# Nginx default.conf

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

server_tokens off;

client_body_buffer_size 200;
client_max_body_size 200m;

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

upstream upstream_backend_php {
    server shipping-php:9001;
}

server {
    listen 80;
    listen [::]:80;
    server_name my_backend;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php index.html index.htm;

    charset utf-8;
    server_tokens off;

    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;

    # SEO trailing slash problem fix
    # rewrite ^/(.*)/$ /$1 permanent; # remove trailing slash
    # rewrite ^(.*[^/])$ $1/ permanent; # add a trailing slash

    ############################
    # Reference: https://gist.github.com/Ellrion/4eb5df00173f0fb13a76
    ############################

    location ~* \.(jpg|jpeg|png|gif|svg|webp|html|txt|json|ico|css|js)$ {
        expires 1d;
        add_header Cache-Control public;
        access_log off;

        try_files $uri $uri/ @octane;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }

    # /etc/nginx/global/php-restrictions.conf
    # Don't throw any errors for missing favicons and don't display them in the logs
    location = /favicon.ico { log_not_found off; access_log off; try_files $uri $uri/ @octane;}

    # Don't log missing robots or show them in the nginx logs
    location = /robots.txt { allow all; log_not_found off; access_log off; try_files $uri $uri/ @octane;}

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~ /\. {
        deny all;
    }

    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }

    ############################
    # Customize
    ############################
    location /index.php {
        try_files /not_exists @octane;
    }

    location / {
        if ($request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|DELETE)$) {
            return 405;
        }

        try_files $uri $uri/ @octane;
    }

    location @octane {
        set $suffix "";

        if ($uri = /index.php) {
            set $suffix ?$query_string;
        }

        proxy_http_version 1.1;
        proxy_set_header Http_Host $http_host;
        proxy_set_header Host $host;
        proxy_set_header Scheme $scheme;
        proxy_set_header SERVER_PORT $server_port;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-CSRF-TOKEN $http_x_csrf_token;
        proxy_set_header X-Real-IP $remote_addr;

        # Add timeout settings
        proxy_read_timeout 300s;    # Increase read timeout
        proxy_send_timeout 300s;   # Increase send timeout
        proxy_connect_timeout 300s; # Increase connect timeout
        send_timeout 300s;         # Increase overall send timeout

        proxy_pass http://upstream_backend_php$suffix;
    }
}