From 088e1007d1737829973b93d95dc4f19f1379cb5e Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 3 Mar 2017 01:39:48 +0100 Subject: [PATCH] Update nginx.conf --- conf/nginx.conf | 102 ++++++++++++++++++++++++------------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 7e17cb5..667210b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,67 +1,68 @@ - root ROOT_PATH; - server_name https://APP_URL; +# Don't log robots.txt or favicon.ico files +location = /favicon.ico { log_not_found off; access_log off; } +location = /robots.txt { allow all; access_log off; log_not_found off; } + +location ^~ YNH_WWW_PATH { + alias YNH_WWW_FINALPATH/; + try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; + index index.php index.html index.htm; + + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + # Add headers to serve security related headers add_header "X-Frame-Options" "SAMEORIGIN"; add_header "X-XSS-Protection" "1; mode=block"; add_header "X-Content-Type-Options" "nosniff"; - index index.php index.html index.htm; - - # Don't log robots.txt or favicon.ico files - location = /favicon.ico { log_not_found off; access_log off; } - location = /robots.txt { allow all; access_log off; log_not_found off; } - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - location ~ /\.ht { + location ~ YNH_WWW_ROOTPATH/\.ht { deny all; } - location ~ /\.git { + location ~ YNH_WWW_ROOTPATH/\.git { deny all; } - location /src { + location YNH_WWW_ROOTPATH/src { deny all; } - location /gen-src { + location YNH_WWW_ROOTPATH/gen-src { deny all; } - location /files/fonts { - deny all; - } - location /files/private { - deny all; - } - location /cache { - deny all; - } - location /bin { + location YNH_WWW_ROOTPATH/files/fonts { deny all; } - location /samples { + location YNH_WWW_ROOTPATH/files/private { deny all; } - location /tests { + location YNH_WWW_ROOTPATH/cache { deny all; } - location /vendor { + location YNH_WWW_ROOTPATH/bin { deny all; } - location /conf { + location YNH_WWW_ROOTPATH/samples { deny all; } - location /logs { + location YNH_WWW_ROOTPATH/tests { + deny all; + } + location YNH_WWW_ROOTPATH/vendor { + deny all; + } + location YNH_WWW_ROOTPATH/conf { + deny all; + } + location YNH_WWW_ROOTPATH/logs { deny all; } - # Deny every non-public files in themes - location ~ /themes/(.+)\.(php|yml|twig|xlf|rzn|rzt|rzg)$ { + location ~ YNH_WWW_ROOTPATH/themes/(.+)\.(php|yml|twig|xlf|rzn|rzt|rzg)$ { deny all; } - location ~ /themes/([^/.]+)/(Resources|Command|Tests|Controllers|Entities|Form|Model|Services)/ { + location ~ YNH_WWW_ROOTPATH/themes/([^/.]+)/(Resources|Command|Tests|Controllers|Entities|Form|Model|Services)/ { deny all; } - - # Enable Expire on Themes public assets - location ~* ^/themes/*.*\.(?:ico|css|js|woff2?|eot|ttf|otf|svg|gif|jpe?g|png)$ { + location ~* ^YNH_WWW_ROOTPATH/themes/*.*\.(?:ico|css|js|woff2?|eot|ttf|otf|svg|gif|jpe?g|png)$ { expires 30d; access_log off; add_header "Pragma" "public"; @@ -77,8 +78,8 @@ add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } } - # Enable Expire on native documents files - location ~* ^/files/*.*\.(?:ico|gif|jpe?g|png)$ { + # Enable Expire on native documents files + location ~* ^YNH_WWW_ROOTPATH/files/*.*\.(?:ico|gif|jpe?g|png)$ { expires 15d; access_log off; add_header "Pragma" "public"; @@ -94,31 +95,29 @@ add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } } - - location / { + location YNH_WWW_PATH { # First attempt to serve request as file, then # as directory, then fall back to front-end controller # (do not forget to pass GET parameters). - try_files $uri $uri/ /index.php?$query_string; + try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; } - - location ~ /install.php/ { - try_files $uri $uri/ /install.php?$query_string; + location ~ YNH_WWW_ROOTPATH/install.php/ { + try_files $uri $uri/ YNH_WWW_ROOTAPP/install.php?$query_string; } - location ~ /dev.php/ { - try_files $uri $uri/ /dev.php?$query_string; + location ~ YNH_WWW_ROOTPATH/dev.php/ { + try_files $uri $uri/ YNH_WWW_ROOTAPP/dev.php?$query_string; } - location ~ /preview.php/ { - try_files $uri $uri/ /preview.php?$query_string; + location ~ YNH_WWW_ROOTPATH/preview.php/ { + try_files $uri $uri/ YNH_WWW_ROOTAPP/preview.php?$query_string; } - location ~ /clear_cache.php/ { - try_files $uri $uri/ /clear_cache.php?$query_string; + location ~ YNH_WWW_ROOTPATH/clear_cache.php/ { + try_files $uri $uri/ YNH_WWW_ROOTAPP/clear_cache.php?$query_string; } # # Production entry point. # - location ~ ^/index\.php(/|$) { + location ~ ^YNH_WWW_ROOTPATH/index\.php(/|$) { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini @@ -136,7 +135,7 @@ # # In production server, don't deploy dev.php or install.php # - location ~ ^/(dev|install|preview|clear_cache)\.php(/|$) { + location ~ ^YNH_WWW_ROOTPATH/(dev|install|preview|clear_cache)\.php(/|$) { # Enforce OPCache PHP class cache invalidation at each request #fastcgi_param PHP_VALUE "opcache.revalidate_freq=0"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; @@ -146,3 +145,4 @@ fastcgi_pass unix:/var/run/php5-fpm.sock; include fastcgi_params; } +}