Loading Dockerfile +6 −2 Original line number Diff line number Diff line # syntax = docker/dockerfile:1.0-experimental FROM php:7.3-fpm as deps ARG nginx_version=latest FROM nginx:${nginx_version} as frontend LABEL uk.org.kodo.maintainer = "Dom Sekotill <dom.sekotill@kodo.org.uk>" COPY nginx.conf /etc/nginx/conf.d/default.conf FROM php:7.3-fpm as deps RUN apt-get update \ && apt-get install -y \ libgmp10 \ Loading @@ -12,7 +17,6 @@ RUN apt-get update \ FROM deps as compile RUN apt-get update \ && apt-get install -y \ libgmp-dev \ Loading nginx.conf 0 → 100644 +111 −0 Original line number Diff line number Diff line map $http_x_forwarded_proto $forwarded_https { default off; https on; } server { listen 80; server_name _; root /app; set_real_ip_from 10.0.0.0/8; real_ip_header X-Forwarded-For; location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /app; fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto; fastcgi_param HTTPS $forwarded_https; fastcgi_param SERVER_ADDR $http_x_forwarded_host; fastcgi_param SERVER_PORT $http_x_forwarded_port; fastcgi_pass localhost:9000; } # block the XMLRPC script location = /xmlrpc.php { return 404; } # allow the new JSON REST API location /wp-json/ { try_files /non-existant /index.php$is_args$args; } # use /index.php as a front controller if the base of the URI path does # not exist location / { try_files $uri /index.php$is_args$args; add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; } # serve only static files from wp-includes location ^~ /wp-includes/ { add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; } # wp-admin uses lots of directly accessed PHP scripts, unfortunately location = /admin/ { rewrite ^ /wp-admin/ permanent; } location /wp-admin/ { try_files $uri $uri/index.php; add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; } # serve only static files from wp-content location ^~ /wp-content/ { add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; # don't serve PHP source code from plugins, etc location ~ \.php { return 404; } # limit the usefulness of malicious HTML/JS hosted in # /wp-content/uploads by serving only media & common data files with # their correct mime-type location /wp-content/uploads/ { default_type application/octet-stream; types { # images # image/gif gif; image/jpeg jpeg jpg; image/png png; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; # audio # application/ogg ogx; audio/midi mid midi kar; audio/mpeg mpga mpega mp2 mp3 m4a; audio/ogg oga ogg spx; audio/x-realaudio ra; audio/webm weba; # video # video/3gpp 3gpp 3gp; video/mp4 mp4; video/mpeg mpeg mpg mpe; video/ogg ogv; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; # archives # application/x-tar tar; application/x-gtar tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz; application/zip zip zipx; application/x-7z-compressed 7z s7z ace; application/x-rar-compressed rar; } } } } Loading
Dockerfile +6 −2 Original line number Diff line number Diff line # syntax = docker/dockerfile:1.0-experimental FROM php:7.3-fpm as deps ARG nginx_version=latest FROM nginx:${nginx_version} as frontend LABEL uk.org.kodo.maintainer = "Dom Sekotill <dom.sekotill@kodo.org.uk>" COPY nginx.conf /etc/nginx/conf.d/default.conf FROM php:7.3-fpm as deps RUN apt-get update \ && apt-get install -y \ libgmp10 \ Loading @@ -12,7 +17,6 @@ RUN apt-get update \ FROM deps as compile RUN apt-get update \ && apt-get install -y \ libgmp-dev \ Loading
nginx.conf 0 → 100644 +111 −0 Original line number Diff line number Diff line map $http_x_forwarded_proto $forwarded_https { default off; https on; } server { listen 80; server_name _; root /app; set_real_ip_from 10.0.0.0/8; real_ip_header X-Forwarded-For; location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /app; fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto; fastcgi_param HTTPS $forwarded_https; fastcgi_param SERVER_ADDR $http_x_forwarded_host; fastcgi_param SERVER_PORT $http_x_forwarded_port; fastcgi_pass localhost:9000; } # block the XMLRPC script location = /xmlrpc.php { return 404; } # allow the new JSON REST API location /wp-json/ { try_files /non-existant /index.php$is_args$args; } # use /index.php as a front controller if the base of the URI path does # not exist location / { try_files $uri /index.php$is_args$args; add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; } # serve only static files from wp-includes location ^~ /wp-includes/ { add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; } # wp-admin uses lots of directly accessed PHP scripts, unfortunately location = /admin/ { rewrite ^ /wp-admin/ permanent; } location /wp-admin/ { try_files $uri $uri/index.php; add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; } # serve only static files from wp-content location ^~ /wp-content/ { add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; # don't serve PHP source code from plugins, etc location ~ \.php { return 404; } # limit the usefulness of malicious HTML/JS hosted in # /wp-content/uploads by serving only media & common data files with # their correct mime-type location /wp-content/uploads/ { default_type application/octet-stream; types { # images # image/gif gif; image/jpeg jpeg jpg; image/png png; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; # audio # application/ogg ogx; audio/midi mid midi kar; audio/mpeg mpga mpega mp2 mp3 m4a; audio/ogg oga ogg spx; audio/x-realaudio ra; audio/webm weba; # video # video/3gpp 3gpp 3gp; video/mp4 mp4; video/mpeg mpeg mpg mpe; video/ogg ogv; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; # archives # application/x-tar tar; application/x-gtar tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz; application/zip zip zipx; application/x-7z-compressed 7z s7z ace; application/x-rar-compressed rar; } } } }
