load_module /usr/local/libexec/nginx/ngx_stream_module.so;load_module /usr/local/libexec/nginx/ngx_http_naxsi_module.so;load_module /usr/local/libexec/nginx/ngx_mail_module.so;load_module /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so;load_module /usr/local/libexec/nginx/ngx_http_brotli_static_module.so;load_module /usr/local/libexec/nginx/ngx_http_js_module.so;user www staff;worker_processes 1;error_log /var/log/nginx/error.log;events { worker_connections 1024;}http {include mime.types;log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '"$host" sn="$server_name" ' 'rt=$request_time ' 'ua="$upstream_addr" us="$upstream_status" ' 'ut="$upstream_response_time" ul="$upstream_response_length" ' 'cs=$upstream_cache_status';log_format handshake '"$http_user_agent" "$ssl_ciphers" "$ssl_curves"';log_format anonymized ':: - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';#tcp_nopush on;# https intercept detectionjs_import /usr/local/opnsense/scripts/nginx/ngx_functions.js;js_set $tls_intercepted ngx_functions.check_intercept;# 200M should be big enough for file servers etc.client_max_body_size 200M;brotli_static on;brotli on;gzip_static on;gzip on;server_tokens off;sendfile Off;default_type application/octet-stream;keepalive_timeout 60;map $http_upgrade $connection_upgrade { default upgrade; '' close;}# TODO add when core is ready for allowing nginx to serve the web interface# include nginx_web.conf;# UPSTREAM SERVERSinclude opnsense_http_vhost_plugins/*.conf;}stream { # LOG FORMATS log_format main '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time'; log_format anonymized ':: [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time'; # UPSTREAM SERVERS upstream upstream15ad4a8a20f14c19a47af261eaa5249e { server 192.168.5.1:53 weight=5; } upstream upstream7f19e5deb72b4c318458205c45343b52 { server 192.168.5.1:8053 weight=5; } # upstream maps include opnsense_stream_vhost_plugins/*.conf; # servers server { listen 127.0.0.1:8054 proxy_protocol; access_log /var/log/nginx/stream_7e5528ea-bfe6-46f5-be19-3e967da85398.access.log main; error_log /var/log/nginx/stream_7e5528ea-bfe6-46f5-be19-3e967da85398.error.log info; include 7e5528ea-bfe6-46f5-be19-3e967da85398_pre/*.conf; proxy_ssl off; proxy_pass upstream15ad4a8a20f14c19a47af261eaa5249e; proxy_protocol on; include 7e5528ea-bfe6-46f5-be19-3e967da85398_post/*.conf; }}# mail {# }