Override location / for use with php-fpm and allow serving static files

with nginx instead of passing them to fastcgi
2020-04-26 12:48:48 +10:00 · 2020-04-26 12:48:48 +10:00 · 1991982b51
commit 1991982b51
parent 3cbc5417b7
3 changed files with 41 additions and 13 deletions
--- a/2
+++ b/2
@ -31,7 +31,7 @@ WORKDIR /app/

 ENV DOCKER_HOST unix:///tmp/docker.sock

-VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"]
+VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam", "/etc/nginx/static_files"]

 ENTRYPOINT ["/app/docker-entrypoint.sh"]
 CMD ["forego", "start", "-r"]
--- a/README.md
+++ b/README.md
@ -128,14 +128,31 @@ backend container. Your backend container should then listen on a port rather
 than a socket and expose that port.

 ### FastCGI Backends
- 
+
 If you would like to connect to FastCGI backend, set `VIRTUAL_PROTO=fastcgi` on the
 backend container. Your backend container should then listen on a port rather
 than a socket and expose that port.
- 
+
 ### FastCGI File Root Directory

-If you use fastcgi,you can set `VIRTUAL_ROOT=xxx`  for your root directory
+If you use fastcgi, you can set `VIRTUAL_ROOT=xxx`  for your root directory
+
+### FastCGI Serving static files
+
+If you use fastcgi, you can set `LOCATION_PATH=xxx` (eg: "~ \.php$") and use the vhost.d/default or vhost.d/{VIRTUAL_HOST}
+to add:
+```
+location / {
+    try_files $uri /index.php?$query_string;
+    limit_rate_after 1000k;
+    limit_rate 50k;
+}
+```
+
+You can then bind your files in "/etc/nginx/static_files/{VIRTUAL_HOST}" and they'll be served by nginx instead of passing them
+to your fastcgi.
+
+**You should also set the VIRTUAL_ROOT if using static_files binding.**


 ### Default Host
@ -179,6 +196,7 @@ $ docker run --volumes-from nginx \
 Finally, start your containers with `VIRTUAL_HOST` environment variables.

    $ docker run -e VIRTUAL_HOST=foo.bar.com  ...
+
 ### SSL Support using letsencrypt

 [letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) is a lightweight companion container for the nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically.
@ -187,6 +205,7 @@ Set `DHPARAM_GENERATION` environment variable to `false` to disabled Diffie-Hell
 The default value is `true`

     $ docker run -e DHPARAM_GENERATION=false ....
+
 ### SSL Support

 SSL is supported using single host, wildcard and SNI certificates using naming conventions for
@ -292,11 +311,11 @@ site after changing this setting, your browser has probably cached the HSTS poli
 redirecting you back to HTTPS.  You will need to clear your browser's HSTS cache or use an incognito
 window / different browser.

-By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) 
-is enabled with `max-age=31536000` for HTTPS sites.  You can disable HSTS with the environment variable 
-`HSTS=off` or use a custom HSTS configuration like `HSTS=max-age=31536000; includeSubDomains; preload`.  
-*WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time - 
-even if they type in `http://` manually.  The only way to get to an HTTP site after receiving an HSTS 
+By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
+is enabled with `max-age=31536000` for HTTPS sites.  You can disable HSTS with the environment variable
+`HSTS=off` or use a custom HSTS configuration like `HSTS=max-age=31536000; includeSubDomains; preload`.
+*WARNING*: HSTS will force your users to visit the HTTPS version of your site for the `max-age` time -
+even if they type in `http://` manually.  The only way to get to an HTTP site after receiving an HSTS
 response is to clear your browser's HSTS cache.

 ### Basic Authentication Support
--- a/nginx.tmpl
+++ b/nginx.tmpl
@ -1,5 +1,6 @@
 {{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }}

+{{ $location_path := coalesce $.Env.LOCATION_PATH "/" }}
 {{ $external_http_port := coalesce $.Env.HTTP_PORT "80" }}
 {{ $external_https_port := coalesce $.Env.HTTPS_PORT "443" }}

@ -251,7 +252,7 @@ server {
 	listen [::]:{{ $external_http_port }} {{ $default_server }};
 	{{ end }}
 	{{ $access_log }}
-	
+
 	# Do not HTTPS redirect Let'sEncrypt ACME challenge
 	location /.well-known/acme-challenge/ {
 		auth_basic off;
@ -260,7 +261,7 @@ server {
 		try_files $uri =404;
 		break;
 	}
-	
+
 	location / {
 		return 301 https://$host$request_uri;
 	}
@ -275,6 +276,10 @@ server {
 	{{ end }}
 	{{ $access_log }}

+    {{ if (exists (printf "/etc/nginx/static_files/%s" $host)) }}
+    root {{ printf "/etc/nginx/static_files/%s" $host }};
+    {{ end }}
+
 	{{ if eq $network_tag "internal" }}
 	# Only allow traffic from internal clients
 	include /etc/nginx/network_internal.conf;
@ -309,7 +314,7 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}

-	location / {
+	location {{ $location_path }} {
 		{{ if eq $proto "uwsgi" }}
 		include uwsgi_params;
 		uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
@ -347,6 +352,10 @@ server {
 	{{ end }}
 	{{ $access_log }}

+    {{ if (exists (printf "/etc/nginx/static_files/%s" $host)) }}
+    root {{ printf "/etc/nginx/static_files/%s" $host }};
+    {{ end }}
+
 	{{ if eq $network_tag "internal" }}
 	# Only allow traffic from internal clients
 	include /etc/nginx/network_internal.conf;
@ -358,7 +367,7 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}

-	location / {
+	location {{ $location_path }} {
 		{{ if eq $proto "uwsgi" }}
 		include uwsgi_params;
 		uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};