server {
listen 80 default;
root /application/public;
access_log /var/log/nginx/access.log;
resolver 127.0.0.11 ipv6=off;
set $fpm_backend php-fpm;
location / {
try_files $uri /index.php$is_args$args;
}
location ~* ^[^(\.php)]+\.(jpg|jpeg|gif|png|ico|css|pdf|ppt|txt|bmp|rtf|js)$ {
access_log off;
expires 1h;
add_header Cache-Control public;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass $fpm_backend:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
send_timeout 300;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
}
# Basic configuration
expires off;
server_tokens off;
client_max_body_size 4m;
keepalive_timeout 20s;
sendfile on;
tcp_nopush on;
# Security
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Performance
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/geo+json
application/vnd.ms-fontobject
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/rdf+xml
font/otf
application/wasm
image/bmp
image/svg+xml
text/cache-manifest
text/css
text/javascript
text/plain
text/markdown
text/vcard
text/calendar
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# Content types
include mime.types;
charset utf-8;
charset_types
text/css
text/plain
text/vnd.wap.wml
text/javascript
text/markdown
text/calendar
text/x-component
text/vcard
text/cache-manifest
text/vtt
application/json
application/manifest+json;
}