diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 5f2be4c..3bbbd36 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -46,13 +46,13 @@ export SITEMAP_URL=${SITEMAP_URL} export NGINX_CORS_ENABLED=${NGINX_CORS_ENABLED:-0} export NGINX_CORS_DOMAINS=${NGINX_CORS_DOMAINS} if [ ${NGINX_CORS_ENABLED} == 1 ]; then - mkdir -p /etc/nginx/conf.d/fragments/location/php + mkdir -p /etc/nginx/conf.d/fragments/location/cors if [ ! -z ${NGINX_CORS_DOMAINS} ]; then print "Activating filtered CORS on domains: ${NGINX_CORS_DOMAINS}" - envsubst '${PHP_HOST} ${PHP_PORT} ${NGINX_DEFAULT_SERVER_PORT} ${NGINX_DEFAULT_SERVER_NAME} ${NGINX_DEFAULT_ROOT} ${DEFAULT_SERVER} ${NGINX_CORS_DOMAINS}' < /templates/fragments/location/php/cors-filtered.conf > /etc/nginx/conf.d/fragments/location/php/cors.conf + envsubst '${PHP_HOST} ${PHP_PORT} ${NGINX_DEFAULT_SERVER_PORT} ${NGINX_DEFAULT_SERVER_NAME} ${NGINX_DEFAULT_ROOT} ${DEFAULT_SERVER} ${NGINX_CORS_DOMAINS}' < /templates/fragments/location/cors/cors-filtered.conf > /etc/nginx/conf.d/fragments/location/cors/cors.conf else print "Activating unfiltered CORS" - envsubst '${PHP_HOST} ${PHP_PORT} ${NGINX_DEFAULT_SERVER_PORT} ${NGINX_DEFAULT_SERVER_NAME} ${NGINX_DEFAULT_ROOT} ${DEFAULT_SERVER}' < /templates/fragments/location/php/cors-unfiltered.conf > /etc/nginx/conf.d/fragments/location/php/cors.conf + envsubst '${PHP_HOST} ${PHP_PORT} ${NGINX_DEFAULT_SERVER_PORT} ${NGINX_DEFAULT_SERVER_NAME} ${NGINX_DEFAULT_ROOT} ${DEFAULT_SERVER}' < /templates/fragments/location/cors/cors-unfiltered.conf > /etc/nginx/conf.d/fragments/location/cors/cors.conf fi fi @@ -99,15 +99,5 @@ for filename in /etc/nginx/conf.d/custom/*.conf; do fi done -# Rewrite root location fragments. -print "${0}: Rewriting root location fragments on /etc/nginx/conf.d/fragments/location/root/*.conf" -for filename in /etc/nginx/conf.d/fragments/location/root/*.conf; do - if [ -e "${filename}" ] ; then - cp ${filename} ${filename}.tmp - envsubst '${PHP_HOST} ${PHP_PORT} ${NGINX_DEFAULT_SERVER_PORT} ${NGINX_DEFAULT_SERVER_NAME} ${NGINX_DEFAULT_ROOT} ${NGINX_SUBFOLDER} ${NGINX_SUBFOLDER_ESCAPED} ${NGINX_OSB_BUCKET} ${NGINX_OSB_RESOLVER} ${DRUPAL_PUBLIC_FILES_PATH} ${NGINX_CACHE_CONTROL_HEADER}' < $filename.tmp > $filename - rm ${filename}.tmp - fi -done - envsubst '${NGINX_PHP_READ_TIMEOUT}' < /templates/fastcgi.conf > /etc/nginx/fastcgi.conf exec nginx -g "daemon off;" diff --git a/templates/default.conf b/templates/default.conf index 64e0806..7a351f0 100644 --- a/templates/default.conf +++ b/templates/default.conf @@ -88,7 +88,7 @@ server { } location / { - include /etc/nginx/conf.d/fragments/location/root/*.conf; + include /etc/nginx/conf.d/fragments/location/cors/*.conf; try_files $uri @rewrite; } @@ -98,7 +98,7 @@ server { location ~ \.php$ { include fastcgi.conf; - include /etc/nginx/conf.d/fragments/location/php/*.conf; + include /etc/nginx/conf.d/fragments/location/cors/*.conf; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_pass php; } diff --git a/templates/fragments/location/php/cors-filtered.conf b/templates/fragments/location/cors/cors-filtered.conf similarity index 100% rename from templates/fragments/location/php/cors-filtered.conf rename to templates/fragments/location/cors/cors-filtered.conf diff --git a/templates/fragments/location/php/cors-unfiltered.conf b/templates/fragments/location/cors/cors-unfiltered.conf similarity index 100% rename from templates/fragments/location/php/cors-unfiltered.conf rename to templates/fragments/location/cors/cors-unfiltered.conf diff --git a/templates/fragments/location/root/cors-filtered.conf b/templates/fragments/location/root/cors-filtered.conf deleted file mode 100644 index ecae08a..0000000 --- a/templates/fragments/location/root/cors-filtered.conf +++ /dev/null @@ -1,82 +0,0 @@ -set $cors ""; - -if ($http_origin ~* (^https?://([^/]+\.)*(${NGINX_CORS_DOMAINS})$)) { - set $cors "true"; -} - -# No support for nested Ifs, so we need to make things fancier -if ($request_method = 'OPTIONS') { - set $cors "${cors}options"; -} -if ($request_method = 'GET') { - set $cors "${cors}get"; -} -if ($request_method = 'POST') { - set $cors "${cors}post"; -} -if ($request_method = 'PATCH') { - set $cors "${cors}patch"; -} -if ($request_method = 'PUT') { - set $cors "${cors}put"; -} -if ($request_method = 'DELETE') { - set $cors "${cors}delete"; -} - -# Catch all for request methods we're not dealing with -if ($cors = "true") { - add_header 'Access-Control-Allow-Origin' "$http_origin"; -} - -if ($cors = "trueoptions") { - add_header 'Access-Control-Allow-Origin' "$http_origin"; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS'; - - # Support cookies - add_header 'Access-Control-Allow-Credentials' 'true'; - - # Custom headers and headers various browsers *should* be OK with but aren't - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - - # Tell client that this pre-flight info is valid for 20 days - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; -} -if ($cors = "trueget") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "truepost") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "truepatch") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "trueput") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "truedelete") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} diff --git a/templates/fragments/location/root/cors-unfiltered.conf b/templates/fragments/location/root/cors-unfiltered.conf deleted file mode 100644 index 5f437a7..0000000 --- a/templates/fragments/location/root/cors-unfiltered.conf +++ /dev/null @@ -1,78 +0,0 @@ -set $cors "true"; - -# No support for nested Ifs, so we need to make things fancier -if ($request_method = 'OPTIONS') { - set $cors "${cors}options"; -} -if ($request_method = 'GET') { - set $cors "${cors}get"; -} -if ($request_method = 'POST') { - set $cors "${cors}post"; -} -if ($request_method = 'PATCH') { - set $cors "${cors}patch"; -} -if ($request_method = 'PUT') { - set $cors "${cors}put"; -} -if ($request_method = 'DELETE') { - set $cors "${cors}delete"; -} - -# Catch all for request methods we're not dealing with -if ($cors = "true") { - add_header 'Access-Control-Allow-Origin' "$http_origin"; -} - -if ($cors = "trueoptions") { - add_header 'Access-Control-Allow-Origin' "$http_origin"; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS'; - - # Support cookies - add_header 'Access-Control-Allow-Credentials' 'true'; - - # Custom headers and headers various browsers *should* be OK with but aren't - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - - # Tell client that this pre-flight info is valid for 20 days - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; -} -if ($cors = "trueget") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "truepost") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "truepatch") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "trueput") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -} -if ($cors = "truedelete") { - add_header 'Access-Control-Allow-Origin' "$http_origin" always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Credentials' 'true' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,X-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; -}