL_PROFILE }};
+{%- endif %}

angie/conf/njs/path.conf

@@ -0,0 +1 @@
+js_path site;

angie/conf/njs/tls-ca-file.conf.in

@@ -0,0 +1 @@
+js_fetch_trusted_certificate ${NGX_SSL_CERT_FILE};

angie/conf/perl/path.conf

@@ -0,0 +1 @@
+perl_modules site;

angie/conf/proxy-http/buffers.conf

@@ -0,0 +1,4 @@
+proxy_buffers           16  16k;
+proxy_buffer_size           16k;
+proxy_busy_buffers_size     32k;
+proxy_temp_file_write_size  32k;

angie/conf/proxy-http/cache-bypass.conf.j2

@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+proxy_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+proxy_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}

angie/conf/proxy-http/headers.conf

@@ -0,0 +1,2 @@
+include snip/proxy-request-headers;
+include snip/proxy-response-headers;

angie/conf/proxy-http/temp.conf

@@ -0,0 +1 @@
+proxy_temp_path /run/ngx/cache/temp_proxy 2 2;

angie/conf/proxy-http/version.conf

@@ -0,0 +1 @@
+proxy_http_version 1.1;

angie/conf/proxy/ssl.conf.j2

@@ -0,0 +1,7 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+proxy_ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
+
+proxy_ssl_trusted_certificate {{ env.NGX_SSL_CERT_FILE }};
+proxy_ssl_verify on;
+proxy_ssl_server_name on;

angie/conf/scgi/buffers.conf

@@ -0,0 +1,4 @@
+scgi_buffers           16  16k;
+scgi_buffer_size           16k;
+scgi_busy_buffers_size     32k;
+scgi_temp_file_write_size  32k;

angie/conf/scgi/cache-bypass.conf.j2

@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+scgi_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+scgi_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}

angie/conf/scgi/headers.conf

@@ -0,0 +1,2 @@
+include snip/scgi-request-headers;
+include snip/scgi-response-headers;

angie/conf/scgi/param.conf

@@ -0,0 +1,7 @@
+include snip/scgi_params;
+
+scgi_param  PATH_INFO    $path_info;
+
+scgi_param  AUTH_USER    $remote_user;
+scgi_param  REMOTE_USER  $remote_user;
+scgi_param  HTTP_HOST    $host;

angie/conf/scgi/temp.conf

@@ -0,0 +1 @@
+scgi_temp_path /run/ngx/cache/temp_scgi 2 2;

angie/conf/ssl/cmd.conf.j2

@@ -0,0 +1,3 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}

angie/conf/stream-njs.conf

@@ -0,0 +1 @@
+include conf/njs/*.conf;

angie/conf/stream-proxy.conf

@@ -0,0 +1,2 @@
+include conf/proxy/*.conf;
+include conf/proxy-stream/*.conf;

angie/conf/stream-ssl.conf.j2

@@ -0,0 +1,5 @@
+include conf/ssl/*.conf;
+
+{%- if env.NGX_STREAM_SSL_PROFILE %}
+include snip/ssl-{{ env.NGX_STREAM_SSL_PROFILE }};
+{%- endif %}

angie/conf/uwsgi/buffers.conf

@@ -0,0 +1,4 @@
+uwsgi_buffers           16  16k;
+uwsgi_buffer_size           16k;
+uwsgi_busy_buffers_size     32k;
+uwsgi_temp_file_write_size  32k;

angie/conf/uwsgi/cache-bypass.conf.j2

@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+uwsgi_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+uwsgi_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}

angie/conf/uwsgi/headers.conf

@@ -0,0 +1,2 @@
+include snip/uwsgi-request-headers;
+include snip/uwsgi-response-headers;

angie/conf/uwsgi/param.conf

@@ -0,0 +1,7 @@
+include snip/uwsgi_params;
+
+uwsgi_param  PATH_INFO    $path_info;
+
+uwsgi_param  AUTH_USER    $remote_user;
+uwsgi_param  REMOTE_USER  $remote_user;
+uwsgi_param  HTTP_HOST    $host;

angie/conf/uwsgi/ssl.conf.j2

@@ -0,0 +1,7 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+uwsgi_ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
+
+uwsgi_ssl_trusted_certificate {{ env.NGX_SSL_CERT_FILE }};
+uwsgi_ssl_verify on;
+uwsgi_ssl_server_name on;

angie/conf/uwsgi/temp.conf

@@ -0,0 +1 @@
+uwsgi_temp_path /run/ngx/cache/temp_uwsgi 2 2;

angie/conf/zstd/buffers.conf

@@ -0,0 +1,4 @@
+zstd_comp_level  2; # default: 1
+
+zstd_min_length  1024;
+zstd_buffers     32  16k;

angie/conf/zstd/types.conf.j2

@@ -0,0 +1,9 @@
+{%- set mime_types = j2cfg.compress_types or [] -%}
+{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
+{%- if mime_types -%}
+zstd_types
+{%- for t in mime_types %}
+    {{ t }}
+{%- endfor %}
+;
+{%- endif -%}

angie/ctx-core.conf

@@ -0,0 +1,2 @@
+include autoconf/core-*.conf;
+include /run/ngx/conf.load/core-*.conf;

angie/ctx-core_ev.conf

@@ -0,0 +1,4 @@
+events {
+    include autoconf/core_ev-*.conf;
+    include /run/ngx/conf.load/core_ev-*.conf;
+}

angie/ctx-http.conf

@@ -0,0 +1,5 @@
+http {
+    include autoconf/http-*.conf;
+    include /run/ngx/conf.load/http-*.conf;
+    include site/http-*.conf;
+}