Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user www-data;
- pid /run/nginx.pid;
- worker_processes auto;
- worker_rlimit_nofile 65535;
- events {
- multi_accept on;
- worker_connections 65535;
- }
- error_log /var/log/nginx/error.log error;
- access_log /var/www/production-api.host/public/access.log postdata;
- http {
- include /etc/nginx/mime.types;
- default_type text/html;
- charset utf-8;
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;l
- keepalive_timeout 65536;
- gzip on;
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
- set $base /var/www;
- server {
- internal;
- listen 127.0.0.1:8888;
- server_name production-api.host;
- root $base/production-api.host/public;
- location ~ [^/]\.php(/|$) {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- set $_fastcgi_path_info $fastcgi_path_info;
- try_files $fastcgi_script_name =404;
- include fastcgi_params;
- fastcgi_pass $server_addr:9000;
- fastcgi_index index.php;
- fastcgi_buffers 8 16k;
- fastcgi_buffer_size 32k;
- fastcgi_param DOCUMENT_ROOT $realpath_root;
- fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $_fastcgi_path_info;
- fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
- }
- }
- # different host and port from production api
- include include/dev_api.conf;
- server {
- listen *:80;
- server_name production.host;
- root $base/production.host/public;
- add_header 'Content-Security-Policy' "default-src 'self'; script-src 'unsafe-inline';";
- location ~/api/user/((?<userid>[^.]*))?$ {
- proxy_pass http://127.0.0.1:8888/;
- proxy_set_header Host "production-api.host";
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header X-User-Id $userid;
- if ($http_origin ~* ((^https:\/\/www\.production\.host)|(^https:\/\/production\.host)$)) {
- add_header 'Access-Control-Allow-Origin' "$http_origin";
- add_header 'Access-Control-Allow-Credentials' 'true';
- }
- }
- location /static {
- alias /prod_static/;
- }
- location /management/ {
- access_by_lua_block {
- if ngx.header["X-Managed"] ~= nil and ngx.header["X-Managed"] ~= "secured") then
- ngx.exit(ngx.HTTP_FORBIDDEN)
- end
- }
- }
- }
- server {
- listen *:8080;
- server_name development.env;
- root $base/development.env/public;
- location /api/ {
- proxy_pass http://127.0.0.1:1337/;
- proxy_set_header Host "development-api.host";
- proxy_set_header X-Forwarded-For $remote_addr;
- location ~/user/((?<userid>[^.]*))?$ {
- add_header X-Debug-User-Id $userid;
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement