printshopcreator/.docker/images/nginx/conf.d/default.conf

server {
        index index.php index.html app.php;
        error_log  /var/log/nginx/error.log;
        access_log /var/log/nginx/access.log;

        set $frontRoot __NGINX_ROOT_NEW;
        set $sfApp app.php; # Change to app.php for prod
        client_max_body_size 1000M;
        root __NGINX_ROOT_OLD;
        charset UTF-8;
        location / {

                client_max_body_size 1024M;
                try_files $uri $uri/ @notfile;
                location ~ \.php$ {
                        if ($request_method = 'OPTIONS') {
                            add_header 'Access-Control-Allow-Origin' '*';
                            #
                            # Om nom nom cookies
                            #
                            add_header 'Access-Control-Allow-Credentials' 'true';
                            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                            #
                            # Custom headers and headers various browsers *should* be OK with but aren't
                            #
                            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,apikey';
                            #
                            # Tell client that this pre-flight info is valid for 20 days
                            #
                            add_header 'Access-Control-Max-Age' 1728000;
                            add_header 'Content-Type' 'text/plain charset=UTF-8';
                            add_header 'Content-Length' 0;
                            return 204;
                        }

                        add_header Access-Control-Allow-Origin * always;
                        add_header Access-Control-Allow-Credentials true always;
                        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
                        add_header Access-Control-Expose-Headers Access-Control-Allow-Origin always;
                        add_header Referrer-Policy "strict-origin" always;
                        add_header X-Content-Type-Options nosniff always;
                        #add_header X-Frame-Options "SAMEORIGIN" always;
                        add_header X-XSS-Protection "1; mode=block" always;
                        add_header Content-Security-Policy "default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; worker-src blob:; img-src https: blob: data:" always;
                        fastcgi_temp_path /tmp/fastcgi 1 2;
                        fastcgi_split_path_info ^(.+\.php)(/.+)$;
                        fastcgi_pass   php-fpm:9000;
                        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_param PATH_INFO $fastcgi_path_info;
                        fastcgi_param   SERVER_NAME $http_host;
                        include        fastcgi_params;
                        fastcgi_pass_header *;
                }
        }

        location @notfile {
                rewrite ^(.*) /index.php last;
        }

        location /apps/ { # Static files
                client_max_body_size 1024M;
                root $frontRoot;
                rewrite ^/apps/(.*)$ /$1 break;
                try_files $uri @sfFront;
        }

        location /w2p/ {
            proxy_pass http://tp:8080/w2p/;
            proxy_temp_path /tmp/proxy;
        }

        location @sfFront { # Symfony
                if ($request_method = 'OPTIONS') {
                    add_header 'Access-Control-Allow-Origin' '*';
                    #
                    # Om nom nom cookies
                    #
                    add_header 'Access-Control-Allow-Credentials' 'true';
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
                    #
                    # Custom headers and headers various browsers *should* be OK with but aren't
                    #
                    add_header 'Access-Control-Allow-Headers' 'authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,apikey';
                    #
                    # Tell client that this pre-flight info is valid for 20 days
                    #
                    add_header 'Access-Control-Max-Age' 1728000;
                    add_header 'Content-Type' 'text/plain charset=UTF-8';
                    add_header 'Content-Length' 0;
                    return 204;
                }

                add_header Access-Control-Allow-Origin * always;
                add_header Access-Control-Allow-Credentials true always;
                add_header 'Access-Control-Allow-Headers' 'authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,apikey';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
                add_header Access-Control-Expose-Headers Access-Control-Allow-Origin always;
                fastcgi_temp_path /tmp/fastcgi 1 2;
                fastcgi_pass  php-fpm:9000;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $frontRoot/$sfApp;
                fastcgi_param SCRIPT_NAME /apps/$sfApp;
                fastcgi_param REQUEST_URI /apps$uri?$args;
                fastcgi_param   SERVER_NAME $http_host;
                fastcgi_buffers 16 16k;
                fastcgi_buffer_size 32k;
                fastcgi_param HTTPS off;
        }
}