Untitled

user www-data;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;

events {
  multi_accept on;
  worker_connections 65535;
}

error_log  /var/log/nginx/error.log error;


http {

  include     /etc/nginx/mime.types;
  default_type  text/html;
  charset utf-8;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65536;
  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;

  log_format postdata $request_body;
  access_log  /var/www/production-api.host/public/access.log postdata;

  server {
set $base /var/www;


    listen 127.0.0.1:8888;
    server_name production-api.host;
    root $base/production-api.host/public;

    location ~ [^/]\.php(/|$) {
    internal;

      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      set $_fastcgi_path_info $fastcgi_path_info;
      try_files $fastcgi_script_name =404;
      include fastcgi_params;

      fastcgi_pass      $server_addr:9000;
      fastcgi_index      index.php;
      fastcgi_buffers      8 16k;
      fastcgi_buffer_size    32k;

      fastcgi_param DOCUMENT_ROOT    $realpath_root;
      fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
      fastcgi_param PATH_INFO      $_fastcgi_path_info;
      fastcgi_param PHP_ADMIN_VALUE  "open_basedir=$base/:/usr/lib/php/:/tmp/";
    }
  }

  # different host and port from production api
  include include/dev_api.conf;

  server {
     set $base /var/www;
    listen *:80;
    server_name production.host;
    root $base/production.host/public;
        add_header 'Content-Security-Policy' "default-src 'self'; script-src 'unsafe-inline';";

    location ~/api/user/((?<userid>[^.]*))?$ {
      proxy_pass http://127.0.0.1:8888;
      proxy_set_header Host "production-api.host";
      proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-User-Id $userid;
            if ($http_origin ~* ((^https:\/\/www\.production\.host)|(^https:\/\/production\.host)$)) {
                add_header 'Access-Control-Allow-Origin' "$http_origin";
                add_header 'Access-Control-Allow-Credentials' 'true';
            }
    }

    location /static {
        alias /prod_static/;
    }
        location /management/ {
            access_by_lua_block {
                if ngx.header["X-Managed"] ~= nil and ngx.header["X-Managed"] ~= "secured") then
                    ngx.exit(ngx.HTTP_FORBIDDEN)
                end
            }
        }
  }

  server {

    listen *:8080;
    server_name development.env;
    root $base/development.env/public;

    location /api/ {

      proxy_pass http://127.0.0.1:1337/;
      proxy_set_header Host "development-api.host";
      proxy_set_header X-Forwarded-For $remote_addr;

            location ~/user/((?<userid>[^.]*))?$ {
                add_header X-Debug-User-Id $userid;
            }
      }
    }
}