-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx-on-docker-host.conf
105 lines (95 loc) · 3.64 KB
/
nginx-on-docker-host.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# To Use:
# 1. copy into your /etc/nginx/sites-available directory
# sudo cp nginx-ondocker-host.conf /etc/nginx/sites-available/moodle-docker
# 2. edit this file to replace the [variables] below, specifically
# [your domain] and [path to the local instance of your Moodle files, as listed in your Docker volume configuration]
# I usually use vim as the editor (hit ESC+: and then wq to save-and-exit)
# sudo vim /etc/nginx/sites-available/moodle-docker
# or use nano
# sudo nano /etc/nginx/sites-available/moodle-docker
# 3. link into sites-enabled
# sudo ln -sf /etc/nginx/sites-available/moodle-docker /etc/nginx/sites-enabled
# 4. check that nginx is happy with the configuration
# sudo nginx -t
# 5. if it's ok, reload your nginx configuration
# sudo service nginx reload
# 6. go to [your domain] in your browser.
#
server {
# add [IP-Address:]80 in the next line if you want to limit this to a single interface
listen 80;
server_name [your domain];
# # To enable SSL *after* you have created your Let's Encrypt certificates, remove these comment #s.
#
# root /var/www/html;
#
# # for let's encrypt renewals!
# include /etc/nginx/includes/letsencrypt.conf
#
# access_log /var/log/nginx/[your domain]_access.log
# error_log /var/log/nginx/[your domain]_error.log
#
# # redirect all HTTP traffic to HTTPS.
# location / {
# return 302 https://[your domain]$request_uri;
# }
#}
#
## This configuration assumes that there's an nginx container talking to the moodle PHP-fpm container,
## and this is a reverse proxy for that Moodle instance.
#server {
# # add [IP-Address:]443 in the next line if you want to limit this to a single interface
# listen 443 ssl;
# ssl on;
# ssl_certificate /etc/letsencrypt/live/[your domain]/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/[your domain]/privkey.pem;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# # to create this, see https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
# ssl_session_tickets off;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver_timeout 5s;
# keepalive_timeout 20s;
#
# server_name [your domain];
# # for let's encrypt renewals!
include /etc/nginx/includes/letsencrypt.conf
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/[your domain]_access.log;
error_log /var/log/nginx/[your domain]_error.log;
# default path to Moodle - from the point of view of the docker container
root /var/www/html;
index index.php index.html index.htm;
# from https://www.rosehosting.com/blog/install-moodle-on-an-ubuntu-14-04-vps-with-mariadb-php-fpm-and-nginx/
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)\$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
# see https://docs.moodle.org/33/en/Nginx
location /dataroot/ {
internal;
# ensure the path ends with /
alias [full_moodledata_path];
}
location ~ \.php\$ {
fastcgi_split_path_info ^(.+\.php)(/.+)\$;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location ~ /\.ht {
deny all;
}
}