initial commit

2025-06-05 11:01:19 +03:00
commit 48f13f97a3
297 changed files with 7136 additions and 0 deletions
--- a/angie/autoconf/core-error-log.conf.j2
+++ b/angie/autoconf/core-error-log.conf.j2
@@ -0,0 +1,4 @@
+{%- import 'snip/log.j2mod' as ngx_log -%}
+
+{# {{ ngx_log.error_log(dest='error.log', level=env.NGX_LOGLEVEL) }} #}
+{{ ngx_log.error_log(level=env.NGX_LOGLEVEL) }}
--- a/angie/autoconf/core-lock-file.conf
+++ b/angie/autoconf/core-lock-file.conf
@@ -0,0 +1,2 @@
+## not a real file but prefix for filenames
+lock_file  /run/ngx/lock/a;
--- a/angie/autoconf/core-pcre-jit.conf
+++ b/angie/autoconf/core-pcre-jit.conf
@@ -0,0 +1 @@
+pcre_jit on;
--- a/angie/autoconf/core-user.conf.in
+++ b/angie/autoconf/core-user.conf.in
@@ -0,0 +1,3 @@
+## if container is running in non-privileged mode,
+## then this file is going to be removed by /image-entry/75-adjust-core-user.sh
+user ${NGX_USER} ${NGX_GROUP};
--- a/angie/autoconf/core-worker-env.conf.j2
+++ b/angie/autoconf/core-worker-env.conf.j2
@@ -0,0 +1,31 @@
+{# TODO: investigate error with "include" #}
+{# {%- include 'core-worker-env.j2inc' -%} #}
+{%- set w_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set w_vars_passthrough = w_env | dict_empty_keys | list_diff(env_vars_preserve + ['TZ']) -%}
+{%- set vars_passthrough = (env_vars_passthrough + w_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
+
+## NB: "TZ" is always provided by Angie itself
+
+## preserve
+{%- for k in env_vars_preserve %}
+env {{ k | ngx_esc }};
+{%- endfor %}
+
+## passthrough
+{%- for k in vars_passthrough %}
+env {{ k | ngx_esc }};
+{%- endfor %}
+
+{%- set w_vars_override = w_env | dict_non_empty_keys -%}
+{% if w_vars_override %}
+## WARNING!
+## explicit environment variables are NOT implemented
+## reason: envs are supported only for http_perl but not for http_js/stream_js
+## solution: provide environment variables explicitly
+##   and then list them in "core_worker_env" key in config
+##
+  {%- for k in w_vars_override %}
+## env {{ "{}={}".format(k, w_env[k]) | ngx_esc }}
+  {%- endfor %}
+{%- endif %}
--- a/angie/autoconf/core-worker-env.j2inc
+++ b/angie/autoconf/core-worker-env.j2inc
@@ -0,0 +1,4 @@
+{%- set w_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set w_vars_passthrough = w_env | dict_empty_keys | list_diff(env_vars_preserve + ['TZ']) -%}
+{%- set vars_passthrough = (env_vars_passthrough + w_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
--- a/angie/autoconf/core-worker-env.txt.j2
+++ b/angie/autoconf/core-worker-env.txt.j2
@@ -0,0 +1,12 @@
+{# TODO: investigate error with "include" #}
+{# {%- include 'core-worker-env.j2inc' -%} #}
+{%- set w_env = ( j2cfg.core_worker_env or [] ) | any_to_env_dict -%}
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set w_vars_passthrough = w_env | dict_empty_keys | list_diff(env_vars_preserve + ['TZ']) -%}
+{%- set vars_passthrough = (env_vars_passthrough + w_vars_passthrough) | uniq | list_intersect(env | dict_keys) -%}
+
+{#- NB: "TZ" is always provided by Angie itself -#}
+{%- set all_vars = (env_vars_preserve + vars_passthrough + ['TZ']) | uniq -%}
+{%- for k in all_vars %}
+{{ k | ngx_esc }}
+{%- endfor %}
--- a/angie/autoconf/core-worker.conf.j2
+++ b/angie/autoconf/core-worker.conf.j2
@@ -0,0 +1,10 @@
+worker_processes {{ env.NGX_WORKER_PROCESSES }};
+{%- if env.NGX_WORKER_CPU_AFFINITY %}
+worker_cpu_affinity {{ env.NGX_WORKER_CPU_AFFINITY }};
+{%- endif %}
+{%- if env.NGX_WORKER_PRIORITY %}
+worker_priority {{ env.NGX_WORKER_PRIORITY }};
+{%- endif %}
+{%- if env.NGX_WORKER_RLIMIT_NOFILE %}
+worker_rlimit_nofile {{ env.NGX_WORKER_RLIMIT_NOFILE }};
+{%- endif %}
--- a/angie/autoconf/core_ev-worker.conf.j2
+++ b/angie/autoconf/core_ev-worker.conf.j2
@@ -0,0 +1,7 @@
+worker_connections {{ env.NGX_WORKER_CONNECTIONS }};
+{%- if env.NGX_WORKER_AIO_REQUESTS %}
+worker_aio_requests {{ env.NGX_WORKER_AIO_REQUESTS }};
+{%- endif %}
+{%- if env.NGX_WORKER_PRIORITY %}
+worker_priority {{ env.NGX_WORKER_PRIORITY }};
+{%- endif %}
--- a/angie/autoconf/http-access-log.conf
+++ b/angie/autoconf/http-access-log.conf
@@ -0,0 +1,2 @@
+include autoconf/http-access-log/format/*.conf;
+include autoconf/http-access-log/*.conf;
--- a/angie/autoconf/http-access-log/default.conf.j2
+++ b/angie/autoconf/http-access-log/default.conf.j2
@@ -0,0 +1,4 @@
+{%- import 'snip/log.j2mod' as ngx_log -%}
+
+{# {{ ngx_log.access_log(dest='access.log', format='main') }} #}
+{{ ngx_log.access_log(format='main') }}
--- a/angie/autoconf/http-access-log/format/extended.conf
+++ b/angie/autoconf/http-access-log/format/extended.conf
@@ -0,0 +1,7 @@
+log_format  extended
+    '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" rt="$request_time" '
+    '"$http_user_agent" "$http_x_forwarded_for" '
+    'h="$host" sn="$server_name" ru="$request_uri" u="$uri" '
+    'ucs="$upstream_cache_status" ua="$upstream_addr" us="$upstream_status" '
+    'uct="$upstream_connect_time" urt="$upstream_response_time"';
--- a/angie/autoconf/http-access-log/format/main.conf
+++ b/angie/autoconf/http-access-log/format/main.conf
@@ -0,0 +1,4 @@
+log_format  main
+    '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
--- a/angie/autoconf/http-alt-svc.conf
+++ b/angie/autoconf/http-alt-svc.conf
@@ -0,0 +1 @@
+include snip/http-alt-svc;
--- a/angie/autoconf/http-buffers.conf
+++ b/angie/autoconf/http-buffers.conf
@@ -0,0 +1,4 @@
+subrequest_output_buffer_size     16k;
+client_body_buffer_size           16k;
+client_header_buffer_size          4k;
+large_client_header_buffers    8  16k;
--- a/angie/autoconf/http-client-body-temp.conf
+++ b/angie/autoconf/http-client-body-temp.conf
@@ -0,0 +1 @@
+client_body_temp_path /run/ngx/cache/temp_client_body 2 2;
--- a/angie/autoconf/http-max-ranges.conf.j2
+++ b/angie/autoconf/http-max-ranges.conf.j2
@@ -0,0 +1,3 @@
+{%- if env.NGX_HTTP_MAX_RANGES %}
+max_ranges {{ env.NGX_HTTP_MAX_RANGES }};
+{%- endif %}
--- a/angie/autoconf/http-mime-types.conf
+++ b/angie/autoconf/http-mime-types.conf
@@ -0,0 +1,8 @@
+include snip/mime.types;
+
+types {
+    font/ttf               ttf;
+    application/font-sfnt  otf;
+}
+
+default_type  application/octet-stream;
--- a/angie/autoconf/http-request-headers-basic.conf.j2
+++ b/angie/autoconf/http-request-headers-basic.conf.j2
@@ -0,0 +1,26 @@
+map $http_upgrade
+    $req_connection
+{
+    default  upgrade;
+    ""       "";
+}
+
+map $http_user_agent
+    $req_user_agent
+{
+    default  $http_user_agent;
+{%- if env.NGX_HTTP_FAKE_UA %}
+    ## merely fake
+    ""  {{ env.NGX_HTTP_FAKE_UA | ngx_esc }};
+{%- else %}
+    ""  "Angie/$angie_version";
+{%- endif %}
+}
+
+map $http_accept
+    $req_accept
+{
+    volatile;
+    default  $http_accept;
+    ""       "*/*";
+}
--- a/angie/autoconf/http-request-headers-forwarded.conf
+++ b/angie/autoconf/http-request-headers-forwarded.conf
@@ -0,0 +1,27 @@
+## ref:
+## - https://www.digitalocean.com/community/tools/nginx?domains.0.reverseProxy.reverseProxy=true
+map $remote_addr
+    $proxy_forwarded_elem
+{
+    ## IPv4 addresses can be sent as-is
+    ~^[0-9.]+$         "for=$remote_addr";
+    ## IPv6 addresses need to be bracketed and quoted
+    ~^[0-9A-Fa-f:.]+$  "for=\"[$remote_addr]\"";
+    ## Unix domain socket names cannot be represented in RFC 7239 syntax
+    default            "for=unknown";
+}
+
+## ref:
+## - https://www.digitalocean.com/community/tools/nginx?domains.0.reverseProxy.reverseProxy=true
+## - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
+map $http_forwarded
+    $proxy_add_forwarded
+{
+    volatile;
+
+    ## if the incoming Forwarded header is syntactically valid, append to it
+    "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
+
+    ## otherwise, replace it
+    default  "$proxy_forwarded_elem";
+}
--- a/angie/autoconf/http-resolver.conf.j2
+++ b/angie/autoconf/http-resolver.conf.j2
@@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'http_resolver' -%}
+{% include 'snip/resolver.j2inc' %}
--- a/angie/autoconf/http-response-headers.conf
+++ b/angie/autoconf/http-response-headers.conf
@@ -0,0 +1 @@
+include snip/http-response-headers;
--- a/angie/autoconf/http-v2.conf.j2
+++ b/angie/autoconf/http-v2.conf.j2
@@ -0,0 +1,3 @@
+{%- if env.NGX_HTTP_V2 == '0' %}
+http2 off;
+{%- endif %}
--- a/angie/autoconf/http-v3.conf.j2
+++ b/angie/autoconf/http-v3.conf.j2
@@ -0,0 +1,3 @@
+{%- if env.NGX_HTTP_V3 == '0' %}
+http3 off;
+{%- endif %}
--- a/angie/autoconf/http-webroot.conf
+++ b/angie/autoconf/http-webroot.conf
@@ -0,0 +1 @@
+root static;
--- a/angie/autoconf/mail-resolver.conf.j2
+++ b/angie/autoconf/mail-resolver.conf.j2
@@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'mail_resolver' -%}
+{% include 'snip/resolver.j2inc' %}
--- a/angie/autoconf/stream-resolver.conf.j2
+++ b/angie/autoconf/stream-resolver.conf.j2
@@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'stream_resolver' -%}
+{% include 'snip/resolver.j2inc' %}
				`@@ -0,0 +1 @@`
				`client_body_temp_path /run/ngx/cache/temp_client_body 2 2;`