initial commit

2025-06-05 11:01:19 +03:00
commit 48f13f97a3
297 changed files with 7136 additions and 0 deletions
--- a/angie/conf/acme/path.conf
+++ b/angie/conf/acme/path.conf
@@ -0,0 +1 @@
+acme_client_path /run/ngx/lib/acme;
--- a/angie/conf/brotli/buffers.conf
+++ b/angie/conf/brotli/buffers.conf
@@ -0,0 +1,5 @@
+brotli_comp_level  5; # default: 6
+brotli_window      128k; # default: 512k
+
+brotli_min_length  1024;
+brotli_buffers     32  16k;
--- a/angie/conf/brotli/types.conf.j2
+++ b/angie/conf/brotli/types.conf.j2
@@ -0,0 +1,9 @@
+{%- set mime_types = j2cfg.compress_types or [] -%}
+{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
+{%- if mime_types -%}
+brotli_types
+{%- for t in mime_types %}
+    {{ t }}
+{%- endfor %}
+;
+{%- endif -%}
--- a/angie/conf/core-quic-bpf.conf
+++ b/angie/conf/core-quic-bpf.conf
@@ -0,0 +1 @@
+quic_bpf on;
--- a/angie/conf/core_ev-accept-mutex-delay.conf
+++ b/angie/conf/core_ev-accept-mutex-delay.conf
@@ -0,0 +1 @@
+accept_mutex_delay 200ms;
--- a/angie/conf/core_ev-accept-mutex.conf
+++ b/angie/conf/core_ev-accept-mutex.conf
@@ -0,0 +1 @@
+accept_mutex on;
--- a/angie/conf/core_ev-multi-accept.conf
+++ b/angie/conf/core_ev-multi-accept.conf
@@ -0,0 +1 @@
+multi_accept on;
--- a/angie/conf/fastcgi/buffers.conf
+++ b/angie/conf/fastcgi/buffers.conf
@@ -0,0 +1,4 @@
+fastcgi_buffers           16  16k;
+fastcgi_buffer_size           16k;
+fastcgi_busy_buffers_size     32k;
+fastcgi_temp_file_write_size  32k;
--- a/angie/conf/fastcgi/cache-bypass.conf.j2
+++ b/angie/conf/fastcgi/cache-bypass.conf.j2
@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+fastcgi_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+fastcgi_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}
--- a/angie/conf/fastcgi/headers.conf
+++ b/angie/conf/fastcgi/headers.conf
@@ -0,0 +1,2 @@
+include snip/fastcgi-request-headers;
+include snip/fastcgi-response-headers;
--- a/angie/conf/fastcgi/param.conf
+++ b/angie/conf/fastcgi/param.conf
@@ -0,0 +1,7 @@
+include snip/fastcgi.conf;
+
+fastcgi_param  PATH_INFO    $path_info;
+
+fastcgi_param  AUTH_USER    $remote_user;
+fastcgi_param  REMOTE_USER  $remote_user;
+fastcgi_param  HTTP_HOST    $host;
--- a/angie/conf/fastcgi/temp.conf
+++ b/angie/conf/fastcgi/temp.conf
@@ -0,0 +1 @@
+fastcgi_temp_path /run/ngx/cache/temp_fastcgi 2 2;
--- a/angie/conf/grpc/buffers.conf
+++ b/angie/conf/grpc/buffers.conf
@@ -0,0 +1 @@
+grpc_buffer_size  16k;
--- a/angie/conf/grpc/headers.conf
+++ b/angie/conf/grpc/headers.conf
@@ -0,0 +1,2 @@
+include snip/grpc-request-headers;
+include snip/grpc-response-headers;
--- a/angie/conf/grpc/ssl.conf.j2
+++ b/angie/conf/grpc/ssl.conf.j2
@@ -0,0 +1,7 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+grpc_ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
+
+grpc_ssl_trusted_certificate {{ env.NGX_SSL_CERT_FILE }};
+grpc_ssl_verify on;
+grpc_ssl_server_name on;
--- a/angie/conf/gzip/buffers.conf
+++ b/angie/conf/gzip/buffers.conf
@@ -0,0 +1,4 @@
+gzip_comp_level  2; # default: 1
+
+gzip_min_length  1024;
+gzip_buffers     32  16k;
--- a/angie/conf/gzip/proxied.conf
+++ b/angie/conf/gzip/proxied.conf
@@ -0,0 +1 @@
+gzip_proxied any;
--- a/angie/conf/gzip/types.conf.j2
+++ b/angie/conf/gzip/types.conf.j2
@@ -0,0 +1,9 @@
+{%- set mime_types = j2cfg.compress_types or [] -%}
+{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
+{%- if mime_types -%}
+gzip_types
+{%- for t in mime_types %}
+    {{ t }}
+{%- endfor %}
+;
+{%- endif -%}
--- a/angie/conf/gzip/vary.conf
+++ b/angie/conf/gzip/vary.conf
@@ -0,0 +1 @@
+gzip_vary on;
--- a/angie/conf/http-acme.conf
+++ b/angie/conf/http-acme.conf
@@ -0,0 +1 @@
+include conf/acme/*.conf;
--- a/angie/conf/http-brotli-static.conf
+++ b/angie/conf/http-brotli-static.conf
@@ -0,0 +1 @@
+brotli_static on;
--- a/angie/conf/http-brotli.conf
+++ b/angie/conf/http-brotli.conf
@@ -0,0 +1,2 @@
+include conf/brotli/*.conf;
+brotli on;
--- a/angie/conf/http-fastcgi.conf
+++ b/angie/conf/http-fastcgi.conf
@@ -0,0 +1 @@
+include conf/fastcgi/*.conf;
--- a/angie/conf/http-grpc.conf
+++ b/angie/conf/http-grpc.conf
@@ -0,0 +1 @@
+include conf/grpc/*.conf;
--- a/angie/conf/http-gunzip.conf
+++ b/angie/conf/http-gunzip.conf
@@ -0,0 +1,2 @@
+gunzip_buffers  16  16k;
+gunzip on;
--- a/angie/conf/http-gzip-static.conf
+++ b/angie/conf/http-gzip-static.conf
@@ -0,0 +1 @@
+gzip_static on;
--- a/angie/conf/http-gzip.conf
+++ b/angie/conf/http-gzip.conf
@@ -0,0 +1,2 @@
+include conf/gzip/*.conf;
+gzip on;
--- a/angie/conf/http-modsecurity.conf
+++ b/angie/conf/http-modsecurity.conf
@@ -0,0 +1,4 @@
+modsecurity_rules_file modsecurity/rules.conf;
+
+## NOT enabling ModSecurity by default!
+# modsecurity on;
--- a/angie/conf/http-njs.conf
+++ b/angie/conf/http-njs.conf
@@ -0,0 +1 @@
+include conf/njs/*.conf;
--- a/angie/conf/http-perl.conf
+++ b/angie/conf/http-perl.conf
@@ -0,0 +1 @@
+include conf/perl/*.conf;
--- a/angie/conf/http-proxy.conf
+++ b/angie/conf/http-proxy.conf
@@ -0,0 +1,2 @@
+include conf/proxy/*.conf;
+include conf/proxy-http/*.conf;
--- a/angie/conf/http-quic-gso.conf.j2
+++ b/angie/conf/http-quic-gso.conf.j2
@@ -0,0 +1,5 @@
+quic_gso on;
+
+{%- if env.NGX_HTTP_PROXY == '1' %}
+proxy_quic_gso on;
+{%- endif %}
--- a/angie/conf/http-scgi.conf
+++ b/angie/conf/http-scgi.conf
@@ -0,0 +1 @@
+include conf/scgi/*.conf;
--- a/angie/conf/http-ssl.conf.j2
+++ b/angie/conf/http-ssl.conf.j2
@@ -0,0 +1,25 @@
+include conf/ssl/*.conf;
+
+## lowering from 16k to 4k to improve time-to-first-byte
+ssl_buffer_size  4k;
+
+{%- if env.NGX_HTTP_SSL_PROFILE %}
+include snip/ssl-{{ env.NGX_HTTP_SSL_PROFILE }};
+{%- endif %}
+
+{%- if j2cfg.tls.stapling.enable %}
+ssl_stapling on;
+  {%- if j2cfg.tls.stapling.verify %}
+ssl_stapling_verify on;
+  {%- else %}
+ssl_stapling_verify off;
+  {%- endif %}
+  {%- if j2cfg.tls.stapling.file %}
+ssl_stapling_file {{ j2cfg.tls.stapling.file | ngx_esc }};
+  {%- endif %}
+  {%- if j2cfg.tls.stapling.responder %}
+ssl_stapling_responder {{ j2cfg.tls.stapling.responder | ngx_esc }};
+  {%- endif %}
+{%- else %}
+ssl_stapling off;
+{%- endif %}
--- a/angie/conf/http-uwsgi.conf
+++ b/angie/conf/http-uwsgi.conf
@@ -0,0 +1 @@
+include conf/uwsgi/*.conf;
--- a/angie/conf/http-v2.conf
+++ b/angie/conf/http-v2.conf
@@ -0,0 +1,2 @@
+include conf/http2/*.conf;
+http2 on;
--- a/angie/conf/http-v3.conf
+++ b/angie/conf/http-v3.conf
@@ -0,0 +1,2 @@
+include conf/http3/*.conf;
+http3 on;
--- a/angie/conf/http-zstd-static.conf
+++ b/angie/conf/http-zstd-static.conf
@@ -0,0 +1 @@
+zstd_static on;
--- a/angie/conf/http-zstd.conf
+++ b/angie/conf/http-zstd.conf
@@ -0,0 +1,2 @@
+include conf/zstd/*.conf;
+zstd on;
--- a/angie/conf/http2/param.conf
+++ b/angie/conf/http2/param.conf
@@ -0,0 +1,2 @@
+http2_chunk_size 16k;
+http2_body_preread_size 64k;
--- a/angie/conf/http3/param.conf.j2
+++ b/angie/conf/http3/param.conf.j2
@@ -0,0 +1,9 @@
+http3_max_concurrent_streams 128; #default
+http3_stream_buffer_size 64k; #default
+quic_active_connection_id_limit 3;
+
+{%- if env.NGX_HTTP_PROXY == '1' %}
+proxy_http3_max_concurrent_streams 128; #default
+proxy_http3_stream_buffer_size 64k; #default
+proxy_quic_active_connection_id_limit 3;
+{%- endif %}
--- a/angie/conf/mail-ssl.conf.j2
+++ b/angie/conf/mail-ssl.conf.j2
@@ -0,0 +1,5 @@
+include conf/ssl/*.conf;
+
+{%- if env.NGX_MAIL_SSL_PROFILE %}
+include snip/ssl-{{ env.NGX_MAIL_SSL_PROFILE }};
+{%- endif %}
--- a/angie/conf/njs/path.conf
+++ b/angie/conf/njs/path.conf
@@ -0,0 +1 @@
+js_path site;
--- a/angie/conf/njs/tls-ca-file.conf.in
+++ b/angie/conf/njs/tls-ca-file.conf.in
@@ -0,0 +1 @@
+js_fetch_trusted_certificate ${NGX_SSL_CERT_FILE};
--- a/angie/conf/perl/path.conf
+++ b/angie/conf/perl/path.conf
@@ -0,0 +1 @@
+perl_modules site;
--- a/angie/conf/proxy-http/buffers.conf
+++ b/angie/conf/proxy-http/buffers.conf
@@ -0,0 +1,4 @@
+proxy_buffers           16  16k;
+proxy_buffer_size           16k;
+proxy_busy_buffers_size     32k;
+proxy_temp_file_write_size  32k;
--- a/angie/conf/proxy-http/cache-bypass.conf.j2
+++ b/angie/conf/proxy-http/cache-bypass.conf.j2
@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+proxy_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+proxy_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}
--- a/angie/conf/proxy-http/headers.conf
+++ b/angie/conf/proxy-http/headers.conf
@@ -0,0 +1,2 @@
+include snip/proxy-request-headers;
+include snip/proxy-response-headers;
--- a/angie/conf/proxy-http/temp.conf
+++ b/angie/conf/proxy-http/temp.conf
@@ -0,0 +1 @@
+proxy_temp_path /run/ngx/cache/temp_proxy 2 2;
--- a/angie/conf/proxy-http/version.conf
+++ b/angie/conf/proxy-http/version.conf
@@ -0,0 +1 @@
+proxy_http_version 1.1;
--- a/angie/conf/proxy-stream/.gitkeep
+++ b/angie/conf/proxy-stream/.gitkeep
--- a/angie/conf/proxy/ssl.conf.j2
+++ b/angie/conf/proxy/ssl.conf.j2
@@ -0,0 +1,7 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+proxy_ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
+
+proxy_ssl_trusted_certificate {{ env.NGX_SSL_CERT_FILE }};
+proxy_ssl_verify on;
+proxy_ssl_server_name on;
--- a/angie/conf/scgi/buffers.conf
+++ b/angie/conf/scgi/buffers.conf
@@ -0,0 +1,4 @@
+scgi_buffers           16  16k;
+scgi_buffer_size           16k;
+scgi_busy_buffers_size     32k;
+scgi_temp_file_write_size  32k;
--- a/angie/conf/scgi/cache-bypass.conf.j2
+++ b/angie/conf/scgi/cache-bypass.conf.j2
@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+scgi_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+scgi_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}
--- a/angie/conf/scgi/headers.conf
+++ b/angie/conf/scgi/headers.conf
@@ -0,0 +1,2 @@
+include snip/scgi-request-headers;
+include snip/scgi-response-headers;
--- a/angie/conf/scgi/param.conf
+++ b/angie/conf/scgi/param.conf
@@ -0,0 +1,7 @@
+include snip/scgi_params;
+
+scgi_param  PATH_INFO    $path_info;
+
+scgi_param  AUTH_USER    $remote_user;
+scgi_param  REMOTE_USER  $remote_user;
+scgi_param  HTTP_HOST    $host;
--- a/angie/conf/scgi/temp.conf
+++ b/angie/conf/scgi/temp.conf
@@ -0,0 +1 @@
+scgi_temp_path /run/ngx/cache/temp_scgi 2 2;
--- a/angie/conf/ssl/cmd.conf.j2
+++ b/angie/conf/ssl/cmd.conf.j2
@@ -0,0 +1,3 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
--- a/angie/conf/stream-njs.conf
+++ b/angie/conf/stream-njs.conf
@@ -0,0 +1 @@
+include conf/njs/*.conf;
--- a/angie/conf/stream-proxy.conf
+++ b/angie/conf/stream-proxy.conf
@@ -0,0 +1,2 @@
+include conf/proxy/*.conf;
+include conf/proxy-stream/*.conf;
--- a/angie/conf/stream-ssl.conf.j2
+++ b/angie/conf/stream-ssl.conf.j2
@@ -0,0 +1,5 @@
+include conf/ssl/*.conf;
+
+{%- if env.NGX_STREAM_SSL_PROFILE %}
+include snip/ssl-{{ env.NGX_STREAM_SSL_PROFILE }};
+{%- endif %}
--- a/angie/conf/uwsgi/buffers.conf
+++ b/angie/conf/uwsgi/buffers.conf
@@ -0,0 +1,4 @@
+uwsgi_buffers           16  16k;
+uwsgi_buffer_size           16k;
+uwsgi_busy_buffers_size     32k;
+uwsgi_temp_file_write_size  32k;
--- a/angie/conf/uwsgi/cache-bypass.conf.j2
+++ b/angie/conf/uwsgi/cache-bypass.conf.j2
@@ -0,0 +1,14 @@
+{%- set cache_bypass = j2cfg.cache_bypass or [] -%}
+{%- if cache_bypass -%}
+## disable (response) cache under following conditions
+uwsgi_cache_bypass
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+uwsgi_no_cache
+{%- for v in cache_bypass %}
+    {{ v | ngx_esc }}
+{%- endfor %}
+;
+{%- endif -%}
--- a/angie/conf/uwsgi/headers.conf
+++ b/angie/conf/uwsgi/headers.conf
@@ -0,0 +1,2 @@
+include snip/uwsgi-request-headers;
+include snip/uwsgi-response-headers;
--- a/angie/conf/uwsgi/param.conf
+++ b/angie/conf/uwsgi/param.conf
@@ -0,0 +1,7 @@
+include snip/uwsgi_params;
+
+uwsgi_param  PATH_INFO    $path_info;
+
+uwsgi_param  AUTH_USER    $remote_user;
+uwsgi_param  REMOTE_USER  $remote_user;
+uwsgi_param  HTTP_HOST    $host;
--- a/angie/conf/uwsgi/ssl.conf.j2
+++ b/angie/conf/uwsgi/ssl.conf.j2
@@ -0,0 +1,7 @@
+{%- for k, v in j2cfg.tls.conf_cmd|dictsort %}
+uwsgi_ssl_conf_command  {{ k }}  {{ v | ngx_esc }};
+{%- endfor %}
+
+uwsgi_ssl_trusted_certificate {{ env.NGX_SSL_CERT_FILE }};
+uwsgi_ssl_verify on;
+uwsgi_ssl_server_name on;
--- a/angie/conf/uwsgi/temp.conf
+++ b/angie/conf/uwsgi/temp.conf
@@ -0,0 +1 @@
+uwsgi_temp_path /run/ngx/cache/temp_uwsgi 2 2;
--- a/angie/conf/zstd/buffers.conf
+++ b/angie/conf/zstd/buffers.conf
@@ -0,0 +1,4 @@
+zstd_comp_level  2; # default: 1
+
+zstd_min_length  1024;
+zstd_buffers     32  16k;
--- a/angie/conf/zstd/types.conf.j2
+++ b/angie/conf/zstd/types.conf.j2
@@ -0,0 +1,9 @@
+{%- set mime_types = j2cfg.compress_types or [] -%}
+{%- set mime_types = mime_types | any_to_str_list | uniq_str_list -%}
+{%- if mime_types -%}
+zstd_types
+{%- for t in mime_types %}
+    {{ t }}
+{%- endfor %}
+;
+{%- endif -%}
				`@@ -0,0 +1 @@`
				`fastcgi_temp_path /run/ngx/cache/temp_fastcgi 2 2;`
				`@@ -0,0 +1 @@`
				`js_fetch_trusted_certificate ${NGX_SSL_CERT_FILE};`
				`@@ -0,0 +1 @@`
				`proxy_temp_path /run/ngx/cache/temp_proxy 2 2;`
				`@@ -0,0 +1 @@`
				`scgi_temp_path /run/ngx/cache/temp_scgi 2 2;`
				`@@ -0,0 +1 @@`
				`uwsgi_temp_path /run/ngx/cache/temp_uwsgi 2 2;`