# upstream php { # server unix:/var/run/php/php8.3-fpm.sock; # } worker_processes 5; daemon off; worker_rlimit_nofile 8192; events { worker_connections 4096; # Default: 1024 } http { include $!{nginx}/conf/mime.types; index index.html index.htm index.php; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /dev/stdout; error_log /dev/stdout; sendfile on; tcp_nopush on; server_names_hash_bucket_size 128; # this seems to be required for some vhosts server { listen ${PORT}; listen [::]:${PORT}; server_name localhost; $if(NIXPACKS_PHP_ROOT_DIR) ( root ${NIXPACKS_PHP_ROOT_DIR}; ) else ( root /app; ) # Block access to hidden files and directories location ~ /\. { deny all; } add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; index index.php; # Static files for root directory location / { try_files $uri $uri/ =404; # Expires headers for static assets location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur)$ { expires 1y; add_header Cache-Control "public, immutable"; } # No cache for HTML location ~* \.(html)$ { expires 0; add_header Cache-Control "no-cache"; } # No cache for data interchange location ~* \.(json|xml|jsonld|rdf|rss|atom|geojson|topojson|vtt|webmanifest|appcache)$ { expires 0; add_header Cache-Control "no-cache"; } # No cache for PDFs location ~* \.(pdf)$ { expires 0; add_header Cache-Control "no-cache"; } # 1 hour for web feeds location ~* \.(rss|atom)$ { expires 1h; add_header Cache-Control "public"; } } # Static assets for pancake/third_party location /pancake/third_party { alias /app/pancake/third_party; expires 1y; add_header Cache-Control "public, immutable"; # MIME types location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|bmp|webp|cur|flv|mp4|ogv|webm|swf)$ { expires 1y; add_header Cache-Control "public, immutable"; } } # PHP application for /pancake with pretty URLs location /pancake { # First try to serve the requested file/directory, then fallback to index.php try_files $uri $uri/ @pancake_fallback; } # Fallback location for Pancake pretty URLs location @pancake_fallback { rewrite ^.*$ /pancake/index.php last; } # Handle PHP files location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include $!{nginx}/conf/fastcgi_params; include $!{nginx}/conf/fastcgi.conf; } # Gzip compression gzip on; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript application/atom+xml application/rss+xml application/ld+json application/manifest+json application/vnd.geo+json font/opentype image/svg+xml; # Security headers add_header X-Content-Type-Options nosniff; add_header X-UA-Compatible "IE=edge"; # UTF-8 encoding charset utf-8; # MIME types types { application/atom+xml atom; application/json json map topojson; application/ld+json jsonld; application/rss+xml rss; application/vnd.geo+json geojson; application/xml rdf xml; application/javascript js; application/manifest+json webmanifest; application/x-web-app-manifest+json webapp; text/cache-manifest appcache; audio/mp4 f4a f4b m4a; audio/ogg oga ogg opus; image/bmp bmp; image/svg+xml svg svgz; image/webp webp; video/mp4 f4v f4p m4v mp4; video/ogg ogv; video/webm webm; video/x-flv flv; image/x-icon cur ico; application/font-woff woff; application/font-woff2 woff2; application/vnd.ms-fontobject eot; application/x-font-ttf ttc ttf; font/opentype otf; application/octet-stream safariextz; application/x-bb-appworld bbaw; application/x-chrome-extension crx; application/x-opera-extension oex; application/x-xpinstall xpi; text/vcard vcard vcf; text/vnd.rim.location.xloc xloc; text/vtt vtt; text/x-component htc; } # Error pages error_page 404 /404.html; } }