github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/pkg/ddevapp/webserver_config_assets/nginx-site-drupal.conf (about) 1 # ddev drupal config (drupal8+) 2 3 #ddev-generated 4 # If you want to take over this file and customize it, remove the line above 5 # and ddev will respect it and won't overwrite the file. 6 # See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#custom-nginx-configuration 7 8 server { 9 listen 80 default_server; 10 listen 443 ssl default_server; 11 12 root {{ .Docroot }}; 13 14 ssl_certificate /etc/ssl/certs/master.crt; 15 ssl_certificate_key /etc/ssl/certs/master.key; 16 17 include /etc/nginx/monitoring.conf; 18 19 index index.php index.htm index.html; 20 21 # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 22 sendfile off; 23 error_log /dev/stdout info; 24 access_log /var/log/nginx/access.log; 25 26 location / { 27 absolute_redirect off; 28 try_files $uri $uri/ /index.php?$query_string; # For Drupal >= 7 29 } 30 31 location @rewrite { 32 # For D7 and above: 33 # Clean URLs are handled in drupal_environment_initialize(). 34 rewrite ^ /index.php; 35 } 36 37 # Handle image styles for Drupal 7+ 38 location ~ ^/sites/.*/files/styles/ { 39 try_files $uri @rewrite; 40 } 41 42 # pass the PHP scripts to FastCGI server listening on socket 43 location ~ '\.php$|^/update.php' { 44 fastcgi_split_path_info ^(.+\.php)(/.+)$; 45 fastcgi_pass unix:/run/php-fpm.sock; 46 fastcgi_buffers 16 16k; 47 fastcgi_buffer_size 32k; 48 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 49 fastcgi_param SCRIPT_NAME $fastcgi_script_name; 50 fastcgi_index index.php; 51 include fastcgi_params; 52 fastcgi_intercept_errors off; 53 # fastcgi_read_timeout should match max_execution_time in php.ini 54 fastcgi_read_timeout 10m; 55 fastcgi_param SERVER_NAME $host; 56 fastcgi_param HTTPS $fcgi_https; 57 } 58 59 # Expire rules for static content 60 61 # Prevent clients from accessing hidden files (starting with a dot) 62 # This is particularly important if you store .htpasswd files in the site hierarchy 63 # Access to `/.well-known/` is allowed. 64 # https://www.mnot.net/blog/2010/04/07/well-known 65 # https://tools.ietf.org/html/rfc5785 66 location ~* /\.(?!well-known\/) { 67 deny all; 68 } 69 70 # Prevent clients from accessing to backup/config/source files 71 location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { 72 deny all; 73 } 74 75 ## Regular private file serving (i.e. handled by Drupal). 76 location ^~ /system/files/ { 77 ## For not signaling a 404 in the error log whenever the 78 ## system/files directory is accessed add the line below. 79 ## Note that the 404 is the intended behavior. 80 log_not_found off; 81 access_log off; 82 expires 30d; 83 try_files $uri @rewrite; 84 } 85 86 # Media: images, icons, video, audio, HTC 87 location ~* \.(jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|webp|htc)$ { 88 try_files $uri @rewrite; 89 expires max; 90 log_not_found off; 91 } 92 93 # js and css always loaded 94 location ~* \.(js|css)$ { 95 try_files $uri @rewrite; 96 expires -1; 97 log_not_found off; 98 } 99 100 include /etc/nginx/common.d/*.conf; 101 include /mnt/ddev_config/nginx/*.conf; 102 }