248 lines
6.8 KiB
Plaintext
Executable File
248 lines
6.8 KiB
Plaintext
Executable File
## Example configuration:
|
|
# upstream fastcgi_backend {
|
|
# # use tcp connection
|
|
# # server 127.0.0.1:9000;
|
|
# # or socket
|
|
# server unix:/var/run/php/php7.4-fpm.sock;
|
|
# }
|
|
# server {
|
|
# listen 80;
|
|
# server_name mage.dev;
|
|
# set $MAGE_ROOT /var/www/magento2;
|
|
# set $MAGE_DEBUG_SHOW_ARGS 0;
|
|
# include /vagrant/magento2/nginx.conf.sample;
|
|
# }
|
|
#
|
|
## Optional override of deployment mode. We recommend you use the
|
|
## command 'bin/magento deploy:mode:set' to switch modes instead.
|
|
##
|
|
## set $MAGE_MODE default; # or production or developer
|
|
##
|
|
## If you set MAGE_MODE in server config, you must pass the variable into the
|
|
## PHP entry point blocks, which are indicated below. You can pass
|
|
## it in using:
|
|
##
|
|
## fastcgi_param MAGE_MODE $MAGE_MODE;
|
|
##
|
|
## In production mode, you should uncomment the 'expires' directive in the /static/ location block
|
|
|
|
# Modules can be loaded only at the very beginning of the Nginx config file, please move the line below to the main config file
|
|
# load_module /etc/nginx/modules/ngx_http_image_filter_module.so;
|
|
|
|
root $MAGE_ROOT/pub;
|
|
|
|
index index.php;
|
|
autoindex off;
|
|
charset UTF-8;
|
|
error_page 404 403 = /errors/404.php;
|
|
#add_header "X-UA-Compatible" "IE=Edge";
|
|
|
|
|
|
# Deny access to sensitive files
|
|
location /.user.ini {
|
|
deny all;
|
|
}
|
|
|
|
# PHP entry point for setup application
|
|
location ~* ^/setup($|/) {
|
|
root $MAGE_ROOT;
|
|
location ~ ^/setup/index.php {
|
|
fastcgi_pass fastcgi_backend;
|
|
|
|
fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
|
|
fastcgi_param PHP_VALUE "memory_limit=756M \n max_execution_time=600";
|
|
fastcgi_read_timeout 600s;
|
|
fastcgi_connect_timeout 600s;
|
|
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
}
|
|
|
|
location ~ ^/setup/(?!pub/). {
|
|
deny all;
|
|
}
|
|
|
|
location ~ ^/setup/pub/ {
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
}
|
|
}
|
|
|
|
# PHP entry point for update application
|
|
location ~* ^/update($|/) {
|
|
root $MAGE_ROOT;
|
|
|
|
location ~ ^/update/index.php {
|
|
fastcgi_split_path_info ^(/update/index.php)(/.+)$;
|
|
fastcgi_pass fastcgi_backend;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
include fastcgi_params;
|
|
}
|
|
|
|
# Deny everything but index.php
|
|
location ~ ^/update/(?!pub/). {
|
|
deny all;
|
|
}
|
|
|
|
location ~ ^/update/pub/ {
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
}
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php$is_args$args;
|
|
}
|
|
|
|
location /pub/ {
|
|
location ~ ^/pub/media/(downloadable|customer|import|custom_options|theme_customization/.*\.xml) {
|
|
deny all;
|
|
}
|
|
alias $MAGE_ROOT/pub/;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
}
|
|
|
|
location /static/ {
|
|
# Uncomment the following line in production mode
|
|
# expires max;
|
|
|
|
# Remove signature of the static files that is used to overcome the browser cache
|
|
location ~ ^/static/version\d*/ {
|
|
rewrite ^/static/version\d*/(.*)$ /static/$1 last;
|
|
}
|
|
|
|
location ~* \.(ico|jpg|jpeg|png|gif|svg|svgz|webp|avif|avifs|js|css|eot|ttf|otf|woff|woff2|html|json|webmanifest)$ {
|
|
add_header Cache-Control "public";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
expires +1y;
|
|
|
|
if (!-f $request_filename) {
|
|
rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
|
|
}
|
|
}
|
|
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
|
|
add_header Cache-Control "no-store";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
expires off;
|
|
|
|
if (!-f $request_filename) {
|
|
rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
|
|
}
|
|
}
|
|
if (!-f $request_filename) {
|
|
rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
|
|
}
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
}
|
|
|
|
location /media/ {
|
|
|
|
## The following section allows to offload image resizing from Magento instance to the Nginx.
|
|
## Catalog image URL format should be set accordingly.
|
|
## See https://docs.magento.com/user-guide/configuration/general/web.html#url-options
|
|
# location ~* ^/media/catalog/.* {
|
|
#
|
|
# # Replace placeholders and uncomment the line below to serve product images from public S3
|
|
# # See examples of S3 authentication at https://github.com/anomalizer/ngx_aws_auth
|
|
# # resolver 8.8.8.8;
|
|
# # proxy_pass https://<bucket-name>.<region-name>.amazonaws.com;
|
|
#
|
|
# set $width "-";
|
|
# set $height "-";
|
|
# if ($arg_width != '') {
|
|
# set $width $arg_width;
|
|
# }
|
|
# if ($arg_height != '') {
|
|
# set $height $arg_height;
|
|
# }
|
|
# image_filter resize $width $height;
|
|
# image_filter_jpeg_quality 90;
|
|
# }
|
|
|
|
try_files $uri $uri/ /get.php$is_args$args;
|
|
|
|
location ~ ^/media/theme_customization/.*\.xml {
|
|
deny all;
|
|
}
|
|
|
|
location ~* \.(ico|jpg|jpeg|png|gif|svg|svgz|webp|avif|avifs|js|css|eot|ttf|otf|woff|woff2)$ {
|
|
add_header Cache-Control "public";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
expires +1y;
|
|
try_files $uri $uri/ /get.php$is_args$args;
|
|
}
|
|
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
|
|
add_header Cache-Control "no-store";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
expires off;
|
|
try_files $uri $uri/ /get.php$is_args$args;
|
|
}
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
}
|
|
|
|
location /media/customer/ {
|
|
deny all;
|
|
}
|
|
|
|
location /media/downloadable/ {
|
|
deny all;
|
|
}
|
|
|
|
location /media/import/ {
|
|
deny all;
|
|
}
|
|
|
|
location /media/custom_options/ {
|
|
deny all;
|
|
}
|
|
|
|
location /errors/ {
|
|
location ~* \.xml$ {
|
|
deny all;
|
|
}
|
|
}
|
|
|
|
# PHP entry point for main application
|
|
location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
|
|
try_files $uri =404;
|
|
fastcgi_pass fastcgi_backend;
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
|
|
fastcgi_param PHP_VALUE "memory_limit=756M \n max_execution_time=18000";
|
|
fastcgi_read_timeout 600s;
|
|
fastcgi_connect_timeout 600s;
|
|
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
}
|
|
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
|
|
gzip_comp_level 6;
|
|
gzip_min_length 1100;
|
|
gzip_buffers 16 8k;
|
|
gzip_proxied any;
|
|
gzip_types
|
|
text/plain
|
|
text/css
|
|
text/js
|
|
text/xml
|
|
text/javascript
|
|
application/javascript
|
|
application/x-javascript
|
|
application/json
|
|
application/xml
|
|
application/xml+rss
|
|
image/svg+xml;
|
|
gzip_vary on;
|
|
|
|
# Banned locations (only reached if the earlier PHP entry point regexes don't match)
|
|
location ~* (\.php$|\.phtml$|\.htaccess$|\.htpasswd$|\.git) {
|
|
deny all;
|
|
}
|