forked from tobru/piwik-openshift
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
136 lines (115 loc) · 3.96 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# user www-data;
worker_processes 1;
error_log /dev/stdout info;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
upstream php-handler {
server localhost:9000;
}
server {
listen *:8080 default_server;
listen [::]:8080 default_server;
server_name _;
access_log /dev/stdout;
# Docker default IP range
set_real_ip_from 172.16.0.0/12;
real_ip_header X-Forwarded-For;
# Path to the root of your installation
root /var/www/html/;
index index.php;
## Try all locations and relay to index.php as a fallback.
location / {
location ~* ^.+\.(?:css|gif|html?|jpe?g|js|png|swf)$ {
expires max;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=500 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
## Do not serve HTML files from the /tmp folder.
location ~* ^/tmp/.*\.html?$ {
return 404;
}
## Redirect to the root if attempting to access a txt file.
location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ {
return 404;
}
## Disallow access to several helper files.
location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
return 404;
}
try_files $uri /index.php?$query_string;
}
## Support for favicon. Return a 1x1 transparent GIF it it doesn't
## exist. doesn't exist.
location = /favicon.ico {
try_files /favicon.ico @empty;
}
location @empty {
empty_gif;
}
## Relay all index.php requests to fastcgi.
location = /index.php {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
## cache ui for 5m (set the same interval of your crontab)
#include apps/piwik/fcgi_piwik_cache.conf;
}
## Relay all piwik.php requests to fastcgi.
location = /piwik.php {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
#include apps/piwik/fcgi_piwik_long_cache.conf;
}
## Any other attempt to access PHP files returns a 404.
location ~* ^.+\.php$ {
return 404;
}
## No crawling of this site for bots that obey robots.txt.
location = /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
# includeSubDomains; preload;";
#
}
}