# nginx configuration for sites

user                                                REPLACE_WWW_USER;
worker_processes                                    auto;
daemon                                              on;
error_log                                           REPLACE_LOG_DIR/nginx.log warn;
pid                                                 REPLACE_RUN_DIR/nginx.pid;
events                                              { worker_connections 1024; }

http {
    include                                         REPLACE_ETC_DIR/mime.types;
    default_type                                    "text/html";
    sendfile                                        on;
    keepalive_timeout                               65;
    gzip                                            on;
    map                                             $http_upgrade $connection_upgrade { default upgrade; '' close; }
    disable_symlinks                                off;

    server {
        listen                                      0.0.0.0:80 default_server;
        server_name                                 REPLACE_SERVER_NAME;
        client_max_body_size                        0;
        proxy_intercept_errors                      off;
        add_header X-Frame-Options                  "SAMEORIGIN" always;
        add_header X-XSS-Protection                 "1; mode=block" always;
        add_header X-Content-Type-Options           "nosniff" always;
        add_header Referrer-Policy                  "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy          "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
        index                                       index.php index.cgi index.pl index.aspx index.txt index.json index.html index.unknown.php index.default.php;
        root                                        /var/lib/nginx/html;

        location /health {
            default_type                            text/plain;
            return 200                              'ok';
        }
        location /health/text {
            default_type                            text/plain;
            return 200                              'ok';
        }
        location /health/json {
            default_type                            application/json;
            return 200                              '{"status":"ok","message":"running"}';
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            if (!-f $document_root$fastcgi_script_name) {
                return 404;
        }
            fastcgi_param                     HTTP_PROXY "";
            fastcgi_pass                      127.0.0.1:9000;
            fastcgi_index                     index.php;
            fastcgi_param  QUERY_STRING       $query_string;
            fastcgi_param  REQUEST_METHOD     $request_method;
            fastcgi_param  CONTENT_TYPE       $content_type;
            fastcgi_param  CONTENT_LENGTH     $content_length;
            fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
            fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param  REQUEST_URI        $request_uri;
            fastcgi_param  DOCUMENT_URI       $document_uri;
            fastcgi_param  DOCUMENT_ROOT      $document_root;
            fastcgi_param  SERVER_PROTOCOL    $server_protocol;
            fastcgi_param  REQUEST_SCHEME     $scheme;
            fastcgi_param  HTTPS              $https if_not_empty;
            fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
            fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
            fastcgi_param  REMOTE_ADDR        $remote_addr;
            fastcgi_param  REMOTE_PORT        $remote_port;
            fastcgi_param  SERVER_ADDR        $server_addr;
            fastcgi_param  SERVER_PORT        $server_port;
            fastcgi_param  SERVER_NAME        $server_name;
            fastcgi_param  REDIRECT_STATUS    200;
        }

        location / {
            root           REPLACE_PHPMYADMIN_WWW_ROOT;
        }

        location /phpmyadmin {
            alias           REPLACE_PHPMYADMIN_WWW_ROOT;
        }
}