diff --git a/.env b/.env index c8f5447..a8a6668 100644 --- a/.env +++ b/.env @@ -4,6 +4,7 @@ CLUSTERCOCKPIT_BRANCH=develop APP_CLUSTERCOCKPIT_INIT=true APP_ENVIRONMENT=dev +APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629 ######################################################################## # PHP diff --git a/nginx/Dockerfile b/nginx/Dockerfile index c904ed0..78037bb 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,24 +1,8 @@ -FROM nginx:1.19.6 - -LABEL maintainer="Vincent Composieux " +FROM nginx:mainline-alpine RUN mkdir -p /etc/nginx/templates - -COPY nginx.conf /etc/nginx/ COPY templates/* /etc/nginx/templates/ - -ARG APP_ENVIRONMENT -ARG NGINX_SYMFONY_SERVER_NAME -ENV APP_ENV=${APP_ENVIRONMENT} -ENV APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629 -ENV APP_DEBUG=1 -ARG INFLUXDB_PASSWORD -ARG MYSQL_PASSWORD -ENV INFLUXDB_URL=influxdb://symfony:${INFLUXDB_PASSWORD}@cc-influxdb:8086/ClusterCockpit -ENV DATABASE_URL=mysql://symfony:${MYSQL_PASSWORD}@db:3306/ClusterCockpit -ENV CORS_ALLOW_ORIGIN=^https?://(localhost|127\\.0\\.0\\.1)(:[0-9]+)?$ +COPY nginx.conf /etc/nginx/ CMD ["nginx"] - EXPOSE 80 -EXPOSE 443 diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0bcf975..037c8f5 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,6 +1,6 @@ -user www-data; +user nginx; worker_processes 4; -pid /run/nginx.pid; +pid /var/run/nginx.pid; events { worker_connections 2048; @@ -9,23 +9,40 @@ events { } http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + client_body_buffer_size 256k; + client_header_buffer_size 1k; + client_max_body_size 8m; + large_client_header_buffers 2 1k; + client_body_temp_path /tmp 1 2; + client_body_in_file_only off; + + keepalive_timeout 90; + send_timeout 120; + reset_timedout_connection on; + + open_file_cache max=2000 inactive=20s; + open_file_cache_valid 30s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + server_tokens off; sendfile on; tcp_nopush on; tcp_nodelay on; - keepalive_timeout 15; types_hash_max_size 2048; - include /etc/nginx/mime.types; - default_type application/octet-stream; + access_log off; error_log off; + gzip on; - gzip_disable "msie6"; + gzip_disable "MSIE [1-6]\."; + gzip_comp_level 9; + gzip_min_length 200; + include /etc/nginx/conf.d/*.conf; - open_file_cache max=100; - client_body_temp_path /tmp 1 2; - client_body_buffer_size 256k; - client_body_in_file_only off; } daemon off; diff --git a/nginx/templates/default.conf.template b/nginx/templates/default.conf.template index 8ac20f8..3ba0b97 100644 --- a/nginx/templates/default.conf.template +++ b/nginx/templates/default.conf.template @@ -1,22 +1,23 @@ server { - server_name ${NGINX_SYMFONY_SERVER_NAME}; + server_name localhost; root /var/www/symfony/public; - location / { - try_files $uri @rewriteapp; - } - - location @rewriteapp { - rewrite ^(.*)$ /index.php/$1 last; + try_files $uri /index.php$is_args$args; } location ~ ^/index\.php(/|$) { fastcgi_pass php-upstream; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS off; fastcgi_read_timeout 300; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + internal; + } + + location ~ \.php$ { + return 404; } }