Created
August 21, 2022 14:13
-
-
Save rfay/fd9ee34175cc91e49a09c8fab8eba47e to your computer and use it in GitHub Desktop.
Custom nginx-site.conf to redirect http to https
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ddev drupal7 config | |
| # See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#providing-custom-nginx-configuration | |
| server { | |
| listen 80 default_server; | |
| listen 443 ssl default_server; | |
| root /var/www/html/docroot; | |
| ssl_certificate /etc/ssl/certs/master.crt; | |
| ssl_certificate_key /etc/ssl/certs/master.key; | |
| include /etc/nginx/monitoring.conf; | |
| index index.php index.htm index.html; | |
| # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html | |
| sendfile off; | |
| error_log /dev/stdout info; | |
| access_log /var/log/nginx/access.log; | |
| if ($http_x_forwarded_proto = "http") { | |
| return 301 https://$host$request_uri; | |
| } | |
| location / { | |
| absolute_redirect off; | |
| # First attempt to serve request as file, then | |
| # as directory, then fall back to index.html | |
| try_files $uri $uri/ /index.php?q=$uri&$args; | |
| } | |
| location @rewrite { | |
| # For D7 and above: | |
| # Clean URLs are handled in drupal_environment_initialize(). | |
| rewrite ^ /index.php; | |
| } | |
| # Handle image styles for Drupal 7+ | |
| location ~ ^/sites/.*/files/styles/ { | |
| try_files $uri @rewrite; | |
| } | |
| # pass the PHP scripts to FastCGI server listening on socket | |
| location ~ \.php$ { | |
| try_files $uri =404; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| fastcgi_pass unix:/run/php-fpm.sock; | |
| fastcgi_buffers 16 16k; | |
| fastcgi_buffer_size 32k; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
| fastcgi_index index.php; | |
| include fastcgi_params; | |
| fastcgi_intercept_errors off; | |
| # fastcgi_read_timeout should match max_execution_time in php.ini | |
| fastcgi_read_timeout 10m; | |
| fastcgi_param SERVER_NAME $host; | |
| fastcgi_param HTTPS $fcgi_https; | |
| } | |
| # Expire rules for static content | |
| # Media: images, icons, video, audio, HTC | |
| location ~* \.(png|jpg|jpeg|gif|ico|svg)$ { | |
| try_files $uri @rewrite; | |
| expires max; | |
| log_not_found off; | |
| } | |
| # js and css always loaded | |
| location ~* \.(js|css)$ { | |
| try_files $uri @rewrite; | |
| expires -1; | |
| log_not_found off; | |
| } | |
| # Prevent clients from accessing hidden files (starting with a dot) | |
| # This is particularly important if you store .htpasswd files in the site hierarchy | |
| # Access to `/.well-known/` is allowed. | |
| # https://www.mnot.net/blog/2010/04/07/well-known | |
| # https://tools.ietf.org/html/rfc5785 | |
| location ~* /\.(?!well-known\/) { | |
| deny all; | |
| } | |
| # Prevent clients from accessing to backup/config/source files | |
| location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { | |
| deny all; | |
| } | |
| ## Regular private file serving (i.e. handled by Drupal). | |
| location ^~ /system/files/ { | |
| ## For not signaling a 404 in the error log whenever the | |
| ## system/files directory is accessed add the line below. | |
| ## Note that the 404 is the intended behavior. | |
| log_not_found off; | |
| access_log off; | |
| expires 30d; | |
| try_files $uri @rewrite; | |
| } | |
| include /etc/nginx/common.d/*.conf; | |
| include /mnt/ddev_config/nginx/*.conf; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment