# https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/
# NOTE: This makes any .php file other than app, app_dev and config.php
# downloadable. If you want one to run, add it to the "pass the PHP scripts to
# upstream FCGI" location section below. Be careful adding files with
# sensitive data like passwords inside them.
limit_req_zone $binary_remote_addr zone=gliders:10m rate=10r/s;
server {
listen 80;
listen [::]:80;
server_name mars.noc.ac.uk;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mars.noc.ac.uk;
ssl_certificate /etc/letsencrypt/live/mars.noc.ac.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mars.noc.ac.uk/privkey.pem;
set $symfonyfile "app";
set $symfonyroot "/var/gliders/www";
set $symfonyenv "prod";
root $symfonyroot/web;
error_log /var/log/nginx/gliders.error.log;
access_log /var/log/nginx/$symfonyenv.gliders.access.log;
# Enable compression. Very helpful when we're getting stuff like
# large amounts of vehicle tracks in JSON form!
gzip on;
gzip_types text/plain application/xml text/html text/css application/json application/x-javascript text/xml text/javascript application/javascript;
# strip app.php/ prefix if it is present
rewrite ^/$symfonyfile\.php/?(.*)$ /$1 permanent;
location @ppm {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8005;
error_page 502 /502.html;
}
location / {
limit_req zone=gliders burst=5;
set $index_file $symfonyfile".php";
if (-f $document_root/.maintenance) {
return 503;
}
index $index_file;
try_files $uri @ppm;
}
location /dashboard.php {
return 301 /dashboard;
}
location /mission.php {
return 301 /missions;
}
location /glider/mission.php {
return 301 /missions;
}
location /glider {
return 301 /;
}
error_page 413 /413.html;
error_page 502 /502.html;
error_page 504 /504.html;
error_page 503 @maintenance;
location @maintenance {
rewrite ^(.*)$ /maintenance.html break;
}
location ~ ^/(images|fonts|css|js) {
access_log off;
error_log off;
try_files $uri =404;
expires 1y;
add_header Cache-Control "public";
}
location ~ ^/images/vehicles/(?P<vehicle_type>[a-zA-Z0-9]+)_(?P<vehicle_name>[a-zA-Z0-9]+)\.(png|jpg)$ {
access_log off;
error_log off;
try_files $uri images/vehicles/$vehicle_name.png =404;
}
location /static/logs {
alias /var/gliders/logs;
}
location /var/gliders/logs {
alias /var/gliders/logs;
}
location /static {
alias /var/gliders/static;
expires 1d;
add_header Cache-Control "public";
}
location /static/tracks {
alias /var/gliders/static/tracks;
gzip_static on;
}
# location /realtime {
# proxy_pass http://localhost:9002/;
# proxy_read_timeout 10m;
# proxy_connect_timeout 10m;
# }
location @rewriteapp {
rewrite ^(.*)$ /${symfonyfile}.php/$1 last;
}
# pass the PHP scripts to FastCGI server from upstream phpfcgi
location ~ ^/(app|app_dev|config)\.php(/|$) {
# fastcgi_pass hhvmfcgi;
fastcgi_pass phpfcgi;
fastcgi_intercept_errors on;
# error_page 502 = @fallback;
error_page 502 /502.html;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $symfonyroot/web$fastcgi_script_name;
fastcgi_param HTTPS on;
}
# location @fallback {
# fastcgi_pass phpfcgi;
# fastcgi_intercept_errors on;
# include fastcgi_params;
# fastcgi_split_path_info ^(.+\.php)(/.*)$;
# fastcgi_param SCRIPT_FILENAME $symfonyroot/web$fastcgi_script_name;
# fastcgi_param HTTPS off;
# error_page 502 /502.html;
#}
}