daily pastebin goal
30%
SHARE
TWEET

Untitled

a guest Apr 20th, 2018 404 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Nginx version: 1.9.15
  2.  
  3. PHP-FPM version: php:7-fpm
  4.  
  5. Docker: 18.03.0-ce, build 0520e24
  6.    
  7. app_one | 172.18.0.6 -  20/Apr/2018:16:30:47 -0700 "POST /index.php" 401
  8. nginx   | 172.18.0.3 - - [20/Apr/2018:23:30:47 +0000] "POST /api/member/SessionManager HTTP/1.1" 200 38 "-" "GuzzleHttp/6.3.2 curl/7.38.0 PHP/7.1.10" "-"
  9. app_two | 172.18.0.6 -  20/Apr/2018:16:30:47 -0700 "POST /index.php" 200
  10. nginx   | 172.18.0.1 - - [20/Apr/2018:23:30:47 +0000] "POST /login/ HTTP/1.1" 200 917 "https://app-two.local/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "-"
  11.    
  12. upstream app_one {
  13.         server app_one:9000;
  14. }
  15.  
  16. server {
  17.         listen 80;
  18.         listen [::]:80;
  19.         server_name app-one.local app-one;
  20.         return 301 https://$server_name$request_uri;
  21. }
  22.  
  23. server {
  24.         listen 443 ssl;
  25.         listen [::]:443 ssl;
  26.         server_tokens off;
  27.  
  28.         ssl on;
  29.         ssl_certificate /etc/nginx/certs/app_one.crt;
  30.         ssl_certificate_key /etc/nginx/certs/app_one.key;
  31.         ssl_dhparam /etc/nginx/certs/dhparam.pem;
  32.  
  33.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
  34.         ssl_prefer_server_ciphers on;
  35.         ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  36.         ssl_ecdh_curve secp384r1;
  37.         ssl_session_cache shared:SSL:10m;
  38.         ssl_session_tickets off;
  39.         resolver 8.8.8.8 8.8.4.4 valid=300s;
  40.         resolver_timeout 5s;
  41.  
  42.         server_name app-one.local;
  43.  
  44.         root /var/www/app_one;
  45.         index index.php index.html;
  46.  
  47.         gzip_types text/plain text/css application/json application/x-javascript
  48.                    text/xml application/xml application/xml+rss text/javascript;
  49.  
  50.         # Add headers to serve security related headers
  51.         #
  52.         # Disable preloading HSTS for now.  You can use the commented out header line that includes
  53.         # the "preload" directive if you understand the implications.
  54.         # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  55.         add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  56.         add_header X-Frame-Options DENY;
  57.         add_header X-Content-Type-Options nosniff;
  58.         add_header X-XSS-Protection "1; mode=block";
  59.         add_header X-Robots-Tag none;
  60.         add_header Pragma "no-cache";
  61.         add_header Cache-Control "no-cache";
  62.         add_header X-uri "$uri";
  63.  
  64.         location ~* .(eot|otf|ttf|woff|woff2)$ {
  65.                 add_header Access-Control-Allow-Origin *;
  66.         }
  67.  
  68.         location / {
  69.                 proxy_read_timeout    90;
  70.                 proxy_connect_timeout 90;
  71.                 proxy_redirect        off;
  72.  
  73.                 proxy_set_header      X-Real-IP $remote_addr;
  74.                 proxy_set_header      X-Scheme $scheme;
  75.                 proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
  76.                 proxy_set_header      X-Forwarded-Proto $scheme;
  77.                 proxy_set_header      X-Forwarded-Host $server_name;
  78.                 proxy_set_header      Host $host;
  79.                 proxy_set_header      X-Forwarded-Port 443;
  80.                 proxy_set_header      Authorization $http_authorization;
  81.                 proxy_pass_header     Authorization;
  82.  
  83.                 proxy_hide_header X-Powered-By;
  84.                 proxy_hide_header X-Pingback;
  85.                 proxy_hide_header Link;
  86.  
  87.                 try_files $uri $uri/ /index.php?$args;
  88.         }
  89.  
  90.         # Pass all .php files onto a php-fpm/php-fcgi server.
  91.         location ~ [^/].php(/|$) {
  92.                 add_header X-debug-message "A php file was used" always;
  93.                 # regex to split $uri to $fastcgi_script_name and $fastcgi_path
  94.                 fastcgi_split_path_info ^(.+?.php)(/.*)$;
  95.                 # This is a robust solution for path info security issue and
  96.                 # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
  97.                 # if (!-f $document_root$fastcgi_script_name) {
  98.                 #         return 404;
  99.                 # }
  100.                 # Check that the PHP script exists before passing it
  101.                 # try_files $fastcgi_script_name =404;
  102.                 # Bypass the fact that try_files resets $fastcgi_path_info
  103.                 # see: http://trac.nginx.org/nginx/ticket/321
  104.                 set $path_info $fastcgi_path_info;
  105.                 fastcgi_param PATH_INFO $path_info;
  106.                 fastcgi_intercept_errors on;
  107.                 fastcgi_pass app_one;
  108.                 fastcgi_index index.php;
  109.                 include fastcgi_params;
  110.                 fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
  111.  
  112.                 fastcgi_hide_header X-Powered-By;
  113.                 fastcgi_hide_header X-Pingback;
  114.                 fastcgi_hide_header Link;
  115.         }
  116.  
  117.         location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
  118.                 add_header X-debug-message "A static file was served" always;
  119.                 expires max;
  120.                 # log_not_found off;
  121.         }
  122.  
  123.         location ~ /. {
  124.                 deny all;
  125.         }
  126. }
  127.    
  128. upstream app_two {
  129.         server app_two:9000;
  130. }
  131.  
  132. server {
  133.         listen 80;
  134.         listen [::]:80;
  135.         server_name app_two.local;
  136.         return 301 https://$server_name$request_uri;
  137. }
  138.  
  139. server {
  140.         listen 443 ssl;
  141.         listen [::]:443 ssl;
  142.         server_tokens off;
  143.  
  144.         ssl_certificate /etc/nginx/certs/app_two.crt;
  145.         ssl_certificate_key /etc/nginx/certs/app_two.key;
  146.         ssl_dhparam /etc/nginx/certs/dhparam.pem;
  147.  
  148.  
  149.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  150.         ssl_prefer_server_ciphers on;
  151.         ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  152.         ssl_ecdh_curve secp384r1;
  153.         ssl_session_cache shared:SSL:10m;
  154.         ssl_session_tickets off;
  155.         resolver 8.8.8.8 8.8.4.4 valid=300s;
  156.         resolver_timeout 5s;
  157.  
  158.         server_name app_two.local;
  159.  
  160.         root /var/www/app;
  161.         index index.php index.html;
  162.  
  163.         gzip_types text/plain text/css application/json application/x-javascript
  164.                    text/xml application/xml application/xml+rss text/javascript;
  165.  
  166.  
  167.         # Add headers to serve security related headers
  168.         #
  169.         # Disable preloading HSTS for now.  You can use the commented out header line that includes
  170.         # the "preload" directive if you understand the implications.
  171.         # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  172.         add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  173.         add_header X-Frame-Options DENY; # prevents page from being embedded in other pages
  174.         add_header X-Content-Type-Options nosniff; # prevents MIME type sniffing
  175.         add_header X-XSS-Protection "1; mode=block"; # prevents XSS rendering
  176.         add_header X-Robots-Tag none; # prevents robots from crawling the requested page
  177.         add_header Pragma "no-cache"; # don't store a cached version of the site resources
  178.         add_header Cache-Control "no-cache"; # don't store a cached version of the site resources
  179.         add_header X-uri "$uri"; # requested URI
  180.  
  181.         location ~* .(eot|otf|ttf|woff|woff2)$ {
  182.                 add_header Access-Control-Allow-Origin *;
  183.         }
  184.  
  185.         location / {
  186.                 proxy_read_timeout    90;
  187.                 proxy_connect_timeout 90;
  188.                 proxy_redirect        off;
  189.  
  190.                 proxy_set_header      X-Real-IP $remote_addr;
  191.                 proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
  192.                 proxy_set_header      X-Forwarded-Host $server_name;
  193.                 proxy_set_header      Host $host;
  194.                 proxy_set_header      X-Forwarded-Proto $scheme;
  195.                 proxy_set_header      X-Forwarded-Port 443;
  196.                 proxy_set_header      Authorization $http_authorization;
  197.                 proxy_pass_header     Authorization;
  198.  
  199.                 proxy_hide_header X-Powered-By;
  200.                 proxy_hide_header X-Pingback;
  201.                 proxy_hide_header Link;
  202.  
  203.                 try_files $uri $uri/ /index.php;
  204.         }
  205.  
  206.         # Pass all .php files onto a php-fpm/php-fcgi server.
  207.         location ~ [^/].php(/|$) {
  208.                 # add_header Location "$uri" always;
  209.                 # regex to split $uri to $fastcgi_script_name and $fastcgi_path
  210.                 fastcgi_split_path_info ^(.+?.php)(/.*)$;
  211.                 # This is a robust solution for path info security issue and
  212.                 # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
  213.                 if (!-f $document_root$fastcgi_script_name) {
  214.                         return 404;
  215.                 }
  216.                 # Check that the PHP script exists before passing it
  217.                 try_files $fastcgi_script_name =404;
  218.                 # Bypass the fact that try_files resets $fastcgi_path_info
  219.                 # see: http://trac.nginx.org/nginx/ticket/321
  220.                 set $path_info $fastcgi_path_info;
  221.                 fastcgi_param PATH_INFO $path_info;
  222.                 fastcgi_intercept_errors on;
  223.                 fastcgi_pass app_two;
  224.                 fastcgi_index index.php;
  225.                 include fastcgi_params;
  226.                 fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
  227.  
  228.                 fastcgi_hide_header X-Powered-By;
  229.                 fastcgi_hide_header X-Pingback;
  230.                 fastcgi_hide_header Link;
  231.         }
  232.  
  233.         location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
  234.                 expires max;
  235.                 log_not_found off;
  236.         }
  237. }
  238.    
  239. worker_processes 1;
  240.  
  241. daemon off;
  242.  
  243. events {
  244.     worker_connections 1024;
  245. }
  246.  
  247. error_log   /var/log/nginx/error.log warn;
  248. pid         /var/run/nginx.pid;
  249.  
  250. http {
  251.     default_type application/octet-stream;
  252.     include /etc/nginx/conf/mime.types;
  253.  
  254.     log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  255.     '$status $body_bytes_sent "$http_referer" '
  256.     '"$http_user_agent" "$http_x_forwarded_for"';
  257.  
  258.     access_log /var/log/nginx/access.log main;
  259.  
  260.     sendfile on;
  261.     #tcp_nopush on;
  262.  
  263.     keepalive_timeout 65;
  264.  
  265.     gzip on;
  266.     gzip_disable "msie6";
  267.  
  268.     gzip_vary on;
  269.     gzip_proxied any;
  270.     gzip_comp_level 6;
  271.     gzip_buffers 16 8k;
  272.     gzip_http_version 1.1;
  273.     gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  274.     application/x-font-ttf ttc ttf;
  275.     application/x-font-otf otf;
  276.     application/font-woff woff;
  277.     application/font-woff2 woff2;
  278.     application/vnd.ms-fontobject eot;
  279.  
  280.     include /etc/nginx/conf.d/*.conf;  
  281. }
  282.    
  283. version: '3.3'
  284. services:
  285.   nginx:
  286.     image: evild/alpine-nginx:1.9.15-openssl
  287.     container_name: nginx
  288.     volumes:
  289.       - ./app:/var/www/app/:ro
  290.       - ./app_one:/var/www/app_one/:ro
  291.       - ./batterystore:/var/www/wp/:ro
  292.       - ./nginx/conf/nginx.conf:/etc/nginx/conf/default.conf:ro
  293.       - ./nginx/conf.d:/etc/nginx/conf.d:ro
  294.       - ./certs:/etc/nginx/certs
  295.     ports:
  296.       - 80:80
  297.       - 443:443
  298.     expose:
  299.       - "80"
  300.       - "443"
  301.     depends_on:
  302.       - php-mp
  303.       - php-wp
  304.     environment:
  305.       TZ: "America/Los_Angeles"
  306.     networks:
  307.       default:
  308.         aliases:
  309.           - app_one.local
  310.           - app_two.local
  311.  
  312.   app_one:
  313.     environment:
  314.       TZ: "America/Los_Angeles"
  315.     image: joebubna/php
  316.     container_name: app_one
  317.     restart: always
  318.     volumes:
  319.       - ./app_one:/var/www/app_one
  320.     ports:
  321.       - 9001:9000
  322.     networks:
  323.       - default
  324.  
  325.   app_two:
  326.     environment:
  327.       TZ: "America/Los_Angeles"
  328.     image: joebubna/php
  329.     container_name: app_two
  330.     restart: always
  331.     volumes:
  332.       - ./app_two:/var/www/app_two
  333.     ports:
  334.       - 9000:9000
  335.     networks:
  336.       - default
  337.  
  338.   db:
  339.     image: mysql:5.6
  340.     container_name: mysql
  341.     volumes:
  342.       - db-data:/var/lib/mysql
  343.       - ./mysql/my.cnf:/etc/mysql/conf.d/ZZ-app_one.cnf:ro
  344.     environment:
  345.       MYSQL_ROOT_PASSWORD: root
  346.       MYSQL_USER: user
  347.       MYSQL_PASSWORD: password
  348.       MYSQL_DATABASE: cora
  349.       TZ: "America/Los_Angeles"
  350.     ports:
  351.       - 3306:3306
  352.     expose:
  353.       - "3306"
  354.     networks:
  355.       - default
  356.  
  357. volumes:
  358.   db-data:
  359.  
  360. networks:
  361.   default:
  362.     driver: bridge
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top