default.conf 1.34 KB
Newer Older
Dave Lane's avatar
Dave Lane committed
1
server {
2
    listen 0.0.0.0:80;
Dave Lane's avatar
Dave Lane committed
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
    index index.html index.php;

    ## Web root and Domain Name
    root /var/www/html;
    server_name default;

    ## Begin - Index
    # for subfolders, simply adjust the rewrite:
    # to use `/subfolder/index.php`
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    ## End - Index

    ## Begin - PHP-FPM Configuration
    location ~ \.php$ {
        # Choose either a socket or TCP/IP address
        fastcgi_pass app:9000;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
    ## End - PHP

Dave Lane's avatar
Dave Lane committed
29 30
    client_max_body_size 100m;
 
Dave Lane's avatar
Dave Lane committed
31 32
    ## Begin - Security
    # deny all direct access for these folders
33
    location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
Dave Lane's avatar
Dave Lane committed
34 35 36 37 38
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
39
    location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
Dave Lane's avatar
Dave Lane committed
40 41
    ## End - Security
 }