129 lines
3.8 KiB
Plaintext
129 lines
3.8 KiB
Plaintext
# Nginx default.conf
|
|
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_min_length 256;
|
|
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
|
|
|
|
server_tokens off;
|
|
|
|
client_body_buffer_size 200;
|
|
client_max_body_size 200m;
|
|
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
upstream upstream_backend_php {
|
|
server shipping-php:9001;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name my_backend;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
charset utf-8;
|
|
server_tokens off;
|
|
|
|
error_log /var/log/nginx/error.log;
|
|
access_log /var/log/nginx/access.log;
|
|
|
|
# SEO trailing slash problem fix
|
|
# rewrite ^/(.*)/$ /$1 permanent; # remove trailing slash
|
|
# rewrite ^(.*[^/])$ $1/ permanent; # add a trailing slash
|
|
|
|
############################
|
|
# Reference: https://gist.github.com/Ellrion/4eb5df00173f0fb13a76
|
|
############################
|
|
|
|
location ~* \.(jpg|jpeg|png|gif|svg|webp|html|txt|json|ico|css|js)$ {
|
|
expires 1d;
|
|
add_header Cache-Control public;
|
|
access_log off;
|
|
|
|
try_files $uri $uri/ @octane;
|
|
}
|
|
|
|
location ~ /\.(?!well-known).* {
|
|
deny all;
|
|
}
|
|
|
|
# /etc/nginx/global/php-restrictions.conf
|
|
# Don't throw any errors for missing favicons and don't display them in the logs
|
|
location = /favicon.ico { log_not_found off; access_log off; try_files $uri $uri/ @octane;}
|
|
|
|
# Don't log missing robots or show them in the nginx logs
|
|
location = /robots.txt { allow all; log_not_found off; access_log off; try_files $uri $uri/ @octane;}
|
|
|
|
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
|
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
|
|
location ~ /\. {
|
|
deny all;
|
|
}
|
|
|
|
# Deny access to any files with a .php extension in the uploads directory
|
|
# Works in sub-directory installs and also in multisite network
|
|
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
|
|
location ~* /(?:uploads|files)/.*\.php$ {
|
|
deny all;
|
|
}
|
|
|
|
############################
|
|
# Customize
|
|
############################
|
|
location /index.php {
|
|
try_files /not_exists @octane;
|
|
}
|
|
|
|
location / {
|
|
if ($request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|DELETE)$) {
|
|
return 405;
|
|
}
|
|
|
|
try_files $uri $uri/ @octane;
|
|
}
|
|
|
|
location @octane {
|
|
set $suffix "";
|
|
|
|
if ($uri = /index.php) {
|
|
set $suffix ?$query_string;
|
|
}
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Http_Host $http_host;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Scheme $scheme;
|
|
proxy_set_header SERVER_PORT $server_port;
|
|
proxy_set_header REMOTE_ADDR $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_set_header X-CSRF-TOKEN $http_x_csrf_token;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
# Add timeout settings
|
|
proxy_read_timeout 300s; # Increase read timeout
|
|
proxy_send_timeout 300s; # Increase send timeout
|
|
proxy_connect_timeout 300s; # Increase connect timeout
|
|
send_timeout 300s; # Increase overall send timeout
|
|
|
|
proxy_pass http://upstream_backend_php$suffix;
|
|
}
|
|
} |