worker_processes 1; error_log stderr warn; pid /run/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; # Define custom log format to include reponse times log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$request_time $upstream_response_time $pipe $upstream_cache_status'; access_log /dev/stdout main_timed; error_log /dev/stderr notice; keepalive_timeout 65; # Write temporary files to /tmp so they can be created as a non-privileged user client_body_temp_path /tmp/client_temp; proxy_temp_path /tmp/proxy_temp_path; fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; # Default server definition server { listen 8080 default_server; server_name _; sendfile off; # Set the forwarded_scheme variable based on the X-Forwarded-Proto header # This is used to maintain the original protocol used by the client # This is important when behind a reverse proxy that handles SSL termination set $forwarded_scheme "http"; if ($http_x_forwarded_proto = "https") { set $forwarded_scheme "https"; } # Increase proxy buffers for large requests proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; # Upload limit client_max_body_size ${client_max_body_size}; client_body_buffer_size 128k; root ${nginx_root_directory}; index index.php index.html; location / { # First attempt to serve request as file, then # as directory, then fall back to index.php try_files $uri $uri/ /index.php?q=$uri&$args; } # Redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/lib/nginx/html; } # Pass the PHP scripts to PHP-FPM listening on socket location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; include fastcgi_params; # Pass the original forwarded_scheme and HTTPS status to the PHP backend fastcgi_param HTTP_X_FORWARDED_PROTO $forwarded_scheme; fastcgi_param HTTPS $https if_not_empty; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; } # Deny access to . files, for security location ~ /\. { log_not_found off; deny all; } # Allow fpm ping and status from localhost location ~ ^/(fpm-status|fpm-ping)$ { access_log off; allow 127.0.0.1; deny all; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_pass unix:/run/php-fpm.sock; } # Include additional server-specific configurations include /etc/nginx/server-conf.d/*.conf; } # Include other server configs include /etc/nginx/conf.d/*.conf; gzip on; gzip_proxied any; # Based on CloudFlare's recommended settings https://developers.cloudflare.com/speed/optimization/content/brotli/content-compression/ gzip_types text/richtext text/plain text/css text/x-script text/x-component text/x-java-source text/x-markdown application/javascript application/x-javascript text/javascript text/js image/x-icon image/vnd.microsoft.icon application/x-perl application/x-httpd-cgi text/xml application/xml application/rss+xml application/vnd.api+json application/x-protobuf application/json multipart/bag multipart/mixed application/xhtml+xml font/ttf font/otf font/x-woff image/svg+xml application/vnd.ms-fontobject application/ttf application/x-ttf application/otf application/x-otf application/truetype application/opentype application/x-opentype application/font-woff application/eot application/font application/font-sfnt application/wasm application/javascript-binast application/manifest+json application/ld+json application/graphql+json application/geo+json; gzip_vary on; gzip_disable "msie6"; }