From a13cbb2ab6df6e75443133f7c7eee190c4ce03f4 Mon Sep 17 00:00:00 2001 From: Nick Schuch Date: Thu, 11 Mar 2021 20:52:11 +1000 Subject: [PATCH] Use fastcgi include for Nginx development container --- nginx/dev/Dockerfile | 2 +- nginx/dev/default.conf | 144 ------------------------------------- nginx/dev/fastcgi_dev.conf | 10 +++ 3 files changed, 11 insertions(+), 145 deletions(-) delete mode 100644 nginx/dev/default.conf create mode 100644 nginx/dev/fastcgi_dev.conf diff --git a/nginx/dev/Dockerfile b/nginx/dev/Dockerfile index ae10e82..caf83d5 100644 --- a/nginx/dev/Dockerfile +++ b/nginx/dev/Dockerfile @@ -1,3 +1,3 @@ FROM skpr/nginx:1.x -ADD default.conf /etc/nginx/conf.d/default.conf \ No newline at end of file +ADD fastcgi_dev.conf /etc/nginx/overrides.d/fastcgi/dev.conf diff --git a/nginx/dev/default.conf b/nginx/dev/default.conf deleted file mode 100644 index 337f03e..0000000 --- a/nginx/dev/default.conf +++ /dev/null @@ -1,144 +0,0 @@ -map $http_cloudfront_forwarded_proto $cloudfront_proto { - default "http"; - https "https"; -} - -map $http_cloudfront_forwarded_proto $cloudfront_https { - default "off"; - https "on"; -} - -map $http_cloudfront_forwarded_proto $strict_transport_security { - default ""; - https "max-age=31536000"; -} - -map $host$uri $redirectdomain { - include /etc/nginx/redirects.conf; -} - -include /etc/nginx/conf.d/http.conf; - -server { - listen 8080; - - root /data/app; - - if ($redirectdomain) { - return 301 $redirectdomain; - } - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.log$ { - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location ~* ^/(\.well-known/)?apple-app-site-association { - default_type application/json; - } - - location ~* ^/.well-known/ { - allow all; - } - - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri /index.php?$query_string; - } - - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - # Protect files and directories from prying eyes. - location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { - deny all; - return 404; - } - - # https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx - add_header Strict-Transport-Security $strict_transport_security; - - location = /index.php { - fastcgi_pass localhost:9000; - - if ($cookie_XDEBUG_SESSION){ - fastcgi_pass localhost:9001; - } - - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - include fastcgi_params; - fastcgi_param HTTP_PROXY ""; # Block httpoxy attacks. See https://httpoxy.org/. - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param HTTP_REFERER $http_referer; - fastcgi_param HTTP_X_FORWARDED_PROTO $cloudfront_proto; - fastcgi_param HTTPS $cloudfront_https; - fastcgi_intercept_errors on; - fastcgi_read_timeout 300; - - # Bump the buffer size to accomodate large headers on local environments. - fastcgi_buffers 16 16k; - fastcgi_buffer_size 16k; - } - - # Blocks all other PHP files. - location ~* ^.+\.php$ { - return 403; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - expires max; - log_not_found off; - } - - location /readyz { - return 200 'Ready!'; - add_header Content-Type text/plain; - } - - # Default security configuration which can be overridden. - include /etc/nginx/conf.d/security.conf; - - # Allows for application specific configuration eg. Content-Security-Policy - include /etc/nginx/overrides.d/*.conf; -} diff --git a/nginx/dev/fastcgi_dev.conf b/nginx/dev/fastcgi_dev.conf new file mode 100644 index 0000000..9e14e09 --- /dev/null +++ b/nginx/dev/fastcgi_dev.conf @@ -0,0 +1,10 @@ +fastcgi_pass localhost:9000; + +# Route to a separate container with xdebug enabled. +if ($cookie_XDEBUG_SESSION){ + fastcgi_pass localhost:9001; +} + +# Bump the buffer size to accomodate large headers on local environments. +fastcgi_buffers 16 16k; +fastcgi_buffer_size 16k;