From f1b15699d00f869e1f2e54e64af8ba0e7d59bf57 Mon Sep 17 00:00:00 2001 From: Tim Bendt Date: Fri, 28 Nov 2025 23:07:40 -0500 Subject: [PATCH] update nginx --- nginx.conf | 250 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 143 insertions(+), 107 deletions(-) diff --git a/nginx.conf b/nginx.conf index d29c4c1..cb84b9b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,127 +1,163 @@ -upstream php { - server unix:/var/run/php/php8.3-fpm.sock; +# upstream php { +# server unix:/var/run/php/php8.3-fpm.sock; +# } +worker_processes 5; +daemon off; + +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; # Default: 1024 } -server { - listen 8080; - root /var/www/html; - index index.php index.html; +http { + include $!{nginx}/conf/mime.types; + index index.html index.htm index.php; - # Block access to hidden files and directories - location ~ /\. { - deny all; - } + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /dev/stdout; + error_log /dev/stdout; + sendfile on; + tcp_nopush on; + server_names_hash_bucket_size 128; # this seems to be required for some vhosts - # Static files for root directory - location / { - try_files $uri $uri/ =404; + server { + listen ${PORT}; + listen [::]:${PORT}; + server_name localhost; - # Expires headers for static assets - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur)$ { + $if(NIXPACKS_PHP_ROOT_DIR) ( + root ${NIXPACKS_PHP_ROOT_DIR}; + ) else ( + root /app; + ) + # Block access to hidden files and directories + location ~ /\. { + deny all; + } + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + + index index.php; + + charset utf-8; + + # Static files for root directory + location / { + try_files $uri $uri/ =404; + + # Expires headers for static assets + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } + + # No cache for HTML + location ~* \.(html)$ { + expires 0; + add_header Cache-Control "no-cache"; + } + + # No cache for data interchange + location ~* \.(json|xml|jsonld|rdf|rss|atom|geojson|topojson|vtt|webmanifest|appcache)$ { + expires 0; + add_header Cache-Control "no-cache"; + } + + # No cache for PDFs + location ~* \.(pdf)$ { + expires 0; + add_header Cache-Control "no-cache"; + } + + # 1 hour for web feeds + location ~* \.(rss|atom)$ { + expires 1h; + add_header Cache-Control "public"; + } + } + + # Static assets for pancake/third_party + location /pancake/third_party { + alias /var/www/html/pancake/third_party; expires 1y; add_header Cache-Control "public, immutable"; + + # MIME types + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur|flv|mp4|ogv|webm|swf)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } } - # No cache for HTML - location ~* \.(html)$ { - expires 0; - add_header Cache-Control "no-cache"; + # PHP application for /pancake + location /pancake { + try_files $uri $uri/ /pancake/index.php?$query_string; } - # No cache for data interchange - location ~* \.(json|xml|jsonld|rdf|rss|atom|geojson|topojson|vtt|webmanifest|appcache)$ { - expires 0; - add_header Cache-Control "no-cache"; + # Handle PHP files + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include $!{nginx}/conf/fastcgi_params; + include $!{nginx}/conf/fastcgi.conf; } - # No cache for PDFs - location ~* \.(pdf)$ { - expires 0; - add_header Cache-Control "no-cache"; - } + # Gzip compression + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript application/atom+xml application/rss+xml application/ld+json application/manifest+json application/vnd.geo+json font/opentype image/svg+xml; - # 1 hour for web feeds - location ~* \.(rss|atom)$ { - expires 1h; - add_header Cache-Control "public"; - } - } + # Security headers + add_header X-Content-Type-Options nosniff; + add_header X-UA-Compatible "IE=edge"; - # Static assets for pancake/third_party - location /pancake/third_party { - alias /var/www/html/pancake/third_party; - expires 1y; - add_header Cache-Control "public, immutable"; + # UTF-8 encoding + charset utf-8; # MIME types - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur|flv|mp4|ogv|webm|swf)$ { - expires 1y; - add_header Cache-Control "public, immutable"; + types { + application/atom+xml atom; + application/json json map topojson; + application/ld+json jsonld; + application/rss+xml rss; + application/vnd.geo+json geojson; + application/xml rdf xml; + application/javascript js; + application/manifest+json webmanifest; + application/x-web-app-manifest+json webapp; + text/cache-manifest appcache; + audio/mp4 f4a f4b m4a; + audio/ogg oga ogg opus; + image/bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + video/mp4 f4v f4p m4v mp4; + video/ogg ogv; + video/webm webm; + video/x-flv flv; + image/x-icon cur ico; + application/font-woff woff; + application/font-woff2 woff2; + application/vnd.ms-fontobject eot; + application/x-font-ttf ttc ttf; + font/opentype otf; + application/octet-stream safariextz; + application/x-bb-appworld bbaw; + application/x-chrome-extension crx; + application/x-opera-extension oex; + application/x-xpinstall xpi; + text/vcard vcard vcf; + text/vnd.rim.location.xloc xloc; + text/vtt vtt; + text/x-component htc; } + + # Error pages + error_page 404 /404.html; } - - # PHP application for /pancake - location /pancake { - try_files $uri $uri/ /pancake/index.php?$query_string; - } - - # Handle PHP files - location ~ \.php$ { - include fastcgi_params; - fastcgi_pass php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param HTTPS off; - } - - # Gzip compression - gzip on; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript application/atom+xml application/rss+xml application/ld+json application/manifest+json application/vnd.geo+json font/opentype image/svg+xml; - - # Security headers - add_header X-Content-Type-Options nosniff; - add_header X-UA-Compatible "IE=edge"; - - # UTF-8 encoding - charset utf-8; - - # MIME types - types { - application/atom+xml atom; - application/json json map topojson; - application/ld+json jsonld; - application/rss+xml rss; - application/vnd.geo+json geojson; - application/xml rdf xml; - application/javascript js; - application/manifest+json webmanifest; - application/x-web-app-manifest+json webapp; - text/cache-manifest appcache; - audio/mp4 f4a f4b m4a; - audio/ogg oga ogg opus; - image/bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - video/mp4 f4v f4p m4v mp4; - video/ogg ogv; - video/webm webm; - video/x-flv flv; - image/x-icon cur ico; - application/font-woff woff; - application/font-woff2 woff2; - application/vnd.ms-fontobject eot; - application/x-font-ttf ttc ttf; - font/opentype otf; - application/octet-stream safariextz; - application/x-bb-appworld bbaw; - application/x-chrome-extension crx; - application/x-opera-extension oex; - application/x-xpinstall xpi; - text/vcard vcard vcf; - text/vnd.rim.location.xloc xloc; - text/vtt vtt; - text/x-component htc; - } - - # Error pages - error_page 404 /404.html; }