mskian · October 10, 2020 04:59
diff --git a/api-example.conf b/api-example.conf
 fastcgi_cache_path /etc/nginx/cache/apiapp levels=1:2 keys_zone=apiapp:100m inactive=60m max_size=40m;
 fastcgi_cache_key "$scheme$request_method$host$request_uri";

 server {
 	listen 80;
 	listen [::]:80;
 	listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name api.example.com;
 	root /var/www/apiapp;
 	index index.html index.php;

 	if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

 	location / {
 		try_files $uri $uri/ =404;
 	}
    
 	# cache by default
    set $skip_cache 0;
 	# set default empty skip reason
    set $skip_reason "";

 	# Don't cache uris containing the following segments
    if ($request_uri ~* "/users/|/admin/") {
 	    set $skip_cache 1;
 		set $skip_reason "${skip_reason}-URI";
    }

 	# pass PHP scripts to FastCGI server
 	#
 	location ~ \.php$ {
 	#	include snippets/fastcgi-php.conf;
 	#
 	#	# With php-fpm (or other unix sockets):
 	    try_files $uri =404;
 		fastcgi_cache apiapp;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		fastcgi_split_path_info ^(.+\.php)(.*)$;
 		fastcgi_index index.php;
 		fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
 		#include fastcgi_params;
 		include /etc/nginx/fastcgi_params;
 		#fastcgi_buffer_size 128k;
 		#fastcgi_buffers 256 4k;
 		#fastcgi_busy_buffers_size 256k;
 		#fastcgi_temp_file_write_size 256k;
 		#fastcgi_cache_valid 200 301 302 60m;
 		fastcgi_cache_valid 404 1m;
 		fastcgi_cache_valid 200 1m;
 		#fastcgi_cache_min_uses 1;
 		#fastcgi_cache_lock on;
 		#fastcgi_cache_revalidate on;
 		#fastcgi_cache_background_update on;
 		#fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
 		fastcgi_no_cache $skip_cache;
 		fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
 		fastcgi_cache_bypass $http_secret_header $skip_cache;
 		add_header SanWeb-Fastcgi-Cache $upstream_cache_status;
 		add_header Sanweb-Skip $skip_reason;
 	#	# With php-cgi (or other tcp sockets):
 	#	fastcgi_pass 127.0.0.1:9000;
 	}

 	# deny access to .htaccess files, if Apache's document root
 	# concurs with nginx's one
 	#
 	location ~ /\.ht {
 		deny all;
 	}

 	## Rewrite for Auth API
 	location /auth {
       try_files $uri $uri/ @rewriteauth;
    }
    location @rewriteauth {
       rewrite ^/auth/(.*)$ /auth/verify.php?api=$1;

    }

 	client_max_body_size 70m;

    ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

 }
	fastcgi_cache_path /etc/nginx/cache/apiapp levels=1:2 keys_zone=apiapp:100m inactive=60m max_size=40m;
	fastcgi_cache_key "$scheme$request_method$host$request_uri";

	server {
	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name api.example.com;
	root /var/www/apiapp;
	index index.html index.php;

	if ($scheme = http) {
	return 301 https://$server_name$request_uri;
	}

	location / {
	try_files $uri $uri/ =404;
	}

	# cache by default
	set $skip_cache 0;
	# set default empty skip reason
	set $skip_reason "";

	# Don't cache uris containing the following segments
	if ($request_uri ~* "/users/\|/admin/") {
	set $skip_cache 1;
	set $skip_reason "${skip_reason}-URI";
	}

	# pass PHP scripts to FastCGI server
	#
	location ~ \.php$ {
	# include snippets/fastcgi-php.conf;
	#
	# # With php-fpm (or other unix sockets):
	try_files $uri =404;
	fastcgi_cache apiapp;
	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	fastcgi_split_path_info ^(.+\.php)(.*)$;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	#include fastcgi_params;
	include /etc/nginx/fastcgi_params;
	#fastcgi_buffer_size 128k;
	#fastcgi_buffers 256 4k;
	#fastcgi_busy_buffers_size 256k;
	#fastcgi_temp_file_write_size 256k;
	#fastcgi_cache_valid 200 301 302 60m;
	fastcgi_cache_valid 404 1m;
	fastcgi_cache_valid 200 1m;
	#fastcgi_cache_min_uses 1;
	#fastcgi_cache_lock on;
	#fastcgi_cache_revalidate on;
	#fastcgi_cache_background_update on;
	#fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
	fastcgi_no_cache $skip_cache;
	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
	fastcgi_cache_bypass $http_secret_header $skip_cache;
	add_header SanWeb-Fastcgi-Cache $upstream_cache_status;
	add_header Sanweb-Skip $skip_reason;
	# # With php-cgi (or other tcp sockets):
	# fastcgi_pass 127.0.0.1:9000;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
	deny all;
	}

	## Rewrite for Auth API
	location /auth {
	try_files $uri $uri/ @rewriteauth;
	}
	location @rewriteauth {
	rewrite ^/auth/(.*)$ /auth/verify.php?api=$1;

	}

	client_max_body_size 70m;

	ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	}