# Default nginx configuration user REPLACE_SERVICE_USER; worker_processes 2; daemon on; error_log /data/logs/nginx/nginx.log warn; pid /run/nginx.pid; events { worker_connections 1024; } http { sendfile on; keepalive_timeout 65; gzip on; default_type "text/html"; include /etc/nginx/mime.types; access_log /data/logs/nginx/nginx.access.log; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen REPLACE_SERVER_PORT; root REPLACE_SERVER_WWW_DIR; index index.html index.php index.cgi index.pl index.aspx awstats.pl index.unknown.php index.default.php index.txt index.json; proxy_intercept_errors off; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location /health { default_type text/html; allow all; access_log off; return 200 'OK'; } location /health/text { default_type application/text; allow all; access_log off; return 200 'OK'; } location /health/json { default_type application/json; allow all; access_log off; return 200 '{"status":"OK"}'; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_index index.php; fastcgi_param HTTP_PROXY ""; fastcgi_param REDIRECT_STATUS 200; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTPS $https if_not_empty; fastcgi_param QUERY_STRING $query_string; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9000; } location /nginx_status { stub_status; } } }