default.conf

user www-data;
worker_processes auto;
daemon off;

error_log /var/log/nginx/error.log;
error_log stderr;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    # Maps to exclude successful Docker health checks from stdout
    map $remote_addr $loggable_ip {
        127.0.0.1 "";
        default 1;
    }
    map $status $loggable_status {
        200 "";
        default 1;
    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    access_log  /dev/stdout  main if=$loggable_status$loggable_ip;

    sendfile        on;
    keepalive_timeout  65;

    # By default, if the processing of images takes more than 60s,
    # a 504 Gateway timeout occurs, so we increase the timeout here
    # to allow procesing of large images or when multiple images are
    # being processed at the same time. We set max_execution_time
    # below to the same value.
    fastcgi_read_timeout 3600;

    # We also set the send timeout since this can otherwise also cause
    # issues with slow connections
    fastcgi_send_timeout 3600;

    gzip  on;

    server {
        root /var/www/html/Lychee/public;
        listen       80;
        server_name  localhost;
        client_max_body_size 100M;
        
        # serve static files directly
        location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
            access_log off;
            expires max;
            log_not_found off;
        }

        # removes trailing slashes (prevents SEO duplicate content issues)
        if (!-d $request_filename)
        {
            rewrite ^/(.+)/$ /$1 permanent;
        }

        # If the request is not for a valid file (image, js, css, etc.), send to bootstrap
        if (!-e $request_filename)
        {
            rewrite ^/(.*)$ /index.php?/$1 last;
            break;
        }

        location / {
            index  index.php
            try_files $uri $uri/ /index.php?$query_string;
        }

        # Serve /index.php through PHP
        location = /index.php {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;

            try_files $uri $document_root$fastcgi_script_name =404;

            # Mitigate https://httpoxy.org/ vulnerabilities
            fastcgi_param HTTP_PROXY "";

            fastcgi_pass unix:/run/php/php8.2-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PHP_VALUE "post_max_size=100M
                max_execution_time=3600
                upload_max_filesize=100M
                memory_limit=256M";
            fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
            include fastcgi_params;
        }

        # Deny access to other .php files, rather than exposing their contents
        location ~ [^/]\.php(/|$) {
            return 403;
        }
    }

    include /etc/nginx/conf.d/*.conf;
}