working updated Grav with new nginx recipe

nginx/Dockerfile

+FROM debian
+
+# Forked from:
+# MAINTAINER Real Geeks "kevin@realgeeks.com"
+# MAINTAINER Eric McNiece "hello@emc2innovation.com"
+MAINTAINER Dave Lane <dave@davelane.nz> @lightweight@mastodon.nzoss.nz
+
+ENV NGINX_VERSION=1.13.7
+ENV NGX_CACHE_PURGE_VERSION=2.3
+
+# Install basic packages and build tools
+RUN apt-get update && apt-get install -y \
+    wget \
+    build-essential \
+    libssl-dev \
+    libpcre3 \
+    libpcre3-dev \
+    && apt-get clean
+
+# Get sources
+RUN cd /tmp && wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz http://labs.frickle.com/files/ngx_cache_purge-$NGX_CACHE_PURGE_VERSION.tar.gz && \
+    tar -zxvf nginx-$NGINX_VERSION.tar.gz && mv nginx-$NGINX_VERSION nginx && rm nginx-$NGINX_VERSION.tar.gz && \
+    tar -zxvf ngx_cache_purge-$NGX_CACHE_PURGE_VERSION.tar.gz && mv ngx_cache_purge-$NGX_CACHE_PURGE_VERSION ngx_cache_purge && rm ngx_cache_purge-$NGX_CACHE_PURGE_VERSION.tar.gz
+
+# get build dependencies
+RUN apt-get install -y \
+    libgeoip-dev zlib1g-dev
+
+# Configure and build software
+RUN cd /tmp/nginx && ./configure \
+    --user=www-data \
+    --group=www-data \
+    --sbin-path=/usr/local/sbin \
+    --conf-path=/etc/nginx/nginx.conf \
+    --error-log-path=/var/log/nginx/error.log \
+    --http-log-path=/var/log/nginx/access.log \
+    --http-client-body-temp-path=/var/cache/nginx/client_temp \
+    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+    --with-compat \
+    --with-file-aio \
+    --with-http_addition_module \
+    --with-http_gzip_static_module \
+    --with-http_ssl_module \
+	--with-http_geoip_module \
+    --with-http_flv_module \
+	--with-http_sub_module \
+	--with-http_realip_module \
+	--with-http_dav_module \
+	--with-http_gunzip_module \
+    --with-http_random_index_module \
+	--with-http_secure_link_module \
+    --with-http_auth_request_module \
+	--without-http_ssi_module \
+	--with-threads \
+	--with-stream \
+	--with-stream_ssl_module \
+	--with-http_v2_module \
+	--with-ipv6 \
+    --without-mail_pop3_module \
+    --without-mail_imap_module \
+    --without-mail_smtp_module \
+    --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
+    --add-module=/tmp/ngx_cache_purge && \
+    make && make install
+# userful resource https://gist.github.com/ealebed/a55170049830b75c0f339ea4e8d6d21b
+
+# Install basic necessities
+RUN apt-get install -y \
+    less \
+    dnsutils \
+    vim \
+    sudo \
+    telnet \
+    && apt-get clean
+
+# Copy configuration files into /etc/nginx and clean up config file to point to
+# correct root
+RUN mkdir /var/www && \
+    mv /usr/local/nginx/html /var/www/html && \
+    chown -R www-data:www-data /var/www/html && \
+    mkdir -p /etc/nginx/conf.d
+
+# set up a known good nginx.conf 
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Forward request and error logs to docker log collector
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log \
+    ls /var/www \
+    ln -sf /usr/local/nginx /var/www 
+
+VOLUME ["/etc/nginx/conf.d", "/var/www/html", "/var/cache/nginx"]
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]

nginx/conf.d/default.conf

+server {
+    listen 0.0.0.0:80;
+    index index.html index.php;
+
+    ## Web root and Domain Name
+    root /var/www/html;
+    server_name default;
+
+    ## Begin - Index
+    # for subfolders, simply adjust the rewrite:
+    # to use `/subfolder/index.php`
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+        #try_files $uri $uri/ /index.php;
+    }
+    ## End - Index
+
+    ## Begin - Security
+    # deny all direct access for these folders
+    location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
+    # deny running scripts inside core system folders
+    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny running scripts inside user folder
+    location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny access to specific files in the root folder
+    location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
+    ## End - Security
+
+    ## Begin - PHP
+    location ~ \.php$ {
+        # Choose either a socket or TCP/IP address
+        #fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass app:9000;
+
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+    }
+    client_max_body_size 100m;
+ 
+    ## Begin - Security
+    # deny all direct access for these folders
+    location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
+    # deny running scripts inside core system folders
+    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny running scripts inside user folder
+    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny access to specific files in the root folder
+    location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
+    ## End - Security
+ }

nginx/nginx.conf

+user www-data;
+worker_processes  1;
+error_log  /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+    include /etc/nginx/conf.d/*.conf;
+}