core/php-framework
8
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
php-framework/docker/nginx/default.conf
Snider 05f03a1ca1
Some checks failed
Code Style / Laravel Pint (push) Failing after 2s
Details
Code Style / PHP CodeSniffer (push) Failing after 1s
Details
Static Analysis / PHPStan (push) Failing after 1s
Details
Static Analysis / Psalm (push) Failing after 2s
Details
Static Analysis / Security Audit (push) Failing after 1s
Details
Static Analysis / PHP Syntax Check (push) Failing after 1s
Details
Tests / PHP 8.2 - Laravel 11.* (push) Failing after 2s
Details
Tests / PHP 8.3 - Laravel 11.* (push) Failing after 2s
Details
Tests / PHP 8.4 - Laravel 11.* (push) Failing after 2s
Details
Tests / PHP 8.4 - Laravel 12.* (push) Failing after 2s
Details
Tests / PHP 8.3 - Laravel 12.* (push) Failing after 2s
Details
feat: add Docker infrastructure from CLI 
Move production Docker files from core/cli to their proper home:
- Dockerfile.app: PHP 8.3-FPM with Laravel extensions
- Dockerfile.web: nginx reverse proxy
- docker-compose.prod.yml: full stack (app, web, horizon, scheduler, mcp, redis, galera)
- nginx/: default.conf + security-headers.conf
- php/: opcache.ini + php-fpm.conf

Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-21 21:14:39 +00:00

59 lines
1.4 KiB
Text
Raw Blame History

# Host UK Nginx Configuration
# Proxies PHP to the app (FPM) container, serves static files directly
server {
listen 80;
server_name _;
root /app/public;
index index.php;
charset utf-8;
# Security headers
include /etc/nginx/snippets/security-headers.conf;
# Health check endpoint (no logging)
location = /health {
access_log off;
try_files $uri /index.php?$query_string;
}
# Static file caching
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|webp|avif)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
try_files $uri =404;
}
# Laravel application
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM upstream
location ~ \.php$ {
fastcgi_pass app:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
fastcgi_read_timeout 300;
# Pass real client IP from LB proxy protocol
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
}
# Block dotfiles (except .well-known)
location ~ /\.(?!well-known) {
deny all;
}
# Block access to sensitive files
location ~* \.(env|log|yaml|yml|toml|lock|bak|sql)$ {
deny all;
}
}
Reference in a new issue View git blame Copy permalink