external-repos/pictshare
1
0
Fork 0
mirror of https://github.com/HaschekSolutions/pictshare.git synced 2025-11-11 18:56:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
pictshare/docker/rootfs/nginx.conf
Christian Haschek 3ee37fe3a2 updates that make life easier on ARM or low memory devices
2021-11-20 23:08:47 +01:00

73 lines
2.4 KiB
Nginx Configuration File
Raw Permalink Blame History

server {
listen 80 default_server;
set $base /var/www;
root /var/www/;
index index.php;
client_max_body_size 50M;
location / {
try_files $uri $uri/ /index.php?url=$request_uri;
}
location ~ /(data|tmp|bin|content-controllers|inc|interfaces|storage-controllers|templates|tools|docker) {
deny all;
return 404;
}
# logging
access_log /var/log/nginx/pictshare/access.log;
error_log /var/log/nginx/pictshare/error.log warn;
location ~ \.php$ {
# 404
try_files $fastcgi_script_name =404;
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0; # caching files to disk while uploading. this will help low-memory devices
fastcgi_read_timeout 1d; # we set the timeout to 1 day so big uploads and have enough time to be delivered
fastcgi_send_timeout 1d; # it's especially important if you want to use storage controllers like S3 or FTP
fastcgi_request_buffering off; # disabbling buffering which will send the uploaded data right to PHP
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
}
location /favicon.ico {
log_not_found off;
}
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
access_log off;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
}
Reference in New Issue View Git Blame Copy Permalink