generated from theradcoza/Laravel-Docker-Dev-Template
Initial commit
This commit is contained in:
77
deploy/nginx/laravel-site.conf
Normal file
77
deploy/nginx/laravel-site.conf
Normal file
@@ -0,0 +1,77 @@
|
||||
# Nginx site configuration for Laravel on Ubuntu 24.04
|
||||
# This config is for native Nginx (not Docker) behind Nginx Proxy Manager
|
||||
# Place this in /etc/nginx/sites-available/ and symlink to sites-enabled
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# Replace with your domain or internal IP
|
||||
# Nginx Proxy Manager will forward traffic here
|
||||
server_name your-domain.com;
|
||||
|
||||
root /var/www/your-app/public;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
# Security headers
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
# Laravel routing
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
|
||||
# Favicon and robots
|
||||
location = /favicon.ico { access_log off; log_not_found off; }
|
||||
location = /robots.txt { access_log off; log_not_found off; }
|
||||
|
||||
# Error pages
|
||||
error_page 404 /index.php;
|
||||
|
||||
# PHP-FPM configuration
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Timeouts
|
||||
fastcgi_connect_timeout 60;
|
||||
fastcgi_send_timeout 180;
|
||||
fastcgi_read_timeout 180;
|
||||
fastcgi_buffer_size 128k;
|
||||
fastcgi_buffers 4 256k;
|
||||
fastcgi_busy_buffers_size 256k;
|
||||
}
|
||||
|
||||
# Deny access to hidden files
|
||||
location ~ /\.(?!well-known).* {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# Static file caching
|
||||
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf|txt|woff|woff2|ttf|svg)$ {
|
||||
expires 30d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Gzip compression
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_min_length 1024;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml application/xml+rss application/x-font-ttf font/opentype image/svg+xml;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/your-app-access.log;
|
||||
error_log /var/log/nginx/your-app-error.log;
|
||||
}
|
||||
79
deploy/nginx/nginx-proxy-manager-notes.md
Normal file
79
deploy/nginx/nginx-proxy-manager-notes.md
Normal file
@@ -0,0 +1,79 @@
|
||||
# Nginx Proxy Manager Configuration Notes
|
||||
|
||||
## Architecture Overview
|
||||
|
||||
```
|
||||
Internet → Nginx Proxy Manager (Docker/Host) → Native Nginx → PHP-FPM → Laravel
|
||||
↓
|
||||
SSL Termination
|
||||
(Let's Encrypt)
|
||||
```
|
||||
|
||||
## Nginx Proxy Manager Setup
|
||||
|
||||
### Option 1: NPM on Same Server
|
||||
If running NPM on the same Ubuntu 24.04 server:
|
||||
|
||||
1. **NPM listens on ports 80/443** (public)
|
||||
2. **Native Nginx listens on port 8080** (internal only)
|
||||
3. NPM forwards traffic to `localhost:8080`
|
||||
|
||||
Modify `laravel-site.conf`:
|
||||
```nginx
|
||||
server {
|
||||
listen 127.0.0.1:8080; # Only accept local connections
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
### Option 2: NPM on Separate Server
|
||||
If running NPM on a separate server:
|
||||
|
||||
1. Configure firewall to allow NPM server IP
|
||||
2. NPM forwards to `http://your-laravel-server-ip:80`
|
||||
|
||||
## NPM Proxy Host Configuration
|
||||
|
||||
In Nginx Proxy Manager web UI:
|
||||
|
||||
1. **Domain Names**: your-domain.com
|
||||
2. **Scheme**: http
|
||||
3. **Forward Hostname/IP**: 127.0.0.1 (or server IP)
|
||||
4. **Forward Port**: 8080 (or 80)
|
||||
5. **Enable**: Block Common Exploits
|
||||
6. **SSL Tab**:
|
||||
- Request new SSL Certificate
|
||||
- Force SSL
|
||||
- HTTP/2 Support
|
||||
|
||||
## Custom NPM Configuration
|
||||
|
||||
Add to "Advanced" tab if needed:
|
||||
|
||||
```nginx
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# WebSocket support (if using Laravel Echo/Reverb)
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
```
|
||||
|
||||
## Laravel Trusted Proxies
|
||||
|
||||
Update `app/Http/Middleware/TrustProxies.php` or configure in Laravel 11+:
|
||||
|
||||
```php
|
||||
// In bootstrap/app.php or config
|
||||
->withMiddleware(function (Middleware $middleware) {
|
||||
$middleware->trustProxies(at: '*');
|
||||
})
|
||||
```
|
||||
|
||||
Or set in `.env`:
|
||||
```
|
||||
TRUSTED_PROXIES=*
|
||||
```
|
||||
Reference in New Issue
Block a user