66 lines
1.9 KiB
Text
66 lines
1.9 KiB
Text
user www-data;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log warn;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log /var/log/nginx/access.log main;
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
gzip on;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name ${DOMAIN};
|
|
root /var/www/html;
|
|
|
|
location / {
|
|
try_files $uri /index.php$is_args$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_pass drupal-fpm:9000;
|
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
}
|
|
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
|
try_files $uri @rewrite;
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
location @rewrite {
|
|
rewrite ^ /index.php;
|
|
}
|
|
|
|
# Don't allow direct access to PHP files in the vendor directory
|
|
location ~ /vendor/.*\.php$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Protect files and directories from prying eyes
|
|
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Protect .git directory
|
|
location ~ /\.git {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
}
|
|
}
|