Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
gliders.nginx.prod.conf 4.16 KB
Newer Older
Gliders User's avatar
added production version of gliders nginx config (forces HTTPS)  
Gliders User committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 
# https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/
# NOTE: This makes any .php file other than app, app_dev and config.php
# downloadable. If you want one to run, add it to the "pass the PHP scripts to
# upstream FCGI" location section below. Be careful adding files with
# sensitive data like passwords inside them.

limit_req_zone $binary_remote_addr zone=gliders:10m rate=10r/s;

server {
    listen 80;
    listen [::]:80;
    server_name mars.noc.ac.uk;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name mars.noc.ac.uk;

    ssl_certificate /etc/letsencrypt/live/mars.noc.ac.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mars.noc.ac.uk/privkey.pem;

    set $symfonyfile "app";
    set $symfonyroot "/var/gliders/www";
    set $symfonyenv "prod";

    root $symfonyroot/web;

    error_log /var/log/nginx/gliders.error.log;
    access_log /var/log/nginx/$symfonyenv.gliders.access.log;

    # Enable compression. Very helpful when we're getting stuff like
    # large amounts of vehicle tracks in JSON form!
    gzip on;
    gzip_types text/plain application/xml text/html text/css application/json application/x-javascript text/xml text/javascript application/javascript;

    # strip app.php/ prefix if it is present
    rewrite ^/$symfonyfile\.php/?(.*)$ /$1 permanent;
Gliders User's avatar
swap php-fpm for php-pm  
Gliders User committed
41 42 43 44 45 46 47 48 49 
    
    location @ppm {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:8005;
        error_page 502 /502.html;
    }
Gliders User's avatar
added production version of gliders nginx config (forces HTTPS)  
Gliders User committed
50 51 52 53 54 55 56 57 

    location / {
    	limit_req zone=gliders burst=5;
        set $index_file $symfonyfile".php";
     	if (-f $document_root/.maintenance) {
            return 503;
        }
        index $index_file;
Gliders User's avatar
swap php-fpm for php-pm  
Gliders User committed
58 
        try_files $uri @ppm;
Gliders User's avatar
added production version of gliders nginx config (forces HTTPS)  
Gliders User committed
59 60 
    }
Owain Jones's avatar
redirect /dashboard.php to /dashboard  
Owain Jones committed
61 62 63 64 
    location /dashboard.php {
        return 301 /dashboard;
    }
Gliders User's avatar
added production version of gliders nginx config (forces HTTPS)  
Gliders User committed
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 
    location /mission.php {
        return 301 /missions;
    }

    location /glider/mission.php {
        return 301 /missions;
    }

    location /glider {
        return 301 /;
    }

    error_page 413 /413.html;
    error_page 502 /502.html;
    error_page 504 /504.html;
    error_page 503 @maintenance;
    location @maintenance {
        rewrite ^(.*)$ /maintenance.html break;
    }

    location ~ ^/(images|fonts|css|js) {
        access_log off;
        error_log off;
        try_files $uri =404;
        expires 1y;
        add_header Cache-Control "public";
    }

    location ~ ^/images/vehicles/(?P<vehicle_type>[a-zA-Z0-9]+)_(?P<vehicle_name>[a-zA-Z0-9]+)\.(png|jpg)$ {
        access_log off;
        error_log off;
        try_files $uri images/vehicles/$vehicle_name.png =404;
    }

    location /static/logs {
        alias /var/gliders/logs;
    }

    location /var/gliders/logs {
        alias /var/gliders/logs;
    }

    location /static {
        alias /var/gliders/static;
        expires 1d;
        add_header Cache-Control "public";
    }
Owain Jones's avatar
swapped memcached for redis. another php extension to be compiled.  
Owain Jones committed
113 114 115 116 117 
    location /static/tracks {
        alias /var/gliders/static/tracks;
        gzip_static on;
    }
Owain Jones's avatar
removed /realtime as now is handled by Symfony  
Owain Jones committed
118 119 120 121 122 
    # location /realtime {
    #     proxy_pass http://localhost:9002/;
    #     proxy_read_timeout 10m;
    #     proxy_connect_timeout 10m;
    # }
Owain Jones's avatar
added /realtime/ proxy  
Owain Jones committed
123
Gliders User's avatar
added production version of gliders nginx config (forces HTTPS)  
Gliders User committed
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 
    location @rewriteapp {
        rewrite ^(.*)$ /${symfonyfile}.php/$1 last;
    }

    # pass the PHP scripts to FastCGI server from upstream phpfcgi
    location ~ ^/(app|app_dev|config)\.php(/|$) {
        # fastcgi_pass hhvmfcgi;
        fastcgi_pass phpfcgi;
        fastcgi_intercept_errors on;
        # error_page 502 = @fallback;
        error_page 502 /502.html;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param  SCRIPT_FILENAME $symfonyroot/web$fastcgi_script_name;
        fastcgi_param  HTTPS on;
    }

    # location @fallback {
    #     fastcgi_pass phpfcgi;
    #    fastcgi_intercept_errors on;
    #    include fastcgi_params;
    #    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    #    fastcgi_param SCRIPT_FILENAME $symfonyroot/web$fastcgi_script_name;
    #    fastcgi_param HTTPS off;
    #    error_page 502 /502.html;
    #}
}