nginx-proxy-manager/rootfs/usr/local/nginx/conf/nginx.conf

user root;
daemon off;
pcre_jit on;
error_log stderr warn;
worker_processes auto;
worker_cpu_affinity auto;

# Custom
include /data/nginx/custom/root.conf;

events {
    # Custom
    include /data/nginx/custom/events.conf;
}

http {
    log_format log '[$time_local] $host $remote_addr $request_time "$request" $status $body_bytes_sent $bytes_sent $http_referer $http_user_agent';
    access_log off; # http
    log_not_found off;

    include mime.types;
    default_type text/plain;
    lua_package_path "/usr/local/nginx/lib/lua/?.lua;;";

    server_tokens off;
    more_clear_headers "Server";
    more_clear_headers "X-Powered-By";
    more_clear_headers "X-Page-Speed";
    more_clear_headers "X-Varnish";

    aio threads;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    client_max_body_size 0;
    client_body_buffer_size 512k;

    gzip on;
    gzip_vary on;
    gzip_types *;
    gzip_proxied any;
    gzip_comp_level 1;
    gunzip on;
    gzip_static on;

    proxy_buffering on;
    proxy_buffer_size 16k;
    proxy_busy_buffers_size 24k;
    proxy_buffers 64 4k;

    http2 on;
    http3 on;
    quic_gso on;
    quic_retry on;
    ssl_dyn_rec_enable on;

    resolver local=on valid=10s ipv6=on;
    fastcgi_index index.php;
    index index.php index.html;

    error_page 404 =307 $scheme://$host:$server_port;
    error_page 497 =301 https://$host:$server_port$request_uri;

    proxy_read_timeout 86400s;
    proxy_headers_hash_max_size 1024;
    proxy_headers_hash_bucket_size 128;

    map $upstream_http_content_security_policy $content_security_policy {
        default $upstream_http_content_security_policy;
        '' "upgrade-insecure-requests";
    }

    map $scheme $hsts_header {
        https "max-age=63072000; includeSubDomains; preload";
    }

    # Websocket
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    map $http_upgrade $goaccess {
        default "web";
        websocket "socket";
    }

    upstream php81 {
        server unix:/run/php81.sock;
    }

    upstream php82 {
        server unix:/run/php82.sock;
    }

    upstream php83 {
        server unix:/run/php83.sock;
    }

    # Fancy Index
    fancyindex on;
    fancyindex_localtime on;
    fancyindex_show_path on;
    fancyindex_exact_size off;
    fancyindex_default_sort name;
    fancyindex_show_dotfiles off;
    fancyindex_hide_symlinks off;
    fancyindex_hide_parent_dir off;
    fancyindex_directories_first on;
    fancyindex_time_format "%d-%m-%Y %T";
    fancyindex_ignore "nft";
    fancyindex_header "/nftd/header.html";
    fancyindex_footer "/nftd/footer.html";

    # Real IP Determination
    real_ip_recursive on;
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.16.0.0/12;
    set_real_ip_from 192.168.0.0/16;
    set_real_ip_from 169.254.0.0/16;
    set_real_ip_from fc00::/7;
    set_real_ip_from fec0::/10;

    include fastcgi.conf;

    include /data/nginx/ip_ranges.conf;

    include /data/nginx/default.conf;
    include conf.d/*.conf;

    # Custom
    include /data/nginx/custom/http_top.conf;

    # Files generated by NPM
    include /data/nginx/proxy_host/*.conf;
    include /data/nginx/redirection_host/*.conf;
    include /data/nginx/dead_host/*.conf;

    # Custom
    include /data/nginx/custom/http.conf;
}

stream {
    log_format proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
    access_log off; # stream
    resolver local=on valid=10s ipv6=on;

    # Custom
    include /data/nginx/custom/stream_top.conf;

    # Files generated by NPM
    include /data/nginx/stream/*.conf;

    # Custom
    include /data/nginx/custom/stream.conf;
}