Lenverge/roles/projects/templates/nginx-site.conf.j2
2025-06-15 11:53:01 +08:00

87 lines
2.1 KiB
Django/Jinja

server {
listen 80;
server_name {{ project.domain }};
root {{ project.document_root }};
index index.php;
access_log /var/log/nginx/{{ project.domain }}-access.log;
error_log /var/log/nginx/{{ project.domain }}-error.log;
# General performance
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30s;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 100M;
client_body_buffer_size 128k;
# Security headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Gzip compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/x-javascript
application/xml
application/xml+rss
font/ttf
font/otf
image/svg+xml;
# Laravel-friendly routing
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM handling
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php{{ project.php_version }}-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_temp_file_write_size 64k;
fastcgi_intercept_errors on;
}
# Block hidden files
location ~ /\.(?!well-known).* {
deny all;
}
# Static file caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2?|ttf|svg|eot)$ {
expires 30d;
access_log off;
add_header Cache-Control "public";
}
# Optional: Nginx status endpoint (local only)
location /nginx_status {
stub_status;
allow 127.0.0.1;
deny all;
}
}