first commit

2025-04-06 22:48:06 +02:00 · 2025-04-06 22:48:06 +02:00 · 098f59b644
commit 098f59b644
3632 changed files with 518046 additions and 0 deletions
--- a/drupal/nginx/Dockerfile
+++ b/drupal/nginx/Dockerfile
@ -0,0 +1,8 @@
+FROM nginx:latest
+
+COPY ./nginx.conf.template /etc/nginx/nginx.conf.template
+
+ARG DOMAIN
+RUN sed 's|${DOMAIN}|'"$DOMAIN"'|g' /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+
+ENTRYPOINT ["nginx", "-g", "daemon off;"]
--- a/drupal/nginx/nginx.conf.template
+++ b/drupal/nginx/nginx.conf.template
@ -0,0 +1,66 @@
+user www-data;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log /var/log/nginx/access.log main;
+    sendfile on;
+    keepalive_timeout 65;
+    gzip on;
+
+    server {
+        listen 80;
+        server_name ${DOMAIN};
+        root /var/www/html;
+
+        location / {
+            try_files $uri /index.php$is_args$args;
+        }
+
+        location ~ \.php$ {
+            fastcgi_pass drupal-fpm:9000;
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param DOCUMENT_ROOT $document_root;
+        }
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }
+
+        location @rewrite {
+            rewrite ^ /index.php;
+        }
+
+        # Don't allow direct access to PHP files in the vendor directory
+        location ~ /vendor/.*\.php$ {
+            deny all;
+            return 404;
+        }
+
+        # Protect files and directories from prying eyes
+        location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+            deny all;
+            return 404;
+        }
+
+        # Protect .git directory
+        location ~ /\.git {
+            deny all;
+            return 404;
+        }
+    }
+}