1. upstream fastcgi_backend {
2.    server  dockermagento2compose_php_1:9000;
3. }
4.  
5. server {
6.     listen 80;
7.     server_name php-docker.local;
8.     set $MAGE_ROOT /var/www/html;
9.  
10. root $MAGE_ROOT/pub;
11.  
12. index index.php;
13. autoindex off;
14. charset UTF-8;
15. error_page 404 403 = /errors/404.php;
16.  
17. location ~* ^/setup($|/) {
18.     root $MAGE_ROOT;
19.     location ~ ^/setup/index.php {
20.         fastcgi_pass   fastcgi_backend;
21.  
22.         fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
23.         fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=600";
24.         fastcgi_read_timeout 600s;
25.         fastcgi_connect_timeout 600s;
26.  
27.         fastcgi_index  index.php;
28.         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
29.         include        fastcgi_params;
30.     }
31.  
32.     location ~ ^/setup/(?!pub/). {
33.         deny all;
34.     }
35.  
36.     location ~ ^/setup/pub/ {
37.         add_header X-Frame-Options "SAMEORIGIN";
38.     }
39. }
40.  
41. # PHP entry point for update application
42. location ~* ^/update($|/) {
43.     root $MAGE_ROOT;
44.  
45.     location ~ ^/update/index.php {
46.         fastcgi_split_path_info ^(/update/index.php)(/.+)$;
47.         fastcgi_pass   fastcgi_backend;
48.         fastcgi_index  index.php;
49.         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
50.         fastcgi_param  PATH_INFO        $fastcgi_path_info;
51.         include        fastcgi_params;
52.     }
53.  
54.     # Deny everything but index.php
55.     location ~ ^/update/(?!pub/). {
56.         deny all;
57.     }
58.  
59.     location ~ ^/update/pub/ {
60.         add_header X-Frame-Options "SAMEORIGIN";
61.     }
62. }
63.  
64. location / {
65.     try_files $uri $uri/ /index.php$is_args$args;
66. }
67.  
68. location /pub/ {
69.     location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
70.         deny all;
71.     }
72.     alias $MAGE_ROOT/pub/;
73.     add_header X-Frame-Options "SAMEORIGIN";
74. }
75.  
76. location /static/ {
77.     # Uncomment the following line in production mode
78.     # expires max;
79.  
80.     # Remove signature of the static files that is used to overcome the browser cache
81.     location ~ ^/static/version {
82.         rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
83.     }
84.  
85.     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
86.         add_header Cache-Control "public";
87.         add_header X-Frame-Options "SAMEORIGIN";
88.         expires +1y;
89.  
90.         if (!-f $request_filename) {
91.             rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
92.         }
93.     }
94.     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
95.         add_header Cache-Control "no-store";
96.         add_header X-Frame-Options "SAMEORIGIN";
97.         expires    off;
98.  
99.         if (!-f $request_filename) {
100.            rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
101.         }
102.     }
103.     if (!-f $request_filename) {
104.         rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
105.     }
106.     add_header X-Frame-Options "SAMEORIGIN";
107. }
108.  
109. location /media/ {
110.     try_files $uri $uri/ /get.php$is_args$args;
111.  
112.     location ~ ^/media/theme_customization/.*\.xml {
113.         deny all;
114.     }
115.  
116.     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
117.         add_header Cache-Control "public";
118.         add_header X-Frame-Options "SAMEORIGIN";
119.         expires +1y;
120.         try_files $uri $uri/ /get.php$is_args$args;
121.     }
122.     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
123.         add_header Cache-Control "no-store";
124.         add_header X-Frame-Options "SAMEORIGIN";
125.         expires    off;
126.         try_files $uri $uri/ /get.php$is_args$args;
127.     }
128.     add_header X-Frame-Options "SAMEORIGIN";
129. }
130.  
131. location /media/customer/ {
132.     deny all;
133. }
134.  
135. location /media/downloadable/ {
136.     deny all;
137. }
138.  
139. location /media/import/ {
140.     deny all;
141. }
142.  
143. # PHP entry point for main application
144. location ~ (index|get|static|report|404|503|health_check)\.php$ {
145.     try_files $uri =404;
146.     fastcgi_pass   fastcgi_backend;
147.     fastcgi_buffers 1024 4k;
148.  
149.     fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
150.     fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=18000";
151.     fastcgi_read_timeout 600s;
152.     fastcgi_connect_timeout 600s;
153.  
154.     fastcgi_index  index.php;
155.     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
156.     include        fastcgi_params;
157. }
158.  
159. gzip on;
160. gzip_disable "msie6";
161.  
162. gzip_comp_level 6;
163. gzip_min_length 1100;
164. gzip_buffers 16 8k;
165. gzip_proxied any;
166. gzip_types
167.     text/plain
168.     text/css
169.     text/js
170.     text/xml
171.     text/javascript
172.     application/javascript
173.     application/x-javascript
174.     application/json
175.     application/xml
176.     application/xml+rss
177.     image/svg+xml;
178. gzip_vary on;
179.  
180. # Banned locations (only reached if the earlier PHP entry point regexes don't match)
181. location ~* (\.php$|\.htaccess$|\.git) {
182.     deny all;
183. }
184. }
185.