# Default nginx configuration user root; worker_processes auto; daemon off; error_log /data/logs/nginx/nginx.log warn; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type "text/html"; access_log /data/logs/nginx/access.REPLACE_SERVER_NAME.log; sendfile on; keepalive_timeout 65; gzip on; map $http_upgrade $connection_upgrade { default upgrade; '' close; } disable_symlinks off; root REPLACE_SERVER_WWW_DIR; server { listen REPLACE_SERVER_PORT; server_name REPLACE_SERVER_NAME; root REPLACE_SERVER_WWW_DIR; index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; proxy_intercept_errors off; location = /favicon.ico { alias /usr/local/share/wwwroot/favicon.ico; log_not_found off; access_log off; } location = /robots.txt { alias /usr/local/share/wwwroot/robots.txt; allow all; log_not_found off; access_log off; } location ^~ /.well-known { default_type "text/plain"; root /usr/local/share/wwwroot/.well-known; } location ^~ /health { default_type "text/plain"; allow all; access_log off; root /usr/local/share/wwwroot/health; } location ^~ /health/txt { default_type application/json; allow all; access_log off; return 200 'ok'; } location ^~ /health/json { default_type application/json; allow all; access_log off; return 200 '{"status":"OK"}'; } location ^~ /health/status { stub_status; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_param HTTP_PROXY ""; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; } # location /cgi-bin { # root /usr/local/share/wwwroot/cgi-bin; # gzip off; # fastcgi_pass unix:/var/run/fcgiwrap.socket; # fastcgi_param HTTP_PROXY ""; # fastcgi_param GATEWAY_INTERFACE CGI/1.1; # fastcgi_param SERVER_SOFTWARE nginx; # fastcgi_param QUERY_STRING $query_string; # fastcgi_param REQUEST_METHOD $request_method; # fastcgi_param CONTENT_TYPE $content_type; # fastcgi_param CONTENT_LENGTH $content_length; # fastcgi_param SCRIPT_NAME $fastcgi_script_name; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param REQUEST_URI $request_uri; # fastcgi_param DOCUMENT_URI $document_uri; # fastcgi_param DOCUMENT_ROOT $document_root; # fastcgi_param SERVER_PROTOCOL $server_protocol; # fastcgi_param REMOTE_ADDR $remote_addr; # fastcgi_param REMOTE_PORT $remote_port; # fastcgi_param SERVER_ADDR $server_addr; # fastcgi_param SERVER_PORT $server_port; # fastcgi_param SERVER_NAME $server_name; # } } include /etc/nginx/vhosts.d/*.conf; }