github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/containers/ddev-webserver/ddev-webserver-base-files/etc/nginx/sites-enabled/nginx-site-default.conf

github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/containers/ddev-webserver/ddev-webserver-base-files/etc/nginx/sites-enabled/nginx-site-default.conf (about)

     1  # ddev default config
     2  
     3  server {
     4      listen 80 default_server;
     5      listen 443 ssl default_server;
     6  
     7      root /var/www/html;
     8  
     9      ssl_certificate /etc/ssl/certs/master.crt;
    10      ssl_certificate_key /etc/ssl/certs/master.key;
    11  
    12      include /etc/nginx/monitoring.conf;
    13  
    14  
    15      index index.php index.htm index.html;
    16  
    17      # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
    18      sendfile off;
    19      error_log /dev/stdout info;
    20      access_log /var/log/nginx/access.log;
    21  
    22      location / {
    23          absolute_redirect off;
    24          try_files $uri /index.php?$query_string;
    25      }
    26  
    27      location @rewrite {
    28          # For D7 and above:
    29          # Clean URLs are handled in drupal_environment_initialize().
    30          rewrite ^ /index.php;
    31      }
    32  
    33      # pass the PHP scripts to FastCGI server listening on socket
    34      location ~ \.php$ {
    35          try_files $uri =404;
    36          fastcgi_split_path_info ^(.+\.php)(/.+)$;
    37          fastcgi_pass unix:/run/php-fpm.sock;
    38          fastcgi_buffers 16 16k;
    39          fastcgi_buffer_size 32k;
    40          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    41          fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    42          fastcgi_index index.php;
    43          include fastcgi_params;
    44          fastcgi_intercept_errors off;
    45          # fastcgi_read_timeout should match max_execution_time in php.ini
    46          fastcgi_read_timeout 10m;
    47          fastcgi_param SERVER_NAME $host;
    48          fastcgi_param HTTPS $fcgi_https;
    49      }
    50  
    51      # Expire rules for static content
    52      # Feed
    53      location ~* \.(?:rss|atom)$ {
    54          expires 1h;
    55      }
    56  
    57      # Media: images, icons, video, audio, HTC
    58      location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    59          expires 1M;
    60          access_log off;
    61          add_header Cache-Control "public";
    62      }
    63  
    64      # Prevent clients from accessing hidden files (starting with a dot)
    65      # This is particularly important if you store .htpasswd files in the site hierarchy
    66      # Access to `/.well-known/` is allowed.
    67      # https://www.mnot.net/blog/2010/04/07/well-known
    68      # https://tools.ietf.org/html/rfc5785
    69      location ~* /\.(?!well-known\/) {
    70          deny all;
    71      }
    72  
    73      # Prevent clients from accessing to backup/config/source files
    74      location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
    75          deny all;
    76      }
    77  
    78      include /etc/nginx/common.d/*.conf;
    79      include /mnt/ddev_config/nginx/*.conf;
    80  }