Simple example on how to update the php-fpm.conf file for a Symfony application.
It should be used for the kickoff-docker-php.
Last active
September 11, 2018 06:29
-
-
Save gulien/64d8c94c5d0e294ac121ea810794757e to your computer and use it in GitHub Desktop.
kickoff-docker-php - NGINX configuration blueprint for a Symfony application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # add this line on top of the stack of the command "nginx-build". | |
| - orbit generate -t modules/nginx/conf.d/php-fpm.blueprint.conf -o modules/nginx/conf.d/php-fpm.conf -e Config,config/.env {{ if debug }}-d{{ end }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name _; | |
| charset utf-8; | |
| root /var/www/html/web; | |
| # Uploads to 100M | |
| client_max_body_size 100m; | |
| location / { | |
| {{- if eq "local" .EnvFiles.Config.ENV }} | |
| try_files $uri /app_dev.php$is_args$args; | |
| {{- else }} | |
| try_files $uri /app.php$is_args$args; | |
| {{- end }} | |
| } | |
| ## Begin - Security | |
| # don't send the nginx version number in error pages and Server header | |
| server_tokens off; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; style-src 'self' fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'none'; object-src 'self'; connect-src 'self'"; | |
| # deny all direct access for these folders | |
| location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; } | |
| # deny running scripts inside core vendor folder | |
| location ~* /(vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } | |
| # deny access to specific files in the root folder | |
| location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; } | |
| ## End - Security | |
| ## Begin - PHP | |
| {{- if eq "local" .EnvFiles.Config.ENV }} | |
| location ~ ^/(app_dev|config)\.php(/|$) { | |
| fastcgi_pass php-fpm:9000; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; | |
| fastcgi_param DOCUMENT_ROOT $realpath_root; | |
| } | |
| {{- else }} | |
| location ~ ^/app\.php(/|$) { | |
| fastcgi_pass php-fpm:9000; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; | |
| fastcgi_param DOCUMENT_ROOT $realpath_root; | |
| internal; | |
| } | |
| {{- end }} | |
| location ~ \.php$ { return 404; } | |
| ## End - PHP | |
| location ~* ^.+\.(ico|js|gif|jpg|jpeg|png|bmp)$ { | |
| expires 30d; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This gist fails as it is, in order to make it work:
Change the first orbit build definition:
orbit generate -f modules/nginx/conf.d/php-fpm.blueprint.conf -o modules/nginx/conf.d/php-fpm.conf {{ if debug }}-d{{ end }}This is changing
-tflag for-fand removing-e Config,config/.enventirelyIn the blueprint file: