|
| 1 | +server { |
| 2 | + listen 80; |
| 3 | + server_name ""; |
| 4 | + |
| 5 | + # Commented out due to this overriding existing configuration already set in nginx/nginx.conf |
| 6 | + # access_log /home/container/logs/naccess.log; |
| 7 | + # error_log /home/container/logs/nerror.log error; |
| 8 | + |
| 9 | + set_real_ip_from 127.0.0.1; |
| 10 | + real_ip_header CF-Connecting-IP; |
| 11 | + real_ip_recursive on; |
| 12 | + |
| 13 | + root /home/container/www; |
| 14 | + index index.html index.htm index.php; |
| 15 | + charset utf-8; |
| 16 | + |
| 17 | + absolute_redirect off; |
| 18 | + port_in_redirect off; |
| 19 | + |
| 20 | + location / { |
| 21 | + try_files $uri $uri/ /index.php?$query_string; |
| 22 | + } |
| 23 | + |
| 24 | + location = /favicon.ico { access_log off; log_not_found off; } |
| 25 | + location = /robots.txt { access_log off; log_not_found off; } |
| 26 | + |
| 27 | + # allow larger file uploads and longer script runtimes |
| 28 | + client_max_body_size 100m; |
| 29 | + client_body_timeout 120s; |
| 30 | + sendfile off; |
| 31 | + |
| 32 | + location ~ \.php$ { |
| 33 | + fastcgi_split_path_info ^(.+\.php)(/.+)$; |
| 34 | + try_files $fastcgi_script_name =404; |
| 35 | + fastcgi_pass unix:/home/container/tmp/php-fpm.sock; |
| 36 | + fastcgi_index index.php; |
| 37 | + include fastcgi_params; |
| 38 | + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; |
| 39 | + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
| 40 | + fastcgi_param HTTP_PROXY ""; |
| 41 | + fastcgi_intercept_errors on; |
| 42 | + fastcgi_buffer_size 16k; |
| 43 | + fastcgi_buffers 4 16k; |
| 44 | + fastcgi_connect_timeout 300; |
| 45 | + fastcgi_send_timeout 300; |
| 46 | + fastcgi_read_timeout 300; |
| 47 | + } |
| 48 | + |
| 49 | + # Block access to sensitive files and directories |
| 50 | + location ~ /\.git { |
| 51 | + deny all; |
| 52 | + } |
| 53 | + |
| 54 | + location ~ /\.ht { |
| 55 | + deny all; |
| 56 | + } |
| 57 | + |
| 58 | + location ~ /\.env { |
| 59 | + deny all; |
| 60 | + } |
| 61 | + |
| 62 | + location ~ /\.svn { |
| 63 | + deny all; |
| 64 | + } |
| 65 | + |
| 66 | + location ~ /composer\.(json|lock)$ { |
| 67 | + deny all; |
| 68 | + } |
| 69 | + |
| 70 | + location ~ /package(-lock)?\.json$ { |
| 71 | + deny all; |
| 72 | + } |
| 73 | + |
| 74 | + location ~ /\.user\.ini$ { |
| 75 | + deny all; |
| 76 | + } |
| 77 | + |
| 78 | + location ~ /\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)$ { |
| 79 | + deny all; |
| 80 | + } |
| 81 | +} |
0 commit comments