Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Set https to 'on' if x-forwarded-proto is https
- map $http_x_forwarded_proto $fcgi_https {
- default off;
- https on;
- }
- server {
- listen 80; ## listen for ipv4; this line is default and implied
- listen [::]:80 default ipv6only=on; ## listen for ipv6
- # The NGINX_DOCROOT variable is substituted with
- # its value when the container is started.
- root $NGINX_DOCROOT;
- index index.php index.htm index.html;
- # Make site accessible from http://localhost/
- server_name _;
- # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
- sendfile off;
- error_log /var/log/nginx/error.log info;
- access_log /var/log/nginx/error.log;
- location / {
- # First attempt to serve request as file, then
- # as directory, then fall back to index.html
- try_files $uri $uri/ /index.php?q=$uri&$args;
- }
- location @rewrite {
- # For D7 and above:
- # Clean URLs are handled in drupal_environment_initialize().
- rewrite ^ /index.php;
- }
- # Handle image styles for Drupal 7+
- location ~ ^/sites/.*/files/styles/ {
- try_files $uri @rewrite;
- }
- # pass the PHP scripts to FastCGI server listening on socket
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php-fpm.sock;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_intercept_errors on;
- # fastcgi_read_timeout should match max_execution_time in php.ini
- fastcgi_read_timeout 240;
- fastcgi_param SERVER_NAME $host;
- fastcgi_param HTTPS $fcgi_https;
- fastcgi_param TYPO3_CONTEXT Development;
- }
- # Expire rules for static content
- # Feed
- location ~* \.(?:rss|atom)$ {
- expires 1h;
- }
- # Media: images, icons, video, audio, HTC
- location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
- expires 1M;
- access_log off;
- add_header Cache-Control "public";
- }
- # Prevent clients from accessing hidden files (starting with a dot)
- # This is particularly important if you store .htpasswd files in the site hierarchy
- # Access to `/.well-known/` is allowed.
- # https://www.mnot.net/blog/2010/04/07/well-known
- # https://tools.ietf.org/html/rfc5785
- location ~* /\.(?!well-known\/) {
- deny all;
- }
- # Prevent clients from accessing to backup/config/source files
- location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
- deny all;
- }
- ## Regular private file serving (i.e. handled by Drupal).
- location ^~ /system/files/ {
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- access_log off;
- expires 30d;
- try_files $uri @rewrite;
- }
- ## provide a health check endpoint
- location /healthcheck {
- access_log off;
- return 200;
- }
- error_page 400 401 /40x.html;
- location = /40x.html {
- root /usr/share/nginx/html;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement