123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- # ddev GravCMS config
- # You can override ddev's configuration by placing an edited copy
- # of this config (or one of the other ones) in .ddev/nginx-site.conf
- # See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#providing-custom-nginx-configuration
- # Set https to 'on' if x-forwarded-proto is https
- map $http_x_forwarded_proto $fcgi_https {
- default off;
- https on;
- }
- server {
- listen 80;
- listen [::]:80 default ipv6only=on;
- # The WEBSERVER_DOCROOT variable is substituted with
- # its value when the container is started.
- root $WEBSERVER_DOCROOT;
- include /etc/nginx/monitoring.conf;
- index index.php index.htm index.html;
- # Make site accessible from http://localhost/
- server_name _;
- # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
- sendfile off;
- error_log /dev/stdout info;
- access_log /var/log/nginx/access.log;
- ## Begin - Index
- # for subfolders, simply adjust:
- # `location /subfolder {`
- # and the rewrite to use `/subfolder/index.php`
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- ## End - Index
- # pass the PHP scripts to FastCGI server listening on socket
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php-fpm.sock;
- fastcgi_buffers 16 16k;
- fastcgi_buffer_size 32k;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_intercept_errors off;
- # fastcgi_read_timeout should match max_execution_time in php.ini
- fastcgi_read_timeout 10m;
- fastcgi_param SERVER_NAME $host;
- fastcgi_param HTTPS $fcgi_https;
- }
- ## Begin - Security
- # deny all direct access for these folders
- location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
- # deny running scripts inside core system folders
- location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- # deny running scripts inside user folder
- location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- # deny access to specific files in the root folder
- location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
- ## End - Security
- include /mnt/ddev_config/nginx/*.conf;
- }
- server {
- listen 443 ssl;
- listen [::]:443 default ipv6only=on;
- # The WEBSERVER_DOCROOT variable is substituted with
- # its value when the container is started.
- root $WEBSERVER_DOCROOT;
- ssl_certificate /etc/ssl/certs/master.crt;
- ssl_certificate_key /etc/ssl/certs/master.key;
- include /etc/nginx/monitoring.conf;
- index index.php index.htm index.html;
- # Make site accessible from http://localhost/
- server_name _;
- # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
- sendfile off;
- error_log /dev/stdout info;
- access_log /var/log/nginx/access.log;
- ## Begin - Index
- # for subfolders, simply adjust:
- # `location /subfolder {`
- # and the rewrite to use `/subfolder/index.php`
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- ## End - Index
- # pass the PHP scripts to FastCGI server listening on socket
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php-fpm.sock;
- fastcgi_buffers 16 16k;
- fastcgi_buffer_size 32k;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_intercept_errors off;
- # fastcgi_read_timeout should match max_execution_time in php.ini
- fastcgi_read_timeout 10m;
- fastcgi_param SERVER_NAME $host;
- fastcgi_param HTTPS $fcgi_https;
- }
- ## Begin - Security
- # deny all direct access for these folders
- location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
- # deny running scripts inside core system folders
- location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- # deny running scripts inside user folder
- location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- # deny access to specific files in the root folder
- location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
- ## End - Security
- include /mnt/ddev_config/nginx/*.conf;
- }
|