Closed bogordesaincom closed 9 months ago
I don't know if this is the best approach, but I do this to run a custom Nginx configuration:
In my Dockerfile I run this:
RUN composer install --optimize-autoloader \
&& chown -R www-data:www-data /var/www/html \
&& rm -rf /etc/cont-init.d/* \
+ && rm /etc/nginx/sites-enabled/default && rsync -avz .fly/docker/nginx/* /etc/nginx/ \
&& .....
This removes the enabled site that fideloper/fly-laravel
puts there for us. Then I rsync everything that's in .fly/docker/nginx/*
into the /etc/nginx
directory, allowing me to override the configuration for the enabled site.
Then in .fly/docker/nginx
I have all the nginx config that I want to put in the /etc/nginx
directory:
If you want to simply add those two lines, then the easiest way (I think) is to fly ssh console
into your VM, navigate to /etc/nginx/sites-enabled
and first inspect that folder:
fly ssh console -a your-app
cd /etc/nginx/sites-enabled
There you will find a file called default
which is symlinked to /etc/nginx/sites-available/default
(or default-octane
if you're using Octane). Content should look something like this:
server {
listen 8080 default_server;
listen [::]:8080 default_server;
root /var/www/html/public;
index index.html index.htm index.php;
server_name _;
charset utf-8;
client_max_body_size 2048M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param HTTP_X_FORWARDED_FOR $http_fly_client_ip;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
access_log off;
log_not_found off;
# Pass to PHP to ensure PHP apps can handle routes that end in these filetypes
try_files $uri /index.php?$query_string;
}
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
access_log off;
}
location ~ /\.(?!well-known) {
deny all;
}
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
}
Just copy that file into .fly/docker/nginx/sites-enabled
and then modify it to your liking.
thanks @dejagersh
I have half a mind to incorporate h5bp's nginx configuration, which does a bunch of work for caching static assets, securing dot files, and adding in these security headers.
https://github.com/h5bp/server-configs-nginx
I'd likely "just" include the "basic.conf" file so it just does some basics.
What do you think?
How to add script header like this?