Skip to content

Instantly share code, notes, and snippets.

@gulien
Last active September 11, 2018 06:29
Show Gist options
  • Save gulien/64d8c94c5d0e294ac121ea810794757e to your computer and use it in GitHub Desktop.
Save gulien/64d8c94c5d0e294ac121ea810794757e to your computer and use it in GitHub Desktop.
kickoff-docker-php - NGINX configuration blueprint for a Symfony application

Simple example on how to update the php-fpm.conf file for a Symfony application.

It should be used for the kickoff-docker-php.

# add this line on top of the stack of the command "nginx-build".
- orbit generate -t modules/nginx/conf.d/php-fpm.blueprint.conf -o modules/nginx/conf.d/php-fpm.conf -e Config,config/.env {{ if debug }}-d{{ end }}
server {
listen 80;
server_name _;
charset utf-8;
root /var/www/html/web;
# Uploads to 100M
client_max_body_size 100m;
location / {
{{- if eq "local" .EnvFiles.Config.ENV }}
try_files $uri /app_dev.php$is_args$args;
{{- else }}
try_files $uri /app.php$is_args$args;
{{- end }}
}
## Begin - Security
# don't send the nginx version number in error pages and Server header
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; style-src 'self' fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'none'; object-src 'self'; connect-src 'self'";
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core vendor folder
location ~* /(vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
{{- if eq "local" .EnvFiles.Config.ENV }}
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass php-fpm:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
{{- else }}
location ~ ^/app\.php(/|$) {
fastcgi_pass php-fpm:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
{{- end }}
location ~ \.php$ { return 404; }
## End - PHP
location ~* ^.+\.(ico|js|gif|jpg|jpeg|png|bmp)$ {
expires 30d;
}
}
@symball
Copy link

symball commented Jul 29, 2018

This gist fails as it is, in order to make it work:

  • Change the first orbit build definition:
    orbit generate -f modules/nginx/conf.d/php-fpm.blueprint.conf -o modules/nginx/conf.d/php-fpm.conf {{ if debug }}-d{{ end }}
    This is changing -t flag for -f and removing -e Config,config/.env entirely

  • In the blueprint file:

### Replace 
{{- if eq "local" .EnvFiles.Config.ENV }}
### with
{{- if eq "local" .Orbit.EnvFile.ENV }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment