nginx.conf.j2

worker_processes  auto;

load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
{% for module in nginx_extra_modules %}
{% if module.so_name is not defined %}
load_module /usr/lib/nginx/modules/ngx_http_{{ module.name }}_module.so;
{% else %}
load_module /usr/lib/nginx/modules/{{ module.so_name | replace('-', '_') }};
{% endif %}
{% endfor %}
include toplevel-snippets/*.conf;

events {
    worker_connections 2048;
}

worker_rlimit_nofile 2048;

error_log syslog:server=unix:/dev/log,nohostname info;

http {
    include mime.types;
    default_type application/octet-stream;
    types_hash_max_size 4096;

    log_format main
        '$remote_addr $host $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for" $request_time '
        '$server_protocol $ssl_protocol $ssl_cipher '
        '$upstream_cache_status';

    log_format reduced
        '$host [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" $server_protocol $ssl_protocol '
        '$ssl_cipher $upstream_cache_status';

    log_format json_main escape=json
        '{'
        '"remote_addr":"$remote_addr",'
        '"host":"$host",'
        '"remote_user":"$remote_user",'
        '"time_local":"$time_local",'
        '"request_method":"$request_method",'
        '"request_uri":"$request_uri",'
        '"status": "$status",'
        '"body_bytes_sent":"$body_bytes_sent",'
        '"http_referrer":"$http_referer",'
        '"http_user_agent":"$http_user_agent",'
        '"http_x_forwarded_for":"$http_x_forwarded_for",'
        '"request_time":"$request_time",'
        '"server_protocol":"$server_protocol",'
        '"ssl_protocol":"$ssl_protocol",'
        '"ssl_cipher":"$ssl_cipher",'
        '"upstream_cache_status":"$upstream_cache_status",'
        # This was added to keep every log line unique as Loki drops
        # log line with the same timestamp and log text:
        # https://grafana.com/docs/loki/latest/overview/#timestamp-ordering
        '"connection":"$connection",'
        '"connection_requests":"$connection_requests"'
        '}';

    log_format json_reduced escape=json
        '{'
        '"host":"$host",'
        '"time_local":"$time_local",'
        '"request_method":"$request_method",'
        '"request_uri":"$request_uri",'
        '"status": "$status",'
        '"body_bytes_sent":"$body_bytes_sent",'
        '"http_referrer":"$http_referer",'
        '"http_user_agent":"$http_user_agent",'
        '"server_protocol":"$server_protocol",'
        '"ssl_protocol":"$ssl_protocol",'
        '"ssl_cipher":"$ssl_cipher",'
        '"upstream_cache_status":"$upstream_cache_status",'
        # This was added to keep every log line unique as Loki drops
        # log line with the same timestamp and log text:
        # https://grafana.com/docs/loki/latest/overview/#timestamp-ordering
        '"connection":"$connection",'
        '"connection_requests":"$connection_requests"'
        '}';

    sendfile on;
    keepalive_timeout 65;
    client_max_body_size 16M;

    gzip on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    brotli on;
    brotli_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    server_tokens off;

    index index.php index.html index.htm;

    access_log syslog:server=unix:/dev/log,nohostname,tag=nginx_http main;

    include snippets/sslsettings.conf;
    include snippets/headers.conf;

    include nginx.d/*.conf;
}