sso-containers/files/common/nginx/conf.d/app.conf.gotmpl

89 lines
2.7 KiB
Go Template

upstream backend {
server {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_SERVER" "unix:/tmp/php-fpm.sock" }};
keepalive {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE" "40" }};
# Must be less than php-fpm.conf:pm.max_requests
keepalive_requests {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_REQUESTS" "250" }};
keepalive_timeout {{ env.Getenv "NGINX_APP_UPSTREAM_BACKEND_KEEPALIVE_TIMEOUT" "10" }};
}
server {
listen {{ env.Getenv "NGINX_APP_SERVER_LISTEN" "8080" }} default_server;
server_name {{ env.Getenv "NGINX_APP_SERVER_NAME" "_" }};
set $base /app;
root $base{{ env.Getenv "NGINX_APP_ROOT" "/public"}};
# deny all dot files except .well-known
location ~ /\.(?!well-known) {
deny all;
}
# index.php
index index.php;
# index.php fallback
location / {
# try to serve file directly, fallback to index.php
try_files $uri {{ env.Getenv "NGINX_APP_PHP_INDEX" "/index.php"}}$is_args$args;
}
# Disable falling back to PHP script for the asset directories;
location ~ ^/({{ env.Getenv "NGINX_APP_ASSETS_DIRECTORIES" "public|bundles|web"}})/ {
try_files $uri =404;
}
# handle non-files
location ~ {{ env.Getenv "NGINX_APP_PHP_NON_FILE_PATTERN" "^/index\\.php(/|$)" }} {
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=none";
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
access_log off;
}
}