castopod/docker/production/web-server/nginx.template.conf

worker_processes auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    keepalive_timeout  65;

    set_real_ip_from  10.0.0.0/8;
    set_real_ip_from  172.16.0.0/12;
    set_real_ip_from  192.168.0.0/16;
    real_ip_header    X-Real-IP;

    upstream php-handler {
        server $CP_APP_HOSTNAME:9000;
    }

    server {
        listen 80;

        root /var/www/html;

        server_tokens off;
        add_header X-Frame-Options sameorigin always;
        add_header Permissions-Policy interest-cohort=();
        add_header X-Content-Type-Options nosniff;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";
        client_max_body_size $CP_MAX_BODY_SIZE;
        client_body_timeout ${CP_TIMEOUT}s;

        fastcgi_buffers 64 4K;

        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_types application/atom+xml application/javascript application/rss+xml image/bmp image/svg+xml image/x-icon text/css text/plain text/html;

        try_files $uri $uri/ /index.php?$args;
        index index.php index.html;

        location ~ \.php$ {
            include fastcgi_params;
            fastcgi_intercept_errors on;
            fastcgi_index index.php;
            fastcgi_param SERVER_NAME $host;
            fastcgi_pass php-handler;            
            fastcgi_param SCRIPT_FILENAME /opt/castopod/public/$fastcgi_script_name;
            try_files $uri =404;
            fastcgi_read_timeout 3600;
            fastcgi_send_timeout 3600;            
        }

        location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
            add_header Access-Control-Allow-Origin "*";
            expires max;
            access_log off;
        }

    }
}