Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Nginx version: 1.9.15
- PHP-FPM version: php:7-fpm
- Docker: 18.03.0-ce, build 0520e24
- app_one | 172.18.0.6 - 20/Apr/2018:16:30:47 -0700 "POST /index.php" 401
- nginx | 172.18.0.3 - - [20/Apr/2018:23:30:47 +0000] "POST /api/member/SessionManager HTTP/1.1" 200 38 "-" "GuzzleHttp/6.3.2 curl/7.38.0 PHP/7.1.10" "-"
- app_two | 172.18.0.6 - 20/Apr/2018:16:30:47 -0700 "POST /index.php" 200
- nginx | 172.18.0.1 - - [20/Apr/2018:23:30:47 +0000] "POST /login/ HTTP/1.1" 200 917 "https://app-two.local/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "-"
- upstream app_one {
- server app_one:9000;
- }
- server {
- listen 80;
- listen [::]:80;
- server_name app-one.local app-one;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_tokens off;
- ssl on;
- ssl_certificate /etc/nginx/certs/app_one.crt;
- ssl_certificate_key /etc/nginx/certs/app_one.key;
- ssl_dhparam /etc/nginx/certs/dhparam.pem;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
- ssl_prefer_server_ciphers on;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_ecdh_curve secp384r1;
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
- resolver 8.8.8.8 8.8.4.4 valid=300s;
- resolver_timeout 5s;
- server_name app-one.local;
- root /var/www/app_one;
- index index.php index.html;
- gzip_types text/plain text/css application/json application/x-javascript
- text/xml application/xml application/xml+rss text/javascript;
- # Add headers to serve security related headers
- #
- # Disable preloading HSTS for now. You can use the commented out header line that includes
- # the "preload" directive if you understand the implications.
- # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header Pragma "no-cache";
- add_header Cache-Control "no-cache";
- add_header X-uri "$uri";
- location ~* .(eot|otf|ttf|woff|woff2)$ {
- add_header Access-Control-Allow-Origin *;
- }
- location / {
- proxy_read_timeout 90;
- proxy_connect_timeout 90;
- proxy_redirect off;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Port 443;
- proxy_set_header Authorization $http_authorization;
- proxy_pass_header Authorization;
- proxy_hide_header X-Powered-By;
- proxy_hide_header X-Pingback;
- proxy_hide_header Link;
- try_files $uri $uri/ /index.php?$args;
- }
- # Pass all .php files onto a php-fpm/php-fcgi server.
- location ~ [^/].php(/|$) {
- add_header X-debug-message "A php file was used" always;
- # regex to split $uri to $fastcgi_script_name and $fastcgi_path
- fastcgi_split_path_info ^(.+?.php)(/.*)$;
- # This is a robust solution for path info security issue and
- # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
- # if (!-f $document_root$fastcgi_script_name) {
- # return 404;
- # }
- # Check that the PHP script exists before passing it
- # try_files $fastcgi_script_name =404;
- # Bypass the fact that try_files resets $fastcgi_path_info
- # see: http://trac.nginx.org/nginx/ticket/321
- set $path_info $fastcgi_path_info;
- fastcgi_param PATH_INFO $path_info;
- fastcgi_intercept_errors on;
- fastcgi_pass app_one;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
- fastcgi_hide_header X-Powered-By;
- fastcgi_hide_header X-Pingback;
- fastcgi_hide_header Link;
- }
- location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
- add_header X-debug-message "A static file was served" always;
- expires max;
- # log_not_found off;
- }
- location ~ /. {
- deny all;
- }
- }
- upstream app_two {
- server app_two:9000;
- }
- server {
- listen 80;
- listen [::]:80;
- server_name app_two.local;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_tokens off;
- ssl_certificate /etc/nginx/certs/app_two.crt;
- ssl_certificate_key /etc/nginx/certs/app_two.key;
- ssl_dhparam /etc/nginx/certs/dhparam.pem;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_ecdh_curve secp384r1;
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
- resolver 8.8.8.8 8.8.4.4 valid=300s;
- resolver_timeout 5s;
- server_name app_two.local;
- root /var/www/app;
- index index.php index.html;
- gzip_types text/plain text/css application/json application/x-javascript
- text/xml application/xml application/xml+rss text/javascript;
- # Add headers to serve security related headers
- #
- # Disable preloading HSTS for now. You can use the commented out header line that includes
- # the "preload" directive if you understand the implications.
- # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
- add_header X-Frame-Options DENY; # prevents page from being embedded in other pages
- add_header X-Content-Type-Options nosniff; # prevents MIME type sniffing
- add_header X-XSS-Protection "1; mode=block"; # prevents XSS rendering
- add_header X-Robots-Tag none; # prevents robots from crawling the requested page
- add_header Pragma "no-cache"; # don't store a cached version of the site resources
- add_header Cache-Control "no-cache"; # don't store a cached version of the site resources
- add_header X-uri "$uri"; # requested URI
- location ~* .(eot|otf|ttf|woff|woff2)$ {
- add_header Access-Control-Allow-Origin *;
- }
- location / {
- proxy_read_timeout 90;
- proxy_connect_timeout 90;
- proxy_redirect off;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port 443;
- proxy_set_header Authorization $http_authorization;
- proxy_pass_header Authorization;
- proxy_hide_header X-Powered-By;
- proxy_hide_header X-Pingback;
- proxy_hide_header Link;
- try_files $uri $uri/ /index.php;
- }
- # Pass all .php files onto a php-fpm/php-fcgi server.
- location ~ [^/].php(/|$) {
- # add_header Location "$uri" always;
- # regex to split $uri to $fastcgi_script_name and $fastcgi_path
- fastcgi_split_path_info ^(.+?.php)(/.*)$;
- # This is a robust solution for path info security issue and
- # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
- if (!-f $document_root$fastcgi_script_name) {
- return 404;
- }
- # Check that the PHP script exists before passing it
- try_files $fastcgi_script_name =404;
- # Bypass the fact that try_files resets $fastcgi_path_info
- # see: http://trac.nginx.org/nginx/ticket/321
- set $path_info $fastcgi_path_info;
- fastcgi_param PATH_INFO $path_info;
- fastcgi_intercept_errors on;
- fastcgi_pass app_two;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
- fastcgi_hide_header X-Powered-By;
- fastcgi_hide_header X-Pingback;
- fastcgi_hide_header Link;
- }
- location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
- expires max;
- log_not_found off;
- }
- }
- worker_processes 1;
- daemon off;
- events {
- worker_connections 1024;
- }
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- http {
- default_type application/octet-stream;
- include /etc/nginx/conf/mime.types;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
- sendfile on;
- #tcp_nopush on;
- keepalive_timeout 65;
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
- application/x-font-ttf ttc ttf;
- application/x-font-otf otf;
- application/font-woff woff;
- application/font-woff2 woff2;
- application/vnd.ms-fontobject eot;
- include /etc/nginx/conf.d/*.conf;
- }
- version: '3.3'
- services:
- nginx:
- image: evild/alpine-nginx:1.9.15-openssl
- container_name: nginx
- volumes:
- - ./app:/var/www/app/:ro
- - ./app_one:/var/www/app_one/:ro
- - ./batterystore:/var/www/wp/:ro
- - ./nginx/conf/nginx.conf:/etc/nginx/conf/default.conf:ro
- - ./nginx/conf.d:/etc/nginx/conf.d:ro
- - ./certs:/etc/nginx/certs
- ports:
- - 80:80
- - 443:443
- expose:
- - "80"
- - "443"
- depends_on:
- - php-mp
- - php-wp
- environment:
- TZ: "America/Los_Angeles"
- networks:
- default:
- aliases:
- - app_one.local
- - app_two.local
- app_one:
- environment:
- TZ: "America/Los_Angeles"
- image: joebubna/php
- container_name: app_one
- restart: always
- volumes:
- - ./app_one:/var/www/app_one
- ports:
- - 9001:9000
- networks:
- - default
- app_two:
- environment:
- TZ: "America/Los_Angeles"
- image: joebubna/php
- container_name: app_two
- restart: always
- volumes:
- - ./app_two:/var/www/app_two
- ports:
- - 9000:9000
- networks:
- - default
- db:
- image: mysql:5.6
- container_name: mysql
- volumes:
- - db-data:/var/lib/mysql
- - ./mysql/my.cnf:/etc/mysql/conf.d/ZZ-app_one.cnf:ro
- environment:
- MYSQL_ROOT_PASSWORD: root
- MYSQL_USER: user
- MYSQL_PASSWORD: password
- MYSQL_DATABASE: cora
- TZ: "America/Los_Angeles"
- ports:
- - 3306:3306
- expose:
- - "3306"
- networks:
- - default
- volumes:
- db-data:
- networks:
- default:
- driver: bridge
Add Comment
Please, Sign In to add comment