← Back to index

opnsense_nginx_http_server (Resource)

Manage an OPNsense Nginx HTTP server.

Example Usage

resource "opnsense_nginx_location" "app" {
  description = "tf-example-location"
  url_pattern = "/app"
  match_type  = "="
}

resource "opnsense_nginx_http_server" "example" {
  server_name          = "tf-http-server"
  listen_http_address  = "0.0.0.0:8080"
  default_server       = true
  https_only           = false
  enable_acme_support  = false
  log_handshakes       = false
  tls_reject_handshake = false
  locations            = [opnsense_nginx_location.app.id]
  tls_protocols        = ["TLSv1.2", "TLSv1.3"]
}

Schema

Required

  • server_name (String) Server name identifier.

Optional

  • access_log_format (String) Access log format identifier.
  • advanced_acl_server (String) Advanced ACL server option.
  • block_nonpublic_data (Boolean) Block non-public data.
  • body_buffer_size (String) Buffer size for request bodies.
  • ca (String) Certificate Authority UUID used for client verification.
  • certificate (String) Certificate UUID used for TLS.
  • charset (String) Character set used for responses.
  • client_header_buffer_size (String) Size of the client header buffer.
  • default_server (Boolean) Mark this server as the default virtual host.
  • disable_bot_protection (Boolean) Disable bot protection.
  • disable_gzip (Boolean) Disable gzip compression.
  • enable_acme_support (Boolean) Enable ACME challenge support on this server.
  • error_log_level (String) Error log verbosity level.
  • error_pages (Set of String) Custom error pages.
  • https_only (Boolean) Redirect HTTP requests to HTTPS.
  • ip_acl (String) IP ACL applied to the server.
  • large_client_header_buffers_number (String) Number of large client header buffers.
  • large_client_header_buffers_size (String) Size of large client header buffers.
  • limit_request_connections (Set of String) Limit request connection identifiers applied to the server.
  • listen_http_address (String) Address (including port) for HTTP listeners.
  • listen_https_address (String) Address (including port) for HTTPS listeners.
  • locations (Set of String) Location UUIDs served by this HTTP server.
  • log_handshakes (Boolean) Log TLS handshakes.
  • max_body_size (String) Maximum request body size (e.g. 10m).
  • naxsi_extensive_log (Boolean) Enable extensive NAXSI logging.
  • naxsi_whitelist_src_ip (Set of String) NAXSI whitelist source IPs.
  • ocsp_stapling (Boolean) Enable OCSP stapling.
  • ocsp_verify (Boolean) Verify OCSP responses.
  • proxy_protocol (Boolean) Enable proxy protocol handling.
  • real_ip_source (String) Source to retrieve the real client IP.
  • resolver (String) Resolver configuration identifier.
  • rewrites (Set of String) Rewrite rules applied before locations are evaluated.
  • root (String) Root directory served by this HTTP server.
  • satisfy (String) Access satisfy directive.
  • security_header (String) Security header policy.
  • sendfile (Boolean) Enable sendfile support.
  • syslog_targets (Set of String) Syslog targets associated with the server.
  • tls_ciphers (String) TLS cipher string.
  • tls_ecdh_curve (String) Elliptic curves used for TLS.
  • tls_prefer_server_ciphers (Boolean) Prefer server ciphers over client selection.
  • tls_protocols (Set of String) TLS protocols allowed for this server.
  • tls_reject_handshake (Boolean) Reject TLS handshakes for this server.
  • trusted_proxies (Set of String) Trusted proxy addresses.
  • trusted_proxies_alias (String) Alias containing trusted proxy addresses.
  • verify_client (String) Client verification mode.
  • zero_rtt (Boolean) Enable TLS 0-RTT.

Read-Only

  • id (String) The ID of this resource.