mirror of
				https://github.com/casjaysdevdocker/tools
				synced 2025-10-25 20:02:01 -04:00 
			
		
		
		
	
		
			
	
	
		
			132 lines
		
	
	
		
			6.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
		
		
			
		
	
	
			132 lines
		
	
	
		
			6.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
|   | # Default nginx configuration | ||
|  | user                                         root; | ||
|  | worker_processes                             auto; | ||
|  | daemon                                       off; | ||
|  | error_log                                    /data/logs/nginx/nginx.log warn; | ||
|  | pid                                          /run/nginx.pid; | ||
|  | 
 | ||
|  | events { | ||
|  |     worker_connections 1024; | ||
|  | } | ||
|  | 
 | ||
|  | http { | ||
|  |     include                                  /etc/nginx/mime.types; | ||
|  |     default_type                             "text/html"; | ||
|  |     access_log                               /data/logs/nginx/access.default.log; | ||
|  |     sendfile                                 on; | ||
|  |     keepalive_timeout                        65; | ||
|  |     gzip                                     on; | ||
|  |     map                                      $http_upgrade $connection_upgrade { default upgrade; '' close; } | ||
|  |     disable_symlinks                         off; | ||
|  |     root                                     REPLACE_SERVER_WWW_DIR; | ||
|  | 
 | ||
|  |     server { | ||
|  |         listen                               REPLACE_SERVER_PORT; | ||
|  |         server_name                          REPLACE_SERVER_NAME; | ||
|  |         root                                 REPLACE_SERVER_WWW_DIR; | ||
|  |         index                                index.php index.cgi index.pl index.aspx index.txt index.json index.html index.unknown.php index.default.php; | ||
|  |         add_header X-Frame-Options           "SAMEORIGIN" always; | ||
|  |         add_header X-XSS-Protection          "1; mode=block" always; | ||
|  |         add_header X-Content-Type-Options    "nosniff" always; | ||
|  |         add_header Referrer-Policy           "no-referrer-when-downgrade" always; | ||
|  |         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
|  |         add_header Content-Security-Policy   "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; | ||
|  |         ssl_protocols                        TLSv1.2 TLSv1.3; | ||
|  |         ssl_ciphers                          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | ||
|  |         ssl_prefer_server_ciphers            off; | ||
|  |         ssl_certificate                      /etc/ssl/localhost.crt; | ||
|  |         ssl_certificate_key                  /etc/ssl/localhost.key; | ||
|  |         proxy_intercept_errors               off; | ||
|  | 
 | ||
|  |         location ^~ /.well-known { | ||
|  |             default_type "text/plain"; | ||
|  |             root                              REPLACE_SERVER_WWW_DIR/.well-known; | ||
|  |         } | ||
|  | 
 | ||
|  |         location ^~ = /favicon.ico { | ||
|  |             log_not_found                    off; | ||
|  |             access_log                       off; | ||
|  |         } | ||
|  | 
 | ||
|  |         location ^~ = /robots.txt { | ||
|  |             allow                            all; | ||
|  |             log_not_found                    off; | ||
|  |             access_log                       off; | ||
|  |         } | ||
|  | 
 | ||
|  |         location ^~ /health { | ||
|  |             default_type text/html; | ||
|  |             allow                            all; | ||
|  |             access_log                       off; | ||
|  |             return                           200 'OK'; | ||
|  |         } | ||
|  | 
 | ||
|  |         location ^~ /health/json { | ||
|  |             default_type application/json; | ||
|  |             allow                            all; | ||
|  |             access_log                       off; | ||
|  |             return                           200 '{"status":"OK"}'; | ||
|  |         } | ||
|  |          | ||
|  |         location ^~ /health/status { | ||
|  |             stub_status; | ||
|  |         } | ||
|  | 
 | ||
|  |         location ~ [^/]\.php(/|$) { | ||
|  |             fastcgi_split_path_info ^(.+?\.php)(/.*)$; | ||
|  |             if (!-f $document_root$fastcgi_script_name) { | ||
|  |                 return 404; | ||
|  |             } | ||
|  |             fastcgi_param                     HTTP_PROXY ""; | ||
|  |             fastcgi_pass                      127.0.0.1:9000; | ||
|  |             fastcgi_index                     index.php; | ||
|  |             fastcgi_param  QUERY_STRING       $query_string; | ||
|  |             fastcgi_param  REQUEST_METHOD     $request_method; | ||
|  |             fastcgi_param  CONTENT_TYPE       $content_type; | ||
|  |             fastcgi_param  CONTENT_LENGTH     $content_length; | ||
|  |             fastcgi_param  SCRIPT_NAME        $fastcgi_script_name; | ||
|  |             fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name; | ||
|  |             fastcgi_param  REQUEST_URI        $request_uri; | ||
|  |             fastcgi_param  DOCUMENT_URI       $document_uri; | ||
|  |             fastcgi_param  DOCUMENT_ROOT      $document_root; | ||
|  |             fastcgi_param  SERVER_PROTOCOL    $server_protocol; | ||
|  |             fastcgi_param  REQUEST_SCHEME     $scheme; | ||
|  |             fastcgi_param  HTTPS              $https if_not_empty; | ||
|  |             fastcgi_param  GATEWAY_INTERFACE  CGI/1.1; | ||
|  |             fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version; | ||
|  |             fastcgi_param  REMOTE_ADDR        $remote_addr; | ||
|  |             fastcgi_param  REMOTE_PORT        $remote_port; | ||
|  |             fastcgi_param  SERVER_ADDR        $server_addr; | ||
|  |             fastcgi_param  SERVER_PORT        $server_port; | ||
|  |             fastcgi_param  SERVER_NAME        $server_name; | ||
|  |             # PHP only, required if PHP was built with --enable-force-cgi-redirect | ||
|  |             fastcgi_param  REDIRECT_STATUS    200; | ||
|  | 
 | ||
|  |         } | ||
|  |         # location /cgi-bin { | ||
|  |             # root                             /usr/local/share/wwwroot/cgi-bin; | ||
|  |             # gzip off; | ||
|  |             # fastcgi_pass   unix:/var/run/fcgiwrap.socket; | ||
|  |             # fastcgi_param                     HTTP_PROXY ""; | ||
|  |             # fastcgi_param  GATEWAY_INTERFACE  CGI/1.1; | ||
|  |             # fastcgi_param  SERVER_SOFTWARE    nginx; | ||
|  |             # fastcgi_param  QUERY_STRING       $query_string; | ||
|  |             # fastcgi_param  REQUEST_METHOD     $request_method; | ||
|  |             # fastcgi_param  CONTENT_TYPE       $content_type; | ||
|  |             # fastcgi_param  CONTENT_LENGTH     $content_length; | ||
|  |             # fastcgi_param  SCRIPT_NAME        $fastcgi_script_name; | ||
|  |             # fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name; | ||
|  |             # fastcgi_param  REQUEST_URI        $request_uri; | ||
|  |             # fastcgi_param  DOCUMENT_URI       $document_uri; | ||
|  |             # fastcgi_param  DOCUMENT_ROOT      $document_root; | ||
|  |             # fastcgi_param  SERVER_PROTOCOL    $server_protocol; | ||
|  |             # fastcgi_param  REMOTE_ADDR        $remote_addr; | ||
|  |             # fastcgi_param  REMOTE_PORT        $remote_port; | ||
|  |             # fastcgi_param  SERVER_ADDR        $server_addr; | ||
|  |             # fastcgi_param  SERVER_PORT        $server_port; | ||
|  |             # fastcgi_param  SERVER_NAME        $server_name; | ||
|  | # } | ||
|  |     } | ||
|  |         include /etc/nginx/vhosts.d/*.conf; | ||
|  | } |