1 files changed, 101 insertions, 0 deletions
diff --git a/www/lycheeorg/files/nginx.conf.in b/www/lycheeorg/files/nginx.conf.in
new file mode 100644
index 000000000000..470c3eb8bba6
--- /dev/null
+++ b/www/lycheeorg/files/nginx.conf.in
@@ -0,0 +1,101 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Maps to exclude successful health checks from stdout
+    map $remote_addr $loggable_ip {
+        127.0.0.1 "";
+        default 1;
+    }
+    map $status $loggable_status {
+        200 "";
+        default 1;
+    }
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    # By default, if the processing of images takes more than 60s,
+    # a 504 Gateway timeout occurs, so we increase the timeout here
+    # to allow procesing of large images or when multiple images are
+    # being processed at the same time. We set max_execution_time
+    # below to the same value.
+    fastcgi_read_timeout 3600;
+
+    # We also set the send timeout since this can otherwise also cause
+    # issues with slow connections
+    fastcgi_send_timeout 3600;
+
+    gzip  on;
+
+    server {
+        root %%WWWDIR%%/public;
+        listen       80;
+        server_name  $hostname "";
+        client_max_body_size 100M;
+        
+        # serve static files directly
+        location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
+            access_log off;
+            expires max;
+            log_not_found off;
+        }
+
+        # removes trailing slashes (prevents SEO duplicate content issues)
+        if (!-d $request_filename)
+        {
+            rewrite ^/(.+)/$ /$1 permanent;
+        }
+
+        # If the request is not for a valid file (image, js, css, etc.), send to bootstrap
+        if (!-e $request_filename)
+        {
+            rewrite ^/(.*)$ /index.php?/$1 last;
+            break;
+        }
+
+        location / {
+            index  index.php
+            try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        # Serve /index.php through PHP
+        location = /index.php {
+            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+            try_files $uri $document_root$fastcgi_script_name =404;
+
+            # Mitigate https://httpoxy.org/ vulnerabilities
+            fastcgi_param HTTP_PROXY "";
+
+            fastcgi_pass 127.0.0.1:9000;
+            fastcgi_index index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PHP_VALUE "post_max_size=100M
+                max_execution_time=3600
+                upload_max_filesize=100M
+                memory_limit=256M";
+            fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
+            include fastcgi_params;
+        }
+
+        # Deny access to other .php files, rather than exposing their contents
+        location ~ [^/]\.php(/|$) {
+            return 403;
+        }
+    }
+}