# configuration file /opt/bitnami/nginx/conf/nginx.conf: # Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf user daemon daemon; ## Default: nobody worker_processes auto; error_log "/opt/bitnami/nginx/logs/error.log"; pid "/opt/bitnami/nginx/tmp/nginx.pid"; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2; proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2; fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2; scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2; uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log "/opt/bitnami/nginx/logs/access.log"; sendfile on; tcp_nopush on; tcp_nodelay off; keepalive_timeout 65; gzip on; gzip_http_version 1.0; gzip_comp_level 2; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; map $http_x_forwarded_proto $lando_https { default ''; https on; } map $http_x_forwarded_proto $http_user_agent_https { default ''; https ON; } client_max_body_size 80M; server_tokens off; include "/opt/bitnami/nginx/conf/vhosts/*.conf"; # HTTP Server server { # port to listen on. Can also be set to an IP:PORT listen 80; location /status { stub_status on; access_log off; allow 127.0.0.1; deny all; } } } # configuration file /opt/bitnami/nginx/conf/mime.types: types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plain txt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; image/avif avif; image/png png; image/svg+xml svg svgz; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/webp webp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; font/woff woff; font/woff2 woff2; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; application/msword doc; application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; application/vnd.oasis.opendocument.graphics odg; application/vnd.oasis.opendocument.presentation odp; application/vnd.oasis.opendocument.spreadsheet ods; application/vnd.oasis.opendocument.text odt; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.wap.wmlc wmlc; application/wasm wasm; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert der pem crt; application/x-xpinstall xpi; application/xhtml+xml xhtml; application/xspf+xml xspf; application/zip zip; application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; audio/x-m4a m4a; audio/x-realaudio ra; video/3gpp 3gpp 3gp; video/mp2t ts; video/mp4 mp4; video/mpeg mpeg mpg; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-m4v m4v; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; } # configuration file /opt/bitnami/nginx/conf/vhosts/lando.conf: server { listen 443 ssl; listen 80; listen [::]:80 default ipv6only=on; server_name localhost; ssl_certificate /certs/cert.crt; ssl_certificate_key /certs/cert.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root "/app/web"; include /app/config/nginx.conf; index index.php index.html index.htm; location ~ \.php$ { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass fpm:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffers 256 128k; fastcgi_connect_timeout 300s; fastcgi_send_timeout 300s; fastcgi_read_timeout 300s; include fastcgi_params; } } # configuration file /app/config/nginx.conf: server_tokens off; index index.php index.html; charset UTF-8; default_type text/html; gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_min_length 10; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg; client_max_body_size 1024M; include /app/config/nginx/*.conf; # Force installation to /wp-admin/install.php so siteurl is always correct rewrite ^/wp/wp-admin/install.php(.*) $scheme://$http_host/wp-admin/install.php permanent; # Rewrite rules to allow for an application-like wordpress directory structure if (!-e $request_filename) { rewrite ^/wp-admin$ $scheme://$http_host/wp-admin/ permanent; rewrite ^/(wp-.*.php)$ /wp/$1 last; rewrite ^/(wp-(content|admin|includes).*) /wp/$1 last; } # Enable XML-RPC for WordPress rewrite ^/(xmlrpc\.php)$ /wp/$1 last; # Hide often probed WordPress file so that finding out the WordPress install # and version would not be too easy location /wp/readme.html { return 404; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location = /ads.txt { allow all; log_not_found off; access_log off; } # Block direct access to WooCommerce digital downloads. They can be accessed # via the X-Accel-Redirect mechanism for fast and protected downloads. location /wp/wp-content/uploads/woocommerce_uploads/ { internal; } # Deny access to any other dot file # ~ matches using regular expression all requests that contain '/.' # anywhere in the URL, eg '/.htaccess' and '/wp-content/.htpasswd'. # This regex will override all non-regex rules, except ^~ rules due # how to Nginx location parsing and priorities works. location ~ \/\. { deny all; } location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { try_files $uri =404; expires max; add_header Pragma "public"; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; access_log off; } # Use actual file if exists, otherwise pass request to WordPress # Last rule: match all requests (= URLs that start with /) location / { try_files $uri $uri/ /index.php?$args; } # If front page is requested, skip all other regex and rewrite rules and # pass request directly to WordPress (= URLS that are exactly /) # Tip from https://www.scalescale.com/tips/nginx/nginx-location-directive/ location = / { try_files $uri $uri/ /index.php?$args; } # configuration file /opt/bitnami/nginx/conf/fastcgi_params: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTPS $lando_https if_not_empty; fastcgi_param HTTP_USER_AGENT_HTTPS $http_user_agent_https if_not_empty; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;