I need a nginx-config file for ddev running pimcore. I tried it with the pimcore docs.
No success here...
Got:
Failed to restart xxxxxx: web container failed: log=, err=container /ddev-xxxxxx-web unhealthy.
I did add a config file in .ddev/nginx/server.conf. The version of ddev is v1.10.2 The version of pimcore is the latest pimcore 5.
upstream php-pimcore5 {
server unix:/var/run/php-fpm.sock;
}
I want to use the nginx servertype for faster usage of pimcore...
I used this .ddev/nginx-site.conf (based on the config in https://pimcore.com/docs/5.x/Development_Documentation/Installation_and_Upgrade/System_Setup_and_Hosting/Nginx_Configuration.html) and it seems to work OK.
BTW, I had never used pimcore before, but was able to
ddev config --project-type=phpddev composer create pimcore/demoddev config --docroot=webddev restartddev ssh and export PIMCORE_INSTALL_MYSQL_HOST_SOCKET=db:3306; vendor/bin/pimcore-installand there it was.
Here's .ddev/nginx-site.conf:
# mime types are covered in nginx.conf by:
# http {
# include mime.types;
# }
map $http_x_forwarded_proto $fcgi_https {
default off;
https on;
}
server {
listen 80;
server_name _;
root $WEBSERVER_DOCROOT;
index index.php;
access_log /var/log/access.log;
error_log /var/log/error.log error;
# Pimcore Head-Link Cache-Busting
rewrite ^/cache-buster-(?:\d+)/(.*) /$1 last;
# Stay secure
#
# a) don't allow PHP in folders allowing file uploads
location ~* /var/assets/.*\.php(/|$) {
return 404;
}
# b) Prevent clients from accessing hidden files (starting with a dot)
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known/) {
deny all;
log_not_found off;
access_log off;
}
# c) Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf(ig)?|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
# Some Admin Modules need this:
# Database Admin, Server Info
location ~* ^/admin/(adminer|external) {
rewrite .* /app.php$is_args$args last;
}
# Thumbnails
location ~* .*/(image|video)-thumb__\d+__.* {
try_files /var/tmp/$1-thumbnails$uri /app.php;
expires 2w;
access_log off;
add_header Cache-Control "public";
}
# Assets
# Still use a whitelist approach to prevent each and every missing asset to go through the PHP Engine.
location ~* ^(?!/admin/asset/webdav/)(.+?)\.((?:css|js)(?:\.map)?|jpe?g|gif|png|svgz?|eps|exe|gz|zip|mp\d|ogg|ogv|webm|pdf|docx?|xlsx?|pptx?)$ {
try_files /var/assets$uri $uri =404;
expires 2w;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
location / {
error_page 404 /meta/404;
add_header "X-UA-Compatible" "IE=edge";
try_files $uri /app.php$is_args$args;
}
# Use this location when the installer has to be run
# location ~ /(app|install)\.php(/|$) {
#
# Use this after initial install is done:
location ~ ^/app\.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors off;
# fastcgi_read_timeout should match max_execution_time in php.ini
fastcgi_read_timeout 10m;
fastcgi_param SERVER_NAME $host;
fastcgi_param HTTPS $fcgi_https;
}
include /etc/nginx/monitoring.conf;
}