From 53e966e30ee597977d7075c6e04b78243ada17f2 Mon Sep 17 00:00:00 2001
From: Olivier Navas <olivier.navas@libretic.fr>
Date: Wed, 18 Jan 2023 22:43:52 +0100
Subject: [PATCH] Correction configuration nginx en lien avec bug
 https://github.com/getgrav/grav-plugin-form/issues/577

---
 tasks/main.yml               |  1 +
 templates/default.conf       | 61 ++++++++++++++++++++++++++++++++++++
 templates/docker-compose.yml |  1 +
 3 files changed, 63 insertions(+)
 create mode 100644 templates/default.conf

diff --git a/tasks/main.yml b/tasks/main.yml
index 9c639eb..febb086 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,6 +10,7 @@
   with_items:
     - docker-compose.yml
     - robots-sitemap.txt
+    - default.conf
   notify: docker-compose-up
   
 
diff --git a/templates/default.conf b/templates/default.conf
new file mode 100644
index 0000000..8854bfe
--- /dev/null
+++ b/templates/default.conf
@@ -0,0 +1,61 @@
+#config-v1
+server {
+        listen 80 default_server;
+
+        listen 443 ssl;
+
+        root /app/www/public;
+        index index.html index.htm index.php;
+
+        server_name _;
+
+        ssl_certificate /config/keys/cert.crt;
+        ssl_certificate_key /config/keys/cert.key;
+
+        client_max_body_size 0;
+
+        location / {
+                try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
+       
+        # deny running scripts inside core system folders
+        location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+       
+        # deny running scripts inside user folder
+        location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+       
+        # deny access to specific files in the root folder
+        location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
+
+        # location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+        #         expires 30d;
+        #         add_header Vary Accept-Encoding;
+        #         log_not_found off;
+        # }
+
+        # location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$ {
+        #         access_log off;
+        #         expires 30d;
+        #         add_header Cache-Control public;
+
+        # ## No need to bleed constant updates. Send the all shebang in one
+        # ## fell swoop.
+        #         tcp_nodelay off;
+
+        # ## Set the OS file cache.
+        #         open_file_cache max=3000 inactive=120s;
+        #         open_file_cache_valid 45s;
+        #         open_file_cache_min_uses 2;
+        #         open_file_cache_errors off;
+        # }
+
+        location ~ \.php$ {
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                fastcgi_pass 127.0.0.1:9000;
+                fastcgi_index index.php;
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+        }
+}
diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml
index 95183e7..c8dbf4d 100644
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@@ -11,6 +11,7 @@ services:
       - TZ=Europe/Paris
     volumes:
       - ./robots-sitemap.txt:/app/grav-admin/robots.txt
+      - ./default.conf:/config/nginx/site-confs/default.conf
       - {{ docker_grav_data_dir }}/{{ docker_grav_service_id }}/config:/config
     restart: always
     labels: