# Default nginx configuration docker containers

user                                                REPLACE_WWW_USER;
worker_processes                                    auto;
daemon                                              on;
error_log                                           REPLACE_LOG_DIR/nginx.log warn;
pid                                                 REPLACE_RUN_DIR/nginx.pid;
events                                              { worker_connections 1024; }

http {
    include                                         REPLACE_ETC_DIR/mime.types;
    default_type                                    "text/html";
    sendfile                                        on;
    keepalive_timeout                               65;
    gzip                                            on;
    map                                             $http_upgrade $connection_upgrade { default upgrade; '' close; }
    disable_symlinks                                off;
    log_format                                      main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
    access_log                                      REPLACE_LOG_DIR/access.log  main;

    server {
        listen                                      0.0.0.0:80 default_server;
        server_name                                 REPLACE_SERVER_NAME;
        client_max_body_size                        0;
        proxy_intercept_errors                      off;
        add_header X-Frame-Options                  "SAMEORIGIN" always;
        add_header X-XSS-Protection                 "1; mode=block" always;
        add_header X-Content-Type-Options           "nosniff" always;
        add_header Referrer-Policy                  "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy          "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
        index                                       index.php index.cgi index.pl index.aspx index.txt index.json index.html index.unknown.php index.default.php;
        root                                        /var/lib/nginx/html;

        location /health {
            default_type                            text/plain;
            return 200                              'ok';
        }
        location /health/text {
            default_type                            text/plain;
            return 200                              'ok';
        }
        location /health/json {
            default_type                            application/json;
            return 200                              '{"status":"ok","message":"running"}';
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            if (!-f $document_root$fastcgi_script_name) {
                return 404;
        }
            fastcgi_param                           HTTP_PROXY "";
            fastcgi_pass                            127.0.0.1:9000;
            fastcgi_index                           index.php;
            fastcgi_param                           QUERY_STRING       $query_string;
            fastcgi_param                           REQUEST_METHOD     $request_method;
            fastcgi_param                           CONTENT_TYPE       $content_type;
            fastcgi_param                           CONTENT_LENGTH     $content_length;
            fastcgi_param                           SCRIPT_NAME        $fastcgi_script_name;
            fastcgi_param                           SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param                           REQUEST_URI        $request_uri;
            fastcgi_param                           DOCUMENT_URI       $document_uri;
            fastcgi_param                           DOCUMENT_ROOT      $document_root;
            fastcgi_param                           SERVER_PROTOCOL    $server_protocol;
            fastcgi_param                           REQUEST_SCHEME     $scheme;
            fastcgi_param                           HTTPS              $https if_not_empty;
            fastcgi_param                           GATEWAY_INTERFACE  CGI/1.1;
            fastcgi_param                           SERVER_SOFTWARE    nginx/$nginx_version;
            fastcgi_param                           REMOTE_ADDR        $remote_addr;
            fastcgi_param                           REMOTE_PORT        $remote_port;
            fastcgi_param                           SERVER_ADDR        $server_addr;
            fastcgi_param                           SERVER_PORT        $server_port;
            fastcgi_param                           SERVER_NAME        $server_name;
            fastcgi_param                           REDIRECT_STATUS    200;
        }

        location / {
            proxy_set_header Host $host;
            proxy_set_header                        X-Real-IP            $remote_addr;
            proxy_set_header                        X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header                        X-Forwarded-Proto    $scheme;
            proxy_http_version                      1.1;
            proxy_set_header                        Upgrade $http_upgrade;
            proxy_set_header                        Connection $connection_upgrade;
            proxy_pass                              http://127.0.0.1:8000/;
        }

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
        include /etc/nginx/vhosts.d/*.conf;
}