H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
823c304cc25fe709e12ef0291a5a3f5cbb9fda1c
Open-RSC-Docker-Home/etc/nginx/default.template.conf
Marwolf 823c304cc2 Attempting to correct various issues
2018-07-27 12:36:07 -04:00

146 lines
4.2 KiB
Plaintext
Executable File
Raw Blame History

# Nginx configuration
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
upstream dev_tomcat_1 {
server tomcat;
}
# Website and PHPBB forum over HTTP
server {
listen 80 default_server;
listen [::]:80 default_server;
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
gzip_comp_level 6;
server_name ${NGINX_HOST};
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
index index.php index.html index.htm index.jsp;
location ~ /\.ht {
deny all;
}
# Block empty folder access
location / {
try_files $uri $uri/ =404;
}
# Instructs visitor browser to cache files for 1 month
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1M;
}
# Tomcat
location ~ \.(do|jspa|obr|jsp) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8082;
}
# PHPBB forum
location /board {
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# Correctly pass scripts for PHPBB installer usage
location /install/ {
try_files $uri $uri/ @rewrite_installapp;
location ~ \.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /board/install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
# # Redirect to HTTPS
# location / {
# rewrite ^ https://$host$request_uri? permanent;
# }
# Certbot for HTTPS cert renewal
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
#HTTPS
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name ${NGINX_HOST};
# ssl on;
# add_header Strict-Transport-Security "max-age=31536000" always;
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_prefer_server_ciphers on;
# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.8.8 1.1.1.1;
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
# index index.php index.html index.jsp;
# error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log;
# root /var/www/html/public;
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass php:9000;
# fastcgi_index index.php;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# }
#}
Reference in New Issue View Git Blame Copy Permalink