default.conf 2.11 KB
Newer Older
Dave Lane's avatar
Dave Lane committed
1
server {
2
    listen 0.0.0.0:80;
Dave Lane's avatar
Dave Lane committed
3 4 5 6 7 8 9 10 11 12 13
    index index.html index.php;

    ## Web root and Domain Name
    root /var/www/html;
    server_name default;

    ## Begin - Index
    # for subfolders, simply adjust the rewrite:
    # to use `/subfolder/index.php`
    location / {
        try_files $uri $uri/ /index.php?$query_string;
Dave Lane's avatar
Dave Lane committed
14
        #try_files $uri $uri/ /index.php;
Dave Lane's avatar
Dave Lane committed
15 16 17
    }
    ## End - Index

Dave Lane's avatar
Dave Lane committed
18 19 20 21 22 23 24 25 26 27 28 29
    ## Begin - Security
    # deny all direct access for these folders
    location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
    ## End - Security

    ## Begin - PHP
Dave Lane's avatar
Dave Lane committed
30 31
    location ~ \.php$ {
        # Choose either a socket or TCP/IP address
Dave Lane's avatar
Dave Lane committed
32
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
Dave Lane's avatar
Dave Lane committed
33 34 35 36 37 38 39
        fastcgi_pass app:9000;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
Dave Lane's avatar
Dave Lane committed
40
    client_max_body_size 100m;
41
<<<<<<< HEAD
Dave Lane's avatar
Dave Lane committed
42
 
Dave Lane's avatar
Dave Lane committed
43 44
    ## Begin - Security
    # deny all direct access for these folders
45
    location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
Dave Lane's avatar
Dave Lane committed
46 47 48 49 50
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
51
    location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
Dave Lane's avatar
Dave Lane committed
52
    ## End - Security
53
=======
Dave Lane's avatar
Dave Lane committed
54
    ## End - PHP
55
>>>>>>> 55ff8f1fcedb9b67997ba36bc88ccd2bdae35535
Dave Lane's avatar
Dave Lane committed
56
 }