69 lines
2.3 KiB
YAML
69 lines
2.3 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: grav-nginx-proxy-config
|
|
data:
|
|
nginx.conf: |-
|
|
user nginx;
|
|
worker_processes 1;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 64;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log off;
|
|
#access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
index index.html index.php;
|
|
root /var/www/grav;
|
|
## Begin - Index
|
|
# for subfolders, simply adjust:
|
|
# `location /subfolder {`
|
|
# and the rewrite to use `/subfolder/index.php`
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
## End - Index
|
|
|
|
## Begin - Security
|
|
# deny all direct access for these folders
|
|
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
|
|
# deny running scripts inside core system folders
|
|
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
# deny running scripts inside user folder
|
|
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
# deny access to specific files in the root folder
|
|
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
|
|
## End - Security
|
|
|
|
## Begin - PHP
|
|
location ~ \.php$ {
|
|
# Choose either a socket or TCP/IP address
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
|
}
|
|
## End - PHP
|
|
}
|
|
}
|