48 lines
1.5 KiB
Plaintext
48 lines
1.5 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name localhost;
|
|
root /var/www/html/public;
|
|
index index.php index.html;
|
|
|
|
charset utf-8;
|
|
client_max_body_size 64M;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
|
|
location = /favicon.ico { access_log off; log_not_found off; }
|
|
location = /robots.txt { access_log off; log_not_found off; }
|
|
|
|
error_page 404 /index.php;
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_pass app:9000;
|
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
fastcgi_hide_header X-Powered-By;
|
|
|
|
# Forward proxy headers so Laravel can validate signed URLs behind reverse proxy
|
|
fastcgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
|
|
fastcgi_param HTTP_X_FORWARDED_HOST $http_host;
|
|
fastcgi_param HTTP_X_FORWARDED_PORT $http_x_forwarded_port;
|
|
|
|
# Trust external proxy proto, or default to https for signed URL validation
|
|
set $fwd_proto $http_x_forwarded_proto;
|
|
if ($fwd_proto = "") {
|
|
set $fwd_proto "https";
|
|
}
|
|
fastcgi_param HTTP_X_FORWARDED_PROTO $fwd_proto;
|
|
}
|
|
|
|
location ~ /\.(?!well-known).* {
|
|
deny all;
|
|
}
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
}
|