upstream backend { # The number of idle keepalive connections to an upstream server that remain open for each worker process server ${PHP_FPM_HOST}:${PHP_FPM_PORT}; keepalive 40; keepalive_requests 250; # Must be less than php-fpm.conf:pm.max_requests keepalive_timeout 10; } server { listen 8080; listen [::]:8080; server_name localhost; set $base /app; root $base/public; # deny all dot files except .well-known location ~ /\.(?!well-known) { deny all; } # index.php index index.php; # index.php fallback location / { # try to serve file directly, fallback to index.php try_files $uri /index.php$is_args$args; } # Disable falling back to PHP script for the asset directories; location ~ ^/(public|bundles)/ { try_files $uri =404; } # handle non-files location ~ ^/index\.php(/|$) { # default fastcgi_params include fastcgi_params; # fastcgi settings fastcgi_pass backend; fastcgi_index index.php; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_split_path_info ^(.+\.php)(/.*)$; # fastcgi params fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param PHP_ADMIN_VALUE "open_basedir=none"; # Prevents URIs that include the front controller. This will 404: # http://domain.tld/index.php/some-path # Remove the internal directive to allow URIs like this internal; } # return 404 for all other php files not matching the front controller # this prevents access to other php files you don't want to be accessible. location ~ \.php$ { return 404; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 7d; access_log off; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 7d; access_log off; } }