sp-containers/files/common/nginx/conf.d/app.conf.gotmpl

upstream backend {
    server {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_SERVER" "unix:/tmp/php-fpm.sock" }};
    keepalive {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE" "40" }};
    # Must be less than php-fpm.conf:pm.max_requests
    keepalive_requests {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_REQUESTS" "250" }};
    keepalive_timeout {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_TIMEOUT" "10" }};
}

server {
    listen {{ env.Getenv "NGINX_APP_SERVER_LISTEN" "8080" }} default_server;

    server_name {{ env.Getenv "NGINX_APP_SERVER_NAME" "_" }};
    set $base /app;
    root $base{{ env.Getenv "NGINX_APP_ROOT" "/public"}};

    # deny all dot files except .well-known
    location ~ /\.(?!well-known) {
        deny all;
    }

    # index.php
    index index.php;


    # index.php fallback
    location / {
        # try to serve file directly, fallback to index.php
        try_files $uri {{ env.Getenv "NGINX_APP_PHP_INDEX" "/index.php"}}$is_args$args;
    }

    # Disable falling back to PHP script for the asset directories;
    location ~ ^/({{ env.Getenv "NGINX_APP_ASSETS_DIRECTORIES" "public|bundles|web"}})/ {
        try_files $uri =404;
    }

    # handle non-files
    location ~ {{ env.Getenv "NGINX_APP_PHP_NON_FILE_PATTERN" "^/index\\.php(/|$)" }} {
        # default fastcgi_params
        include fastcgi_params;

        # fastcgi settings
        fastcgi_pass backend;
        fastcgi_index index.php;
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;

        # fastcgi params
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
        fastcgi_param PHP_ADMIN_VALUE	"open_basedir=none";

        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/index.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    location ~ \.php$ {
        return 404;
    }

    # favicon.ico
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # robots.txt
    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    # assets, media
    location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
        expires 7d;
        access_log off;
    }

    # svg, fonts
    location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
        add_header Access-Control-Allow-Origin "*";
        expires 7d;
        access_log off;
    }
}
feat(init): first commit 2023-06-05 15:24:42 +02:00			`upstream backend {`
			`server {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_SERVER" "unix:/tmp/php-fpm.sock" }};`
			`keepalive {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE" "40" }};`
			`# Must be less than php-fpm.conf:pm.max_requests`
			`keepalive_requests {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_REQUESTS" "250" }};`
			`keepalive_timeout {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_TIMEOUT" "10" }};`
			`}`

			`server {`
			`listen {{ env.Getenv "NGINX_APP_SERVER_LISTEN" "8080" }} default_server;`

			`server_name {{ env.Getenv "NGINX_APP_SERVER_NAME" "_" }};`
			`set $base /app;`
			`root $base{{ env.Getenv "NGINX_APP_ROOT" "/public"}};`

			`# deny all dot files except .well-known`
			`location ~ /\.(?!well-known) {`
			`deny all;`
			`}`

			`# index.php`
			`index index.php;`


			`# index.php fallback`
			`location / {`
			`# try to serve file directly, fallback to index.php`
			`try_files $uri {{ env.Getenv "NGINX_APP_PHP_INDEX" "/index.php"}}$is_args$args;`
			`}`

			`# Disable falling back to PHP script for the asset directories;`
			`location ~ ^/({{ env.Getenv "NGINX_APP_ASSETS_DIRECTORIES" "public\|bundles\|web"}})/ {`
			`try_files $uri =404;`
			`}`

			`# handle non-files`
			`location ~ {{ env.Getenv "NGINX_APP_PHP_NON_FILE_PATTERN" "^/index\\.php(/\|$)" }} {`
			`# default fastcgi_params`
			`include fastcgi_params;`

			`# fastcgi settings`
			`fastcgi_pass backend;`
			`fastcgi_index index.php;`
			`fastcgi_buffers 8 16k;`
			`fastcgi_buffer_size 32k;`
			`fastcgi_split_path_info ^(.+\.php)(/.*)$;`

			`# fastcgi params`
			`fastcgi_param DOCUMENT_ROOT $realpath_root;`
			`fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;`
			`fastcgi_param PHP_ADMIN_VALUE "open_basedir=none";`

			`# Prevents URIs that include the front controller. This will 404:`
			`# http://domain.tld/index.php/some-path`
			`# Remove the internal directive to allow URIs like this`
			`internal;`
			`}`

			`# return 404 for all other php files not matching the front controller`
			`# this prevents access to other php files you don't want to be accessible.`
			`location ~ \.php$ {`
			`return 404;`
			`}`

			`# favicon.ico`
			`location = /favicon.ico {`
			`log_not_found off;`
			`access_log off;`
			`}`

			`# robots.txt`
			`location = /robots.txt {`
			`log_not_found off;`
			`access_log off;`
			`}`

			`# assets, media`
			`location ~* \.(?:css(\.map)?\|js(\.map)?\|jpe?g\|png\|gif\|ico\|cur\|heic\|webp\|tiff?\|mp3\|m4a\|aac\|ogg\|midi?\|wav\|mp4\|mov\|webm\|mpe?g\|avi\|ogv\|flv\|wmv)$ {`
			`expires 7d;`
			`access_log off;`
			`}`

			`# svg, fonts`
			`location ~* \.(?:svgz?\|ttf\|ttc\|otf\|eot\|woff2?)$ {`
			`add_header Access-Control-Allow-Origin "*";`
			`expires 7d;`
			`access_log off;`
			`}`
			`}`