-
-
Save yurkinx/f223d6b45413fd710c18d15807b65b4d to your computer and use it in GitHub Desktop.
My preferred configuration for a Laravel 4 API endpoint running over PHP-FPM, when I need to talk to it with AngularJS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| root /path/to/app/public; | |
| index index.php; | |
| server_name test.dev; | |
| set $cors_headers "whatever-custom-headers,you-would-like"; | |
| # redirection to index.php | |
| location / { | |
| try_files $uri $uri/ /index.php?$query_string; | |
| } | |
| # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
| location ~ \.php$ { | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini | |
| # With php5-fpm: | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| include fastcgi_params; | |
| # cors configuration | |
| # whitelist of allowed domains, via a regular expression | |
| # if ($http_origin ~* (http://localhost(:[0-9]+)?)) { | |
| if ($http_origin ~* .*) { # yeah, for local development. tailor your regex as needed | |
| set $cors "true"; | |
| } | |
| # apparently, the following three if statements create a flag for "compound conditions" | |
| if ($request_method = OPTIONS) { | |
| set $cors "${cors}options"; | |
| } | |
| if ($request_method = GET) { | |
| set $cors "${cors}get"; | |
| } | |
| if ($request_method = POST) { | |
| set $cors "${cors}post"; | |
| } | |
| # now process the flag | |
| if ($cors = 'trueget') { | |
| add_header 'Access-Control-Allow-Origin' "$http_origin"; | |
| add_header 'Access-Control-Allow-Credentials' 'true'; | |
| } | |
| if ($cors = 'truepost') { | |
| add_header 'Access-Control-Allow-Origin' "$http_origin"; | |
| add_header 'Access-Control-Allow-Credentials' 'true'; | |
| } | |
| if ($cors = 'trueoptions') { | |
| add_header 'Access-Control-Allow-Origin' "$http_origin"; | |
| add_header 'Access-Control-Allow-Credentials' 'true'; | |
| add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; | |
| add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,$cors_headers'; # I have not yet verified what happens if $cors_headers is empty and there remains a trailing comma. I'll explore later if it becomes a problem. | |
| add_header 'Content-Length' 0; | |
| add_header 'Content-Type' 'text/plain charset=UTF-8'; | |
| return 204; | |
| } | |
| } | |
| error_log /var/log/nginx/test.dev.error.log; | |
| access_log /var/log/nginx/test.dev.access.log; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment