pub const DEFAULT_CONFIG_TEMPLATE: &str = r#"# nginx-lint configuration file
# This file was generated by `nginx-lint config init`
# See https://github.com/walf443/nginx-lint for more documentation
# Color output settings
[color]
# Color mode: "auto", "always", or "never"
ui = "auto"
# Severity colors (available: black, red, green, yellow, blue, magenta, cyan, white,
# bright_black, bright_red, bright_green, bright_yellow, bright_blue,
# bright_magenta, bright_cyan, bright_white)
error = "red"
warning = "yellow"
# =============================================================================
# Include Resolution Settings
# =============================================================================
[include]
# Base directory for resolving relative include paths (similar to nginx -p prefix).
# When set, all relative include paths are resolved from this directory
# instead of the directory containing the config file with the include directive.
# prefix = "/etc/nginx"
# Path mappings applied to include patterns before resolving them.
# Mappings are applied in declaration order, each receiving the output of the
# previous one (chained). Useful when the config references a directory that
# differs from where the actual files live (e.g. sites-enabled → sites-available).
#
# Example (for Debian nginx package):
# [[include.path_map]]
# from = "/etc/nginx/"
# to = ""
#
# [[include.path_map]]
# from = "sites-enabled"
# to = "sites-available"
#
# [[include.path_map]]
# from = "modules-enabled"
# to = "modules-available"
# =============================================================================
# Style Rules
# =============================================================================
[rules.indent]
enabled = true
# Indentation size: number or "auto" for auto-detection (default: "auto")
# indent_size = 4
indent_size = "auto"
[rules.trailing-whitespace]
enabled = true
[rules.space-before-semicolon]
enabled = true
[rules.block-lines]
enabled = true
# Maximum number of lines allowed in a block (default: 100)
# max_block_lines = 100
# =============================================================================
# Syntax Rules
# =============================================================================
[rules.duplicate-directive]
enabled = true
[rules.unmatched-braces]
enabled = true
[rules.unclosed-quote]
enabled = true
[rules.missing-semicolon]
enabled = true
[rules.invalid-directive-context]
enabled = true
# Additional valid parent contexts for directives (for extension modules like nginx-rtmp-module)
# Example for nginx-rtmp-module:
# additional_contexts = { server = ["rtmp"], upstream = ["rtmp"] }
[rules.include-path-exists]
enabled = true
# =============================================================================
# Security Rules
# =============================================================================
[rules.deprecated-ssl-protocol]
enabled = true
# Allowed protocols for auto-fix (default: ["TLSv1.2", "TLSv1.3"])
allowed_protocols = ["TLSv1.2", "TLSv1.3"]
[rules.server-tokens-enabled]
enabled = true
[rules.autoindex-enabled]
enabled = true
[rules.weak-ssl-ciphers]
enabled = true
# Weak cipher patterns to detect
weak_ciphers = [
"NULL",
"EXPORT",
"DES",
"RC4",
"MD5",
"aNULL",
"eNULL",
"ADH",
"AECDH",
"PSK",
"SRP",
"CAMELLIA",
]
# Required exclusion patterns
required_exclusions = ["!aNULL", "!eNULL", "!EXPORT", "!DES", "!RC4", "!MD5"]
# =============================================================================
# Best Practices
# =============================================================================
[rules.gzip-not-enabled]
# Disabled by default: gzip is not always appropriate (CDN, CPU constraints, BREACH attack)
enabled = false
[rules.missing-error-log]
# Disabled by default: error_log is typically set at top level in main config
enabled = false
[rules.proxy-pass-domain]
enabled = true
[rules.upstream-server-no-resolve]
enabled = true
[rules.directive-inheritance]
enabled = true
# Exclude specific directives from checking
# excluded_directives = ["grpc_set_header", "uwsgi_param"]
# Add custom directives to check (name is required, case_insensitive and multi_key default to false)
# additional_directives = [
# { name = "proxy_set_cookie", case_insensitive = true },
# ]
[rules.root-in-location]
enabled = true
[rules.alias-location-slash-mismatch]
enabled = true
[rules.proxy-pass-with-uri]
enabled = true
[rules.proxy-keepalive]
enabled = true
[rules.try-files-with-proxy]
enabled = true
[rules.if-is-evil-in-location]
enabled = true
# =============================================================================
# Parser Settings
# =============================================================================
[parser]
# Additional block directives for extension modules
# These are added to the built-in list (http, server, location, etc.)
# Example for nginx-rtmp-module:
# block_directives = ["rtmp", "application"]
"#;Expand description
Default configuration template for nginx-lint