-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdefault
More file actions
170 lines (150 loc) · 5.82 KB
/
default
File metadata and controls
170 lines (150 loc) · 5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
server {
listen 8080;
listen [::]:8080;
root /home/site/wwwroot;
index index.php index.html index.htm;
server_name _;
port_in_redirect off;
# Allow large POST bodies (trajectory data can exceed 1MB default)
client_max_body_size 50m;
# Gzip compression — ~75% bandwidth reduction on text-based responses
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 256;
gzip_types
text/plain
text/css
text/csv
text/javascript
application/javascript
application/json
application/xml
image/svg+xml
application/font-woff2
font/woff2;
# Disable automatic directory slash redirect
absolute_redirect off;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Logging
access_log /home/LogFiles/nginx_access.log;
error_log /home/LogFiles/nginx_error.log;
# PHP-FPM status page (for monitoring)
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
# Health check endpoint
location /healthcheck.php {
access_log off;
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# Extensionless URL rewrites - map clean URLs to .php files
# This prevents nginx from treating these as directories and adding trailing slashes
location ~ ^/(advisory-builder|airport_config|airspace-elements|cdm|ctp|data|demand|event-aar|fmds-comparison|gdt|hibernation|historical-routes|jatoc|logout|navdata|nod|ntml-log|plan|playbook|privacy|rad|reroutes|review|route|schedule|sheet|simulator|splits|status|sua|swim|swim-doc|swim-docs|swim-keys|tmi-publish|transparency)$ {
try_files /$1.php =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$1.php;
fastcgi_param QUERY_STRING $args;
}
# SWIM API: metering/{airport} and metering/{airport}/sequence
location ~ ^/api/swim/v1/metering/[A-Za-z0-9]+ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/api/swim/v1/metering.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_read_timeout 600;
}
# SWIM API: reference/{domain}/{path...} - all reference library endpoints
location ~ ^/api/swim/v1/reference/(airports|navigation|airspace|facilities|aircraft|airlines|routes|airac|utilities|hierarchy|bulk)/(.+) {
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/api/swim/v1/reference/$1.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_read_timeout 600;
}
# SWIM API: reference/taxi-times/{airport}
location ~ ^/api/swim/v1/reference/taxi-times/[A-Za-z0-9]+ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/api/swim/v1/reference/taxi-times.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_read_timeout 600;
}
# SWIM API: flight/{gufi} single flight lookup
location ~ ^/api/swim/v1/flight/[A-Za-z0-9_\-]+ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/api/swim/v1/flight.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_read_timeout 600;
}
# Default location block - handle PHP and static files
# Falls back to @phpfallback which tries appending .php extension
location / {
try_files $uri $uri/ @phpfallback;
}
# PHP fallback - try appending .php to the URI
# Handles extensionless API routes like api/data/plans.l -> plans.l.php
# and any other PHP files not in the explicit rewrite list above
location @phpfallback {
try_files $uri.php =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param QUERY_STRING $query_string;
}
# PHP file processing
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
# Increase timeouts for long-running scripts (daemons, analysis)
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
}
# Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny access to sensitive files
location ~ /(config\.php|\.env|\.git|\.htaccess|composer\.(json|lock))$ {
deny all;
access_log off;
log_not_found off;
}
# YAML files — set correct MIME type (needed for Swagger UI to parse OpenAPI spec)
location ~* \.ya?ml$ {
default_type text/yaml;
expires 1h;
add_header Cache-Control "public";
}
# Static file caching
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|svg|woff|woff2|ttf|eot)$ {
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
}