|
|
@@ -0,0 +1,78 @@
|
|
|
+# ddev php default (PHP project type) config
|
|
|
+
|
|
|
+# If you want to take over this file and customize it, remove the line above
|
|
|
+# and ddev will respect it and won't overwrite the file.
|
|
|
+# See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#custom-nginx-configuration
|
|
|
+
|
|
|
+server {
|
|
|
+ listen 80 default_server;
|
|
|
+ listen 443 ssl default_server;
|
|
|
+
|
|
|
+ root /var/www/html/public;
|
|
|
+
|
|
|
+ ssl_certificate /etc/ssl/certs/master.crt;
|
|
|
+ ssl_certificate_key /etc/ssl/certs/master.key;
|
|
|
+
|
|
|
+ include /etc/nginx/monitoring.conf;
|
|
|
+
|
|
|
+ index index.php index.htm index.html;
|
|
|
+
|
|
|
+ # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
|
|
|
+ sendfile off;
|
|
|
+ error_log /dev/stdout info;
|
|
|
+ access_log /var/log/nginx/access.log;
|
|
|
+
|
|
|
+ location / {
|
|
|
+ absolute_redirect off;
|
|
|
+ if (!-e $request_filename){
|
|
|
+ rewrite ^(.*)$ /index.php?s=$1 last; break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ location @rewrite {
|
|
|
+ # For D7 and above:
|
|
|
+ # Clean URLs are handled in drupal_environment_initialize().
|
|
|
+ rewrite ^ /index.php;
|
|
|
+ }
|
|
|
+
|
|
|
+ # pass the PHP scripts to FastCGI server listening on socket
|
|
|
+ location ~ \.php$ {
|
|
|
+ try_files $uri =404;
|
|
|
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
+ fastcgi_pass unix:/run/php-fpm.sock;
|
|
|
+ fastcgi_buffers 16 16k;
|
|
|
+ fastcgi_buffer_size 32k;
|
|
|
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
+ fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
|
+ fastcgi_index index.php;
|
|
|
+ include fastcgi_params;
|
|
|
+ fastcgi_intercept_errors off;
|
|
|
+ # fastcgi_read_timeout should match max_execution_time in php.ini
|
|
|
+ fastcgi_read_timeout 10m;
|
|
|
+ fastcgi_param SERVER_NAME $host;
|
|
|
+ fastcgi_param HTTPS $fcgi_https;
|
|
|
+ # Pass the X-Accel-* headers to facilitate testing.
|
|
|
+ fastcgi_pass_header "X-Accel-Buffering";
|
|
|
+ fastcgi_pass_header "X-Accel-Charset";
|
|
|
+ fastcgi_pass_header "X-Accel-Expires";
|
|
|
+ fastcgi_pass_header "X-Accel-Limit-Rate";
|
|
|
+ fastcgi_pass_header "X-Accel-Redirect";
|
|
|
+ }
|
|
|
+
|
|
|
+ # Prevent clients from accessing hidden files (starting with a dot)
|
|
|
+ # This is particularly important if you store .htpasswd files in the site hierarchy
|
|
|
+ # Access to `/.well-known/` is allowed.
|
|
|
+ # https://www.mnot.net/blog/2010/04/07/well-known
|
|
|
+ # https://tools.ietf.org/html/rfc5785
|
|
|
+ location ~* /\.(?!well-known\/) {
|
|
|
+ deny all;
|
|
|
+ }
|
|
|
+
|
|
|
+ # Prevent clients from accessing to backup/config/source files
|
|
|
+ location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
|
|
|
+ deny all;
|
|
|
+ }
|
|
|
+
|
|
|
+ include /etc/nginx/common.d/*.conf;
|
|
|
+ include /mnt/ddev_config/nginx/*.conf;
|
|
|
+}
|
