t0is/transcriptor-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d9ce0f5387
transcriptor-web/docker/nginx/default.conf
t0is d9ce0f5387 fix
2025-04-25 10:12:25 +02:00

130 lines
3.8 KiB
Plaintext
Raw Blame History

# Nginx default.conf
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
server_tokens off;
client_body_buffer_size 200;
client_max_body_size 200m;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream upstream_backend_php {
server transcriptor-web-php:9001;
}
server {
listen 80;
listen [::]:80;
server_name my_backend;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm;
charset utf-8;
server_tokens off;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
# SEO trailing slash problem fix
# rewrite ^/(.*)/$ /$1 permanent; # remove trailing slash
# rewrite ^(.*[^/])$ $1/ permanent; # add a trailing slash
############################
# Reference: https://gist.github.com/Ellrion/4eb5df00173f0fb13a76
############################
location ~* \.(jpg|jpeg|png|gif|svg|webp|html|txt|json|ico|css|js)$ {
expires 1d;
add_header Cache-Control public;
access_log off;
try_files $uri $uri/ @octane;
}
location ~ /\.(?!well-known).* {
deny all;
}
# /etc/nginx/global/php-restrictions.conf
# Don't throw any errors for missing favicons and don't display them in the logs
location = /favicon.ico { log_not_found off; access_log off; try_files $uri $uri/ @octane;}
# Don't log missing robots or show them in the nginx logs
location = /robots.txt { allow all; log_not_found off; access_log off; try_files $uri $uri/ @octane;}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
############################
# Customize
############################
location /index.php {
try_files /not_exists @octane;
}
location / {
if ($request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|DELETE)$) {
return 405;
}
try_files $uri $uri/ @octane;
}
location @octane {
set $suffix "";
if ($uri = /index.php) {
set $suffix ?$query_string;
}
proxy_http_version 1.1;
proxy_set_header Http_Host $http_host;
proxy_set_header Host $host;
proxy_set_header Scheme $scheme;
proxy_set_header SERVER_PORT $server_port;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-CSRF-TOKEN $http_x_csrf_token;
proxy_set_header X-Real-IP $remote_addr;
# Add timeout settings
proxy_read_timeout 300s; # Increase read timeout
proxy_send_timeout 300s; # Increase send timeout
proxy_connect_timeout 300s; # Increase connect timeout
send_timeout 300s; # Increase overall send timeout
proxy_pass http://upstream_backend_php$suffix;
}
}
Reference in New Issue View Git Blame Copy Permalink