user www-data; worker_processes auto; pid /run/nginx.pid; daemon off; events { worker_connections 2048; # multi_accept on; } http { # Basic Settings sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size %_APP_STORAGE_LIMIT%; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; # SSL Settings #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE #ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED'; ssl_prefer_server_ciphers off; # Logging Settings access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; # Gzip Settings gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml; # Brotli Settings brotli on; brotli_comp_level 5; brotli_static on; brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml; # Virtual Host Configs server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 ipv6only=on; ## listen for ipv6 listen 443 default ssl http2; #ssl on; ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; root /usr/src/code/public; index index.php index.html index.htm; server_tokens off; # Make site accessible from http://localhost/ #server_name localhost; # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; # Add stdout logging #error_log /dev/stdout info; #access_log /dev/stdout; access_log off; location / { # First attempt to serve request as file, then # as directory, then fall back to index.html try_files $uri $uri/ /index.php?q=$uri&$args; } # Media: images, icons, video, audio, HTC location ~* \.(?:ico|cur|gz|svg|svgz|mp4|ogg|woff|woff2|ogv|webm|htc)$ { expires 1M; access_log off; add_header Cache-Control "public"; } # CSS and JavaScript location ~* \.(?:css|js)$ { expires 1y; access_log off; add_header Cache-Control "public"; } location /images { expires 1y; access_log off; add_header Cache-Control "public"; } location /favicon.png { expires 1y; access_log off; add_header Cache-Control "public"; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/src/code; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param HTTP_IF_NONE_MATCH $http_if_none_match; fastcgi_param HTTP_IF_MODIFIED_SINCE $http_if_modified_since; fastcgi_read_timeout 600; fastcgi_index index.php; include fastcgi_params; } # deny access to . files, for security location ~ /\.(?!well-known).* { #log_not_found off; deny all; } } }