forked from mautic/docker-mautic
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnginx-fpm.conf
166 lines (145 loc) · 4.85 KB
/
nginx-fpm.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# some details from https://www.mautic.org/community/index.php/2680-installation-with-nginx/0
# and see https://gist.github.com/that0n3guy/905c812c0f65e7ffb5ec#file-gistfile1-txt-L44
#
server {
listen 0.0.0.0:80;
server_name [mautic_domain];
# for let's encrypt renewals!
location /.well-known {
default_type text/plain;
}
## to enable SSL, uncomment the following
# # redirect all HTTP traffic to HTTPS.
# location / {
# return 302 https://[mautic_domain]$request_uri;
# }
#}
## This configuration assumes that there's an nginx container talking to the mautic PHP-fpm container,
## and this is a reverse proxy for that Mautic instance.
#server {
# listen 443 ssl;
# ssl on;
# ssl_certificate /etc/letsencrypt/live/[mautic_domain]/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/[mautic_domain]/privkey.pem;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# # to create this, see https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
#
# keepalive_timeout 20s;
#
# server_name [mautic_domain];
#
# access_log /var/log/nginx/mautic.oeru.org_access.log;
# error_log /var/log/nginx/mautic.oeru.org_error.log;
# default path to Mautic - from the point of view of the docker container
root /var/www/html;
index index.php index.html index.htm;
# for let's encrypt renewals!
location /.well-known {
default_type text/plain;
}
# redirect index.php to root
rewrite ^/index.php/(.*) /$1 permanent;
# redirect some entire folders
rewrite ^/(vendor|translations|build)/.* /index.php break;
# everything else goes through here!
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
# the path is from perspective of PHP-FPM container
try_files $uri /index.php$is_args$args;
}
#location ~* .(eot|otf|ttf|woff|woff2)$ {
# add_header Access-Control-Allow-Origin *;
#}
# Solve email tracking mautic
location ~ email/(.*).gif { try_files $uri /index.php?$args; }
# Solve JS Loading 404 Error
location ~ form/(.*).js {
try_files $uri /index.php?$args;
add_header Access-Control-Allow-Origin *;
}
location ~ emails/(.*).js {
try_files $uri /index.php?$args;
add_header Access-Control-Allow-Origin *;
}
# Solve Form processing 403 Error
location ~ /form/submit?(.*) {
try_files $uri /index.php?$args;
add_header Access-Control-Allow-Origin *;
}
# allow access to Assets folder in bundles
location ~ /app/bundles/.*/Assets/ {
# path to assets from nginx perspective
root [path/to/mautic];
allow all;
}
#
# Get static assets... path from perspective of Docker host!!
#
# allow access to assets like js, css, or images
location ~* /(.*)\.(?:js|css|jpg|png|gif|ps|eot|otf|ttf|woff|woff2)$ {
# path to assets from nginx perspective
root /home/data/mautic/html;
allow all;
}
# Deny everything else in /app folder except Assets folder in bundles
location ~ /app/ { deny all; }
#
# end static assets
# Deny everything else in /addons or /plugins folder except Assets folder in bundles
location ~ /(addons|plugins)/.*/Assets/ {
allow all;
access_log off;
}
location ~ /(addons|plugins)/ {
deny all;
}
# Deny all php files in themes folder
location ~* ^/themes/(.*)\.php {
deny all;
}
# Don't log favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Don't log robots
location = /robots.txt {
access_log off;
log_not_found off;
}
# Deny yml, twig, markdown, init file access
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny all grunt, composer files
location ~* (Gruntfile|package|composer)\.(js|json)$ {
deny all;
access_log off;
log_not_found off;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_keep_conn on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#include fastcgi_params;
include fastcgi.conf;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
client_max_body_size 100M;
add_header 'Access-Control-Allow-Origin' "*";
}