|
1 | 1 | [phases.setup] |
2 | | -nixPkgs = ["...", "python311Packages.supervisor", "openssl"] |
| 2 | +nixPkgs = ["...", "python311Packages.supervisor"] |
3 | 3 |
|
4 | 4 | [phases.build] |
5 | 5 | cmds = [ |
6 | 6 | "mkdir -p /etc/supervisor/conf.d/", |
7 | 7 | "cp /assets/worker-*.conf /etc/supervisor/conf.d/", |
8 | 8 | "cp /assets/supervisord.conf /etc/supervisord.conf", |
9 | 9 | "chmod +x /assets/start.sh", |
10 | | - "mkdir -p /etc/ssl/certs /etc/ssl/private", |
11 | | - "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj '/CN=localhost'", |
12 | 10 | "..." |
13 | 11 | ] |
14 | 12 |
|
@@ -124,48 +122,28 @@ http { |
124 | 122 | error_log /var/log/nginx-error.log; |
125 | 123 | sendfile on; |
126 | 124 | tcp_nopush on; |
127 | | - server_names_hash_bucket_size 128; |
| 125 | + server_names_hash_bucket_size 128; # this seems to be required for some vhosts |
128 | 126 |
|
129 | | - # HTTP server - redirects to HTTPS |
130 | 127 | server { |
131 | 128 | listen ${PORT}; |
132 | 129 | listen [::]:${PORT}; |
133 | 130 | server_name localhost; |
134 | 131 |
|
135 | | - return 301 https://$host$request_uri; |
136 | | - } |
137 | | -
|
138 | | - # HTTPS server |
139 | | - server { |
140 | | - listen 443 ssl; |
141 | | - listen [::]:443 ssl; |
142 | | - server_name localhost; |
143 | | -
|
144 | | - # SSL Certificate Configuration |
145 | | - ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; |
146 | | - ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; |
147 | | - ssl_protocols TLSv1.2 TLSv1.3; |
148 | | - ssl_prefer_server_ciphers on; |
149 | | - ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; |
150 | | - ssl_session_cache shared:SSL:10m; |
151 | | - ssl_session_timeout 1h; |
152 | | - ssl_session_tickets off; |
153 | | -
|
154 | 132 | $if(NIXPACKS_PHP_ROOT_DIR) ( |
155 | 133 | root ${NIXPACKS_PHP_ROOT_DIR}; |
156 | 134 | ) else ( |
157 | 135 | root /app; |
158 | 136 | ) |
159 | 137 |
|
160 | 138 | add_header X-Content-Type-Options "nosniff"; |
161 | | - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; |
162 | 139 |
|
163 | 140 | client_max_body_size 35M; |
164 | 141 | |
165 | 142 | index index.php; |
166 | 143 | |
167 | 144 | charset utf-8; |
168 | 145 | |
| 146 | +
|
169 | 147 | $if(NIXPACKS_PHP_FALLBACK_PATH) ( |
170 | 148 | location / { |
171 | 149 | try_files $uri $uri/ ${NIXPACKS_PHP_FALLBACK_PATH}?$query_string; |
|
0 commit comments