auvem/wordpress-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f13fdb29ccc0c616b93a56be5a44b7f4531e00e9
wordpress-docker/nginx/nginx.conf
Elijah Duffy 3c46706db6
All checks were successful
nginx-build / build (push) Successful in 44s
Details
add nginx.conf file removed in 82cdc6a2ad
2025-12-07 23:15:50 -08:00

70 lines
2.3 KiB
Nginx Configuration File
Raw Blame History

server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html;
index index.php index.html index.htm;
# Basic security headers (can be extended per-site)
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# Deny access to hidden files and directories
location ~ (^|/)[.] {
deny all;
access_log off;
log_not_found off;
}
# Static files: long cache, immutable where appropriate
location ~* \.(?:css|js|gif|jpe?g|png|ico|svg|woff2?|ttf|eot)$ {
try_files $uri =404;
access_log off;
expires 30d;
add_header Cache-Control "public, max-age=2592000, immutable";
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; allow all; }
# Main front controller; fall back to index.php
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# PHP-FPM handling; pass to php-fpm:9000 (docker service name)
location ~ [^/]
\.php(/|$) {
# Prevent direct access to PHP files in uploads or other writable dirs if necessary
try_files $document_root$fastcgi_script_name =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Use TCP FPM backend service name. Matches the php-fpm image we built.
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_read_timeout 300;
}
# Block access to .ht* files
location ~* /\.(?:ht|git) {
deny all;
}
# Optional: small buffer for large headers (WordPress with many cookies/plugins)
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
# Prevent clickjacking on all responses
add_header X-Frame-Options "SAMEORIGIN";
}
# Default server; allow override by mounting /etc/nginx/conf.d/default.conf
Reference in New Issue View Git Blame Copy Permalink