143 lines
4.7 KiB
Plaintext
143 lines
4.7 KiB
Plaintext
# ddev GravCMS config
|
|
|
|
# You can override ddev's configuration by placing an edited copy
|
|
# of this config (or one of the other ones) in .ddev/nginx-site.conf
|
|
# See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#providing-custom-nginx-configuration
|
|
|
|
# Set https to 'on' if x-forwarded-proto is https
|
|
map $http_x_forwarded_proto $fcgi_https {
|
|
default off;
|
|
https on;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80 default ipv6only=on;
|
|
|
|
# The WEBSERVER_DOCROOT variable is substituted with
|
|
# its value when the container is started.
|
|
root $WEBSERVER_DOCROOT;
|
|
|
|
include /etc/nginx/monitoring.conf;
|
|
|
|
|
|
index index.php index.htm index.html;
|
|
|
|
# Make site accessible from http://localhost/
|
|
server_name _;
|
|
|
|
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
|
|
sendfile off;
|
|
error_log /dev/stdout info;
|
|
access_log /var/log/nginx/access.log;
|
|
|
|
## Begin - Index
|
|
# for subfolders, simply adjust:
|
|
# `location /subfolder {`
|
|
# and the rewrite to use `/subfolder/index.php`
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
## End - Index
|
|
|
|
|
|
# pass the PHP scripts to FastCGI server listening on socket
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/run/php-fpm.sock;
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_intercept_errors off;
|
|
# fastcgi_read_timeout should match max_execution_time in php.ini
|
|
fastcgi_read_timeout 10m;
|
|
fastcgi_param SERVER_NAME $host;
|
|
fastcgi_param HTTPS $fcgi_https;
|
|
}
|
|
|
|
## Begin - Security
|
|
# deny all direct access for these folders
|
|
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
|
|
# deny running scripts inside core system folders
|
|
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
# deny running scripts inside user folder
|
|
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
# deny access to specific files in the root folder
|
|
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
|
|
## End - Security
|
|
|
|
include /mnt/ddev_config/nginx/*.conf;
|
|
}
|
|
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 default ipv6only=on;
|
|
|
|
# The WEBSERVER_DOCROOT variable is substituted with
|
|
# its value when the container is started.
|
|
root $WEBSERVER_DOCROOT;
|
|
|
|
ssl_certificate /etc/ssl/certs/master.crt;
|
|
ssl_certificate_key /etc/ssl/certs/master.key;
|
|
|
|
include /etc/nginx/monitoring.conf;
|
|
|
|
|
|
index index.php index.htm index.html;
|
|
|
|
# Make site accessible from http://localhost/
|
|
server_name _;
|
|
|
|
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
|
|
sendfile off;
|
|
error_log /dev/stdout info;
|
|
access_log /var/log/nginx/access.log;
|
|
|
|
## Begin - Index
|
|
# for subfolders, simply adjust:
|
|
# `location /subfolder {`
|
|
# and the rewrite to use `/subfolder/index.php`
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
## End - Index
|
|
|
|
|
|
# pass the PHP scripts to FastCGI server listening on socket
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/run/php-fpm.sock;
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_intercept_errors off;
|
|
# fastcgi_read_timeout should match max_execution_time in php.ini
|
|
fastcgi_read_timeout 10m;
|
|
fastcgi_param SERVER_NAME $host;
|
|
fastcgi_param HTTPS $fcgi_https;
|
|
}
|
|
|
|
## Begin - Security
|
|
# deny all direct access for these folders
|
|
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
|
|
# deny running scripts inside core system folders
|
|
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
# deny running scripts inside user folder
|
|
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
# deny access to specific files in the root folder
|
|
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
|
|
## End - Security
|
|
|
|
|
|
include /mnt/ddev_config/nginx/*.conf;
|
|
}
|