fix: Simple config update

magenx · magenx · commit 89f82b36326b · 2025-10-11T15:14:25.000+02:00
- single nginx server
- ssl offload
- adjust for docker
diff --git a/magento2/conf_m2/admin.conf b/magento2/conf_m2/admin.conf
@@ -1,8 +1,8 @@
-
+## Admin location config
 location ~ ^/(index.php/)?${ADMIN_PATH} {
 
  include ipset/allow.conf;
  deny all;
  
- proxy_pass http://varnish;
+ try_files $uri $uri/ /index.php$is_args$args;
 }
diff --git a/magento2/conf_m2/cors.conf b/magento2/conf_m2/cors.conf
@@ -1,21 +1,21 @@
      if ($request_method = 'OPTIONS') {
-        add_header 'Access-Control-Allow-Origin' '$cors_origin';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
-        add_header 'Access-Control-Max-Age' 1728000;
-        add_header 'Content-Type' 'text/plain; charset=utf-8';
-        add_header 'Content-Length' 0;
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Max-Age' 1728000 always;
+        add_header 'Content-Type' 'text/plain; charset=utf-8' always;
+        add_header 'Content-Length' 0 always;
         return 204;
      }
      if ($request_method = 'POST') {
-        add_header 'Access-Control-Allow-Origin' '$cors_origin';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
-        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
      }
      if ($request_method = 'GET') {
-        add_header 'Access-Control-Allow-Origin' '$cors_origin';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
-        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
      }
diff --git a/magento2/conf_m2/maps.conf b/magento2/conf_m2/maps.conf
@@ -33,7 +33,7 @@ map $request $writelog {
 ## CORS headers
 map $http_origin $cors_origin {
     default "";
-    ~*.${DOMAIN}$ "$http_origin";
+    ~*.${DOMAIN}$ $http_origin;
 }
 
 ## Location http auth
diff --git a/magento2/conf_m2/media.conf b/magento2/conf_m2/media.conf
@@ -44,10 +44,10 @@ location /media/ {
     location ~* \.(jpg|jpeg|png|webp|gif|svg|swf|eot|ttf|otf|woff|woff2|js|css|ico|txt)$ {
         expires max;
         add_header Cache-Control "public";
-        proxy_pass http://nginx;
+        try_files $uri $uri/ @media;
     }
     ## Default media handler for other files
-    proxy_pass http://nginx;
+    try_files $uri $uri/ @media;
 }
 
-	
+	location @media { try_files $uri $uri/ /get.php$is_args$args; }
diff --git a/magento2/conf_m2/php_backend.conf b/magento2/conf_m2/php_backend.conf
@@ -2,16 +2,16 @@
 ## specific security and compatibility headers
 add_header X-Magenx-Config 'MagenX -= www.magenx.com =-' always;
 add_header X-Request-Time $request_time always;
-add_header X-Request-ID $http_x_request_id always;
+add_header X-Request-ID $request_id always;
 add_header Strict-Transport-Security "max-age=31556926; includeSubDomains; preload" always;
 add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-add_header X-UA-Compatible 'IE=Edge,chrome=1';
 
 ## php backend settings
 fastcgi_pass            $mage_php_route;
 fastcgi_index           index.php;
 
 fastcgi_keep_conn       on;
+# fastcgi_intercept_errors on;
 include                 fastcgi_params;  
      
 ## Enable Magento profiler
diff --git a/magento2/conf_m2/protect.conf b/magento2/conf_m2/protect.conf
@@ -21,44 +21,44 @@ location ~ ^/((fire|one.+)?checkout|magewire)/  {
   if ($cookie_form_key = "") { return 403; }
   limit_req zone=checkout burst=8;
   limit_req_status 429;
-  proxy_pass http://nginx;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 
 location ~ ^/(wishlist|customer)/  {
   if ($search_bot) { return 410; }
   limit_req zone=customer burst=4;
   limit_req_status 429;
-  proxy_pass http://nginx;
+  try_files $uri $uri/ /index.php$is_args$args;
 }        
 
 location ~ ^/(productalert|outofstocknotification|newsletter|sendfriend|catalog/product_compare|sales/guest/view|contact/index/post|review/product/post)/ {
   if ($search_bot) { return 410; }
   if ($cookie_form_key = "") { return 403; }
   limit_req zone=catalog burst=4;
   limit_req_status 429;
-  proxy_pass http://nginx;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 
 location ~ ^/(catalog)?search/(searchTermsLog|result|ajax.+ges?t)/ {
   if ($search_bot) { return 410; }
   if ($cookie_form_key = "") { return 403; }
   limit_req zone=search burst=4;
   limit_req_status 429;
-  proxy_pass http://nginx;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 
 location ~ /V1/guest-carts/(?<cartId>.+)/payment-information {
   if ($search_bot) { return 410; }
   if ($cookie_form_key = "") { return 403; }
   limit_req zone=payment;
   limit_req_status 429;
-  proxy_pass http://nginx;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 
 location ~ ^/(soap|rest|V1)/ {
   if ($search_bot) { return 410; }
   if ($cookie_form_key = "") { return 403; }
   limit_req zone=api;
   limit_req_status 429;
-  proxy_pass http://nginx;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
diff --git a/magento2/conf_m2/sitemap.conf b/magento2/conf_m2/sitemap.conf
@@ -1,5 +1,11 @@
-location ^/(robots\.txt|google.*\.html) { root $root_path/pub/media/seo; }
-location ~ ^/feeds/.*\.(xml|csv|txt) { root $root_path/pub/media; }
+
+location ^/(robots\.txt|google.*\.html) { 
+  root $root_path/pub/media/seo; 
+}
+
+location ~ ^/feeds/.*\.(xml|csv|txt) { 
+  root $root_path/pub/media; 
+}
 
 location = /sitemap.xml {
   root $root_path/pub/media/sitemap;
diff --git a/magento2/services/phpmyadmin.conf b/magento2/services/phpmyadmin.conf
@@ -5,4 +5,8 @@ location ~ ^/${PHPMYADMIN_PATH}/(.*)$ {
     deny all;
 	
     proxy_pass http://phpmyadmin/$1$is_args$args;
+	
+    add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
+    add_header Pragma "no-cache" always;
+    add_header Expires 0 always;
 }
diff --git a/magento2/services/rabbitmq.conf b/magento2/services/rabbitmq.conf
@@ -1,8 +1,11 @@
 ## RabbitMQ configuration
 location ~ ^/${RABBITMQ_PATH}/(.*)$ {
-  
-  include ipset/allow.conf;
-  deny all;
-  
-  proxy_pass http://rabbitmq/$1$is_args$args;
-}
+    include ipset/allow.conf;
+    deny all;
+
+    proxy_pass http://rabbitmq/$1$is_args$args;
+
+    add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;
+    add_header Pragma "no-cache" always;
+    add_header Expires 0 always;
+}
diff --git a/magento2/sites-available/magento2.conf b/magento2/sites-available/magento2.conf
@@ -4,7 +4,6 @@ include conf_m2/maps.conf;
 ## Certbot renew
 # include conf_m2/certbot_renew.conf;
 
-## Proxy server to apply filters and rules
 server {
   listen nginx:80;
   server_name ${DOMAIN};
@@ -26,46 +25,33 @@ server {
   if ($deny_ip) { return 403; }
   if ($bad_user_agent) { return 403; }
   
-  ## Server maintenance block.
-  include conf_m2/maintenance.conf;
-  
-  ## phpMyAdmin configuration	
-  include services/phpmyadmin.conf;
-  
-  ## Rabbitmq configuration	
-  include services/rabbitmq.conf;
-  
   ## Extra protection rules
-  include conf_m2/extra_protect.conf;
-
+  include conf_m2/protect.conf;
+  
   ## Protect admin path
-  include conf_m2/admin_protect.conf;
-
+  include conf_m2/admin.conf;
+  
   ## Error log/page
-#  include conf_m2/error_page.conf;
+#  include conf_m2/error_page.conf;  
 
+  ## Server maintenance block.
+  include conf_m2/maintenance.conf;
+  
   ## sitemap and feeds?
   include conf_m2/sitemap.conf;
   
   ## Static files push only
   include conf_m2/static.conf;
  
   ## Product images and all media/ files
-  include conf_m2/media.conf;
-
-  ## Proxy-pass to backend
-  location / { 
-    proxy_pass http://nginx; 
-  }
-}
-
-## Backend server
-server {
-  listen nginx:8080;
-  server_name ${DOMAIN};
-
-  root $root_path/pub;
-
+  include conf_m2/media.conf;  
+  
+  ## phpMyAdmin configuration	
+  include services/phpmyadmin.conf;
+  
+  ## Rabbitmq configuration	
+  include services/rabbitmq.conf;
+  
   ## Nginx and php-fpm status
   include conf_m2/status.conf;
 
@@ -82,7 +68,6 @@ server {
   location ~ ^/(index|health_check|get|static|errors/(report|404|503))\.php$ {
     try_files $uri =404;
     include conf_m2/php_backend.conf;
-#    fastcgi_intercept_errors on;
      
     ## Enable POST logging
 #    if ($request_method = POST) {set $ispostlog A;}

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`		`-`
	`1`	`+## Admin location config`
`2`	`2`	`location ~ ^/(index.php/)?${ADMIN_PATH} {`
`3`	`3`
`4`	`4`	`include ipset/allow.conf;`
`5`	`5`	`deny all;`
`6`	`6`
`7`		`- proxy_pass http://varnish;`
	`7`	`+ try_files $uri $uri/ /index.php$is_args$args;`
`8`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ map $request $writelog {`
`33`	`33`	`## CORS headers`
`34`	`34`	`map $http_origin $cors_origin {`
`35`	`35`	`default "";`
`36`		`- ~*.${DOMAIN}$ "$http_origin";`
	`36`	`+ ~*.${DOMAIN}$ $http_origin;`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`## Location http auth`
Original file line number	Diff line number	Diff line change
`@@ -44,10 +44,10 @@ location /media/ {`
`44`	`44`	`location ~* \.(jpg\|jpeg\|png\|webp\|gif\|svg\|swf\|eot\|ttf\|otf\|woff\|woff2\|js\|css\|ico\|txt)$ {`
`45`	`45`	`expires max;`
`46`	`46`	`add_header Cache-Control "public";`
`47`		`- proxy_pass http://nginx;`
	`47`	`+ try_files $uri $uri/ @media;`
`48`	`48`	`}`
`49`	`49`	`## Default media handler for other files`
`50`		`- proxy_pass http://nginx;`
	`50`	`+ try_files $uri $uri/ @media;`
`51`	`51`	`}`
`52`	`52`
`53`		`-`
	`53`	`+ location @media { try_files $uri $uri/ /get.php$is_args$args; }`
Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,8 @@ location ~ ^/${PHPMYADMIN_PATH}/(.*)$ {`
`5`	`5`	`deny all;`
`6`	`6`
`7`	`7`	`proxy_pass http://phpmyadmin/$1$is_args$args;`
	`8`	`+`
	`9`	`+ add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always;`
	`10`	`+ add_header Pragma "no-cache" always;`
	`11`	`+ add_header Expires 0 always;`
`8`	`12`	`}`