2
0

default.conf 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. upstream fastcgi_backend {
  2. server PHP_HOST:PHP_PORT;
  3. }
  4. server {
  5. listen 80;
  6. server_name localhost;
  7. set $MAGE_ROOT /var/www/html;
  8. set $MAGE_MODE APP_MAGE_MODE;
  9. root $MAGE_ROOT/pub;
  10. index index.php;
  11. autoindex off;
  12. charset off;
  13. add_header 'X-Content-Type-Options' 'nosniff';
  14. location /setup {
  15. root $MAGE_ROOT;
  16. location ~ ^/setup/index.php {
  17. fastcgi_pass fastcgi_backend;
  18. fastcgi_index index.php;
  19. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  20. include fastcgi_params;
  21. }
  22. location ~ ^/setup/(?!pub/). {
  23. deny all;
  24. }
  25. location ~ ^/setup/pub/ {
  26. add_header X-Frame-Options "SAMEORIGIN";
  27. }
  28. }
  29. location /update {
  30. root $MAGE_ROOT;
  31. location ~ ^/update/index.php {
  32. fastcgi_split_path_info ^(/update/index.php)(/.+)$;
  33. fastcgi_pass fastcgi_backend;
  34. fastcgi_index index.php;
  35. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  36. fastcgi_param PATH_INFO $fastcgi_path_info;
  37. include fastcgi_params;
  38. }
  39. # deny everything but index.php
  40. location ~ ^/update/(?!pub/). {
  41. deny all;
  42. }
  43. location ~ ^/update/pub/ {
  44. add_header X-Frame-Options "SAMEORIGIN";
  45. }
  46. }
  47. location / {
  48. try_files $uri $uri/ /index.php?$args;
  49. }
  50. location /pub {
  51. location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
  52. deny all;
  53. }
  54. alias $MAGE_ROOT/pub;
  55. add_header X-Frame-Options "SAMEORIGIN";
  56. }
  57. location /static/ {
  58. if ($MAGE_MODE = "production") {
  59. expires max;
  60. }
  61. # remove signature of static files used to overcome browser cache
  62. location ~ ^/static/version {
  63. rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
  64. }
  65. location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
  66. add_header Cache-Control "public";
  67. add_header X-Frame-Options "SAMEORIGIN";
  68. expires +1y;
  69. if (!-f $request_filename) {
  70. rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
  71. }
  72. }
  73. location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
  74. add_header Cache-Control "no-store";
  75. add_header X-Frame-Options "SAMEORIGIN";
  76. expires off;
  77. if (!-f $request_filename) {
  78. rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
  79. }
  80. }
  81. if (!-f $request_filename) {
  82. rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
  83. }
  84. add_header X-Frame-Options "SAMEORIGIN";
  85. }
  86. location /media/ {
  87. try_files $uri $uri/ /get.php?$args;
  88. location ~ ^/media/theme_customization/.*\.xml {
  89. deny all;
  90. }
  91. location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
  92. add_header Cache-Control "public";
  93. add_header X-Frame-Options "SAMEORIGIN";
  94. expires +1y;
  95. try_files $uri $uri/ /get.php?$args;
  96. }
  97. location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
  98. add_header Cache-Control "no-store";
  99. add_header X-Frame-Options "SAMEORIGIN";
  100. expires off;
  101. try_files $uri $uri/ /get.php?$args;
  102. }
  103. add_header X-Frame-Options "SAMEORIGIN";
  104. }
  105. location /media/customer/ {
  106. deny all;
  107. }
  108. location /media/downloadable/ {
  109. deny all;
  110. }
  111. location /media/import/ {
  112. deny all;
  113. }
  114. location ~ /media/theme_customization/.*\.xml$ {
  115. deny all;
  116. }
  117. location /errors/ {
  118. try_files $uri =404;
  119. }
  120. location ~ ^/errors/.*\.(xml|phtml)$ {
  121. deny all;
  122. }
  123. location ~ cron\.php {
  124. deny all;
  125. }
  126. location ~ (index|get|static|report|404|503)\.php$ {
  127. try_files $uri =404;
  128. fastcgi_pass fastcgi_backend;
  129. fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
  130. fastcgi_param PHP_VALUE "max_execution_time=600";
  131. fastcgi_read_timeout 600s;
  132. fastcgi_connect_timeout 600s;
  133. fastcgi_param MAGE_MODE $MAGE_MODE;
  134. fastcgi_index index.php;
  135. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  136. include fastcgi_params;
  137. }
  138. }