github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/pkg/ddevapp/webserver_config_assets/nginx-site-backdrop.conf (about) 1 # ddev backdrop config 2 3 #ddev-generated 4 # If you want to take over this file and customize it, remove the line above 5 # and ddev will respect it and won't overwrite the file. 6 # See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#custom-nginx-configuration 7 8 server { 9 listen 80 default_server; 10 listen 443 ssl default_server; 11 12 root {{ .Docroot }}; 13 14 ssl_certificate /etc/ssl/certs/master.crt; 15 ssl_certificate_key /etc/ssl/certs/master.key; 16 17 include /etc/nginx/monitoring.conf; 18 19 index index.php index.htm index.html; 20 21 # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 22 sendfile off; 23 error_log /dev/stdout info; 24 access_log /var/log/nginx/access.log; 25 26 location / { 27 absolute_redirect off; 28 try_files $uri $uri/ /index.php?$query_string; # For Drupal >= 7 29 } 30 31 location @rewrite { 32 # For D7 and above: 33 # Clean URLs are handled in drupal_environment_initialize(). 34 rewrite ^ /index.php; 35 } 36 37 # Handle image styles for Backdrop 38 location ~ ^/files/styles/ { 39 try_files $uri @rewrite; 40 } 41 42 # pass the PHP scripts to FastCGI server listening on socket 43 location ~ \.php$ { 44 try_files $uri =404; 45 fastcgi_split_path_info ^(.+\.php)(/.+)$; 46 fastcgi_pass unix:/run/php-fpm.sock; 47 fastcgi_buffers 16 16k; 48 fastcgi_buffer_size 32k; 49 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 50 fastcgi_param SCRIPT_NAME $fastcgi_script_name; 51 fastcgi_index index.php; 52 include fastcgi_params; 53 fastcgi_intercept_errors off; 54 # fastcgi_read_timeout should match max_execution_time in php.ini 55 fastcgi_read_timeout 10m; 56 fastcgi_param SERVER_NAME $host; 57 fastcgi_param HTTPS $fcgi_https; 58 } 59 60 # Expire rules for static content 61 62 # Prevent clients from accessing hidden files (starting with a dot) 63 # This is particularly important if you store .htpasswd files in the site hierarchy 64 # Access to `/.well-known/` is allowed. 65 # https://www.mnot.net/blog/2010/04/07/well-known 66 # https://tools.ietf.org/html/rfc5785 67 location ~* /\.(?!well-known\/) { 68 deny all; 69 } 70 71 # Prevent clients from accessing to backup/config/source files 72 location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { 73 deny all; 74 } 75 76 ## Regular private file serving (i.e. handled by Backdrop). 77 location ^~ /system/files/ { 78 ## For not signaling a 404 in the error log whenever the 79 ## system/files directory is accessed add the line below. 80 ## Note that the 404 is the intended behavior. 81 log_not_found off; 82 access_log off; 83 expires 30d; 84 try_files $uri @rewrite; 85 } 86 87 # Media: images, icons, video, audio, HTC 88 location ~* \.(jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|webp|htc)$ { 89 try_files $uri @rewrite; 90 expires max; 91 log_not_found off; 92 } 93 94 # js and css always loaded 95 location ~* \.(js|css)$ { 96 try_files $uri @rewrite; 97 expires -1; 98 log_not_found off; 99 } 100 include /etc/nginx/common.d/*.conf; 101 include /mnt/ddev_config/nginx/*.conf; 102 }