CadolesKube/sp-containers
15
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

feat(init): first commit

Browse Source
This commit is contained in:
Philippe Caseiro
2023-06-05 15:24:42 +02:00
parent 1ee84e57a5
commit b13a5e892f
37 changed files with 926 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
files/common/nginx/conf.d/app.conf.gotmpl Normal file
View File

@ -0,0 +1,89 @@
upstream backend {
server {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_SERVER" "unix:/tmp/php-fpm.sock" }};
keepalive {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE" "40" }};
# Must be less than php-fpm.conf:pm.max_requests
keepalive_requests {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_REQUESTS" "250" }};
keepalive_timeout {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_TIMEOUT" "10" }};
}
server {
listen {{ env.Getenv "NGINX_APP_SERVER_LISTEN" "8080" }} default_server;
server_name {{ env.Getenv "NGINX_APP_SERVER_NAME" "_" }};
set $base /app;
root $base{{ env.Getenv "NGINX_APP_ROOT" "/public"}};
# deny all dot files except .well-known
location ~ /\.(?!well-known) {
deny all;
}
# index.php
index index.php;
# index.php fallback
location / {
# try to serve file directly, fallback to index.php
try_files $uri {{ env.Getenv "NGINX_APP_PHP_INDEX" "/index.php"}}$is_args$args;
}
# Disable falling back to PHP script for the asset directories;
location ~ ^/({{ env.Getenv "NGINX_APP_ASSETS_DIRECTORIES" "public|bundles|web"}})/ {
try_files $uri =404;
}
# handle non-files
location ~ {{ env.Getenv "NGINX_APP_PHP_NON_FILE_PATTERN" "^/index\\.php(/|$)" }} {
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=none";
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
access_log off;
}
}

10
files/common/nginx/conf.d/compression.conf.gotmpl Normal file
View File

@ -0,0 +1,10 @@
# Compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 32 16k;
gzip_http_version 1.1;
gzip_min_length 250;
gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;

9
files/common/nginx/conf.d/healthcheck.conf.gotmpl Normal file
View File

@ -0,0 +1,9 @@
server {
listen 8090;
location /healthcheck {
stub_status;
access_log off;
allow 127.0.0.1;
deny all;
}
}

3
files/common/nginx/conf.d/log.conf.gotmpl Normal file
View File

@ -0,0 +1,3 @@
# logging
access_log /dev/stdout;
error_log stderr {{ env.Getenv "NGINX_ERROR_LOG_LEVEL" "warn" }};

3
files/common/nginx/conf.d/mime.conf.gotmpl Normal file
View File

@ -0,0 +1,3 @@
# MIME
include mime.types;
default_type application/octet-stream;

6
files/common/nginx/conf.d/non-root.conf.gotmpl Normal file
View File

@ -0,0 +1,6 @@
# Non Root Temp Paths
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;

4
files/common/nginx/conf.d/x-forward.conf.gotmpl Normal file
View File

@ -0,0 +1,4 @@
# Replace loadbalancer IP(real-ip) with actual client IP.
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

50
files/common/nginx/nginx.conf.gotmpl Normal file
View File

@ -0,0 +1,50 @@
# user www-data;
pid /tmp/nginx.pid;
worker_processes auto;
daemon off;
events {
worker_connections {{ env.Getenv "NGINX_EVENTS_WORKER_CONNECTIONS" "1024" }};
}
http {
charset {{ env.Getenv "NGINX_CHARSET" "utf-8" }};
# copies data between one FD and other from within the kernel
# faster than read() + write()
sendfile {{ env.Getenv "NGINX_SENDFILE" "on" }};
# send headers in one piece, it is better than sending them one by one
tcp_nopush {{ env.Getenv "NGINX_TCP_NOPUSH" "on" }};
# don't buffer data sent, good for small data bursts in real time
tcp_nodelay {{ env.Getenv "NGINX_TCP_NODELAY" "on" }};
# allow the server to close connection on non responding client, this will free up memory
reset_timedout_connection {{ env.Getenv "NGINX_RESET_TIMEDOUT_CONNECTION" "on" }};
# hide server info for security
server_tokens {{ env.Getenv "NGINX_SERVER_TOKENS" "off" }};
log_not_found {{ env.Getenv "NGINX_LOG_NOT_FOUND" "off" }};
types_hash_max_size 2048;
# if the request body size is more than the buffer size, then the entire (or partial)
# request body is written into a temporary file
client_body_buffer_size 128k;
# maximum body size
client_max_body_size {{ env.Getenv "NGINX_CLIENT_MAX_BODY_SIZE" "16M" }};
# maximum number and size of buffers for large headers to read from client request
large_client_header_buffers 4 256k;
# cache information about FDs, frequently accessed files
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
# load configs
include /etc/nginx/conf.d/*.conf;
}