f8b8f53d54
- Add Next.js frontend service (nextjs) with Dockerfile and source - Update docker-compose.yml: image names, Drupal 11.3.3, nextjs service - Add docker-compose.override.yml.disabled for dev hot-reload - Add install-headless-modules.sh for OAuth/JSON:API module setup - Add README.md with full setup and configuration guide - Update nginx/Dockerfile and nginx.conf.template for cms. subdomain - Update drupal/Dockerfile PHP-FPM build args - Gitignore **/.vscode/ to prevent IDE workspace files from being tracked
77 lines
2.3 KiB
Text
77 lines
2.3 KiB
Text
user www-data;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log warn;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log /var/log/nginx/access.log main;
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
gzip on;
|
|
|
|
# Increase client body size for file uploads.
|
|
client_max_body_size 64M;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name cms.${DOMAIN};
|
|
root /var/www/html;
|
|
|
|
# JSON:API endpoint caching headers.
|
|
location /jsonapi {
|
|
try_files $uri /index.php$is_args$args;
|
|
add_header Cache-Control "public, max-age=60";
|
|
add_header X-Content-Type-Options nosniff;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri /index.php$is_args$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_pass drupal-fpm:9000;
|
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_read_timeout 120;
|
|
}
|
|
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
try_files $uri @rewrite;
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
location @rewrite {
|
|
rewrite ^ /index.php;
|
|
}
|
|
|
|
# Don't allow direct access to PHP files in the vendor directory.
|
|
location ~ /vendor/.*\.php$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Protect files and directories from prying eyes.
|
|
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# Protect .git directory.
|
|
location ~ /\.git {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
}
|
|
}
|