# Disable access to sensitive application files
location ~* (app|content|lib)/.*\.(po|php|lock|sql)$ {
return 404;
}
location ~* composer\.json|composer\.lock|.gitignore$ {
return 404;
}
location ~* /\.ht {
return 404;
}
# Image not found replacement
location ~* \.(jpe?g|png|gif|webp|mp4|webm|mov)$ {
log_not_found off;
error_page 404 /content/images/system/default/404.gif;
}
# CORS header (avoids font rendering issues)
location ~* \.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ {
add_header Access-Control-Allow-Origin "*";
}
# PHP front controller
location / {
index index.php;
try_files $uri $uri/ /index.php$is_args$query_string;
}
# Single PHP-entrypoint (disables direct access to .php files)
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/tmp/php-cgi-80.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
© 允许规范转载