diff --git a/nginx.template.conf b/nginx.template.conf index 97f4357..9c17350 100644 --- a/nginx.template.conf +++ b/nginx.template.conf @@ -1,164 +1,70 @@ -# upstream php { -# server unix:/var/run/php/php8.3-fpm.sock; -# } worker_processes 5; daemon off; -worker_rlimit_nofile 8192; - events { - worker_connections 4096; # Default: 1024 + worker_connections 4096; } http { + # Include standard MIME types include $!{nginx}/conf/mime.types; - index index.html index.php index.htm; - + + # Set default type default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] $status ' - '"$request" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + + # Logging access_log /dev/stdout; error_log /dev/stdout; - sendfile on; - tcp_nopush on; - server_names_hash_bucket_size 128; # this seems to be required for some vhosts + + # Optimization + sendfile on; + tcp_nopush on; + server_names_hash_bucket_size 128; server { listen ${PORT}; listen [::]:${PORT}; server_name localhost; - + + # Set the root to the app directory root /app; - # Block access to hidden files and directories - location ~ /\. { - deny all; - } + + # KEY FIX: Add index.html to the index directive so the root loads + index index.html index.php; + + charset utf-8; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; - - index index.php; - - - # Static files for root directory + # Root location for the static landing page location / { - try_files $uri $uri/ /index.html =404; - - # Expires headers for static assets - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - } - - # No cache for HTML - location ~* \.(html)$ { - expires 0; - add_header Cache-Control "no-cache"; - } - - # No cache for data interchange - location ~* \.(json|xml|jsonld|rdf|rss|atom|geojson|topojson|vtt|webmanifest|appcache)$ { - expires 0; - add_header Cache-Control "no-cache"; - } - - # No cache for PDFs - location ~* \.(pdf)$ { - expires 0; - add_header Cache-Control "no-cache"; - } - - # 1 hour for web feeds - location ~* \.(rss|atom)$ { - expires 1h; - add_header Cache-Control "public"; - } + # Try to serve the file directly, then the directory, then 404 + try_files $uri $uri/ =404; } - # Static assets for pancake/third_party - location /pancake/third_party { - alias /app/pancake/third_party; - expires 1y; - add_header Cache-Control "public, immutable"; - - # MIME types - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur|flv|mp4|ogv|webm|swf)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - } - } - - # PHP application for /pancake with pretty URLs + # Pancake App Logic + # No 'alias' needed for static assets because they live in /app/pancake/third_party + # which matches the URI structure relative to root /app + location /pancake { - # First try to serve the requested file/directory, then fallback to index.php try_files $uri $uri/ @pancake_fallback; } - # Fallback location for Pancake pretty URLs location @pancake_fallback { - rewrite ^.*$ /pancake/index.php last; + rewrite ^ /pancake/index.php last; } - # Handle PHP files - + # PHP Processing location ~ \.php$ { + try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include $!{nginx}/conf/fastcgi_params; + # fastcgi.conf often duplicates params but is safer to include if available include $!{nginx}/conf/fastcgi.conf; } - - # Gzip compression - gzip on; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript application/atom+xml application/rss+xml application/ld+json application/manifest+json application/vnd.geo+json font/opentype image/svg+xml; - - # Security headers - add_header X-Content-Type-Options nosniff; - add_header X-UA-Compatible "IE=edge"; - - # UTF-8 encoding - charset utf-8; - - # MIME types - types { - application/atom+xml atom; - application/json json map topojson; - application/ld+json jsonld; - application/rss+xml rss; - application/vnd.geo+json geojson; - application/xml rdf xml; - application/javascript js; - application/manifest+json webmanifest; - application/x-web-app-manifest+json webapp; - text/cache-manifest appcache; - audio/mp4 f4a f4b m4a; - audio/ogg oga ogg opus; - image/bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - video/mp4 f4v f4p m4v mp4; - video/ogg ogv; - video/webm webm; - video/x-flv flv; - image/x-icon cur ico; - application/font-woff woff; - application/font-woff2 woff2; - application/vnd.ms-fontobject eot; - application/x-font-ttf ttc ttf; - font/opentype otf; - application/octet-stream safariextz; - application/x-bb-appworld bbaw; - application/x-chrome-extension crx; - application/x-opera-extension oex; - application/x-xpinstall xpi; - text/vcard vcard vcf; - text/vnd.rim.location.xloc xloc; - text/vtt vtt; - text/x-component htc; + + # Security: Deny hidden files + location ~ /\. { + deny all; } - - # Error pages - error_page 404 /404.html; } }