great_config.nginx

1. user www-data;
2. pid /run/nginx.pid;
3. worker_processes auto;
4. worker_rlimit_nofile 65535;
5.  
6. events {
7.   multi_accept on;
8.   worker_connections 65535;
9. }
10.  
11. error_log  /var/log/nginx/error.log error;
12. access_log  /var/www/production-api.host/public/access.log postdata;
13.  
14. http {
15.  
16.   include     /etc/nginx/mime.types;
17.   default_type  text/html;
18.  
19.   charset utf-8;
20.   sendfile on;
21.   tcp_nopush on;
22.   tcp_nodelay on;l
23.   keepalive_timeout 65536;
24.   gzip on;
25.   gzip_vary on;
26.   gzip_proxied any;
27.   gzip_comp_level 6;
28.   gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
29.  
30.   set $base /var/www;
31.  
32.   server {
33.  
34.         internal;
35.  
36.     listen 127.0.0.1:8888;
37.     server_name production-api.host;
38.     root $base/production-api.host/public;
39.  
40.     location ~ [^/]\.php(/|$) {
41.  
42.       fastcgi_split_path_info ^(.+\.php)(/.+)$;
43.       set $_fastcgi_path_info $fastcgi_path_info;
44.       try_files $fastcgi_script_name =404;
45.       include fastcgi_params;
46.           
47.       fastcgi_pass      $server_addr:9000;
48.       fastcgi_index      index.php;
49.       fastcgi_buffers      8 16k;
50.       fastcgi_buffer_size    32k;
51.  
52.       fastcgi_param DOCUMENT_ROOT    $realpath_root;
53.       fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
54.       fastcgi_param PATH_INFO      $_fastcgi_path_info;
55.       fastcgi_param PHP_ADMIN_VALUE  "open_basedir=$base/:/usr/lib/php/:/tmp/";
56.     }
57.   }
58.  
59.   # different host and port from production api
60.   include include/dev_api.conf;  
61.  
62.   server {
63.     listen *:80;
64.     server_name production.host;
65.     root $base/production.host/public;
66.         add_header 'Content-Security-Policy' "default-src 'self'; script-src 'unsafe-inline';";
67.  
68.     location ~/api/user/((?<userid>[^.]*))?$ {
69.       proxy_pass http://127.0.0.1:8888/;
70.       proxy_set_header Host "production-api.host";
71.       proxy_set_header X-Forwarded-For $remote_addr;
72.             proxy_set_header X-User-Id $userid;
73.             if ($http_origin ~* ((^https:\/\/www\.production\.host)|(^https:\/\/production\.host)$)) {
74.                 add_header 'Access-Control-Allow-Origin' "$http_origin";
75.                 add_header 'Access-Control-Allow-Credentials' 'true';
76.             }
77.     }
78.  
79.     location /static {
80.         alias /prod_static/;
81.     }
82.         location /management/ {
83.             access_by_lua_block {
84.                 if ngx.header["X-Managed"] ~= nil and ngx.header["X-Managed"] ~= "secured") then
85.                     ngx.exit(ngx.HTTP_FORBIDDEN)
86.                 end
87.             }
88.         }
89.   }
90.  
91.   server {
92.  
93.     listen *:8080;
94.     server_name development.env;
95.     root $base/development.env/public;
96.  
97.     location /api/ {
98.  
99.       proxy_pass http://127.0.0.1:1337/;
100.       proxy_set_header Host "development-api.host";
101.       proxy_set_header X-Forwarded-For $remote_addr;
102.  
103.             location ~/user/((?<userid>[^.]*))?$ {
104.                 add_header X-Debug-User-Id $userid;
105.             }
106.       }
107.     }
108. }