alpine:edge gcc 9.2.0 checking for psol ... not found

I'm having some trouble overriding log_format.

I added the NGINX_LOG_FORMAT_OVERRIDE variable with the following string:

$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"

When I redeploy my stack, I receive the error:

nginx: [emerg] duplicate "log_format" name "combined" in /etc/nginx/nginx.conf:20

My stack is running the wodby/drupal-nginx:7-1.15-4.2.0 image.

Uploadprogress does not work in Drupal 7. Actually, I'm not sure about other apps, it seems because Drupal 7 use old-fashion technique of detection uploading progress instead of uploading via JS.

The way to reproduce the issue:

1. Setup vanilla Drupal 7
2. Install modules:

composer require drupal/media drupal/media_bulk_upload drupal/plupload drupal/multiform
drush en media_bulk_upload

3. Go to http://example.com/file/add/upload/archive
4. Try to upload a file large than 1Mb

Hello there,
does this still function as expected?

**Custom preset**
You can use a custom by preset by mounting your preset to /etc/gotpl/presets/[my-preset-name].conf.tmpl and setting $NGINX_VHOST_PRESET=[my-preset-name].

I copied the wordpress preset with the intention of adding some roots/bedrock redirect logic (but have not added it yet).

my docker-compose looks like so

`  
nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
    - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_VHOST_PRESET: bedrock
      NGINX_SERVER_ROOT: /var/www/html/web
    volumes:
    - ./:/var/www/html:cached
    #to add redirects for bedrock assets added to wp prior to bedrock eg: wp-content/uploads/*
    - ./bedrock.conf.tmpl:/etc/gotpl/presets/bedrock.conf.tmpl
## Alternative for macOS users: Mutagen https://wodby.com/docs/stacks/wordpress/local#docker-for-mac
#    - mutagen:/var/www/html
    labels:
    - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
`

my bedrock.config.tmpl is a clone of your wordpress template

the nginx container will crash with nginx: [emerg] no port in upstream "php" in /etc/nginx/preset.conf:103

However, if I change bedrock.config.tmlp to wordpress.config.tmlp and update the docker-compose.yml it will copy my template over and show my changes.

My question is, Am I doing something wrong in the docker compose
NGINX_VHOST_PRESET: bedrock
to where it doesn't know what file to look for?
I can verify that the file does exist inside the container /etc/gotpl/presets/bedrock.conf.tmpl (if I set the vhost back to wordpress to keep the container running).

Thanks in advance, and not a huge issue just more of a "but how do it do" sort of situation.
Take care :)

i like wodby/nginx and i want use it for my symfony project
but when i add my symfony.conf.tmpl and set $NGINX_VHOST_PRESET to symfony fastcgi.conf.tmpl not compiled

I also think that $NGINX_VHOST_PRESET may differ in different environments, and conditional compilation does not make sense

The Drupal project based on the Docker4Drupal stack performs the HTTP response even if the request comes through Traefik 443 port with SSL.
Is there a configuration to pass TLS connection? Or is there any workaround to make the Drupal project perform HTTPS response?

Since the builder for the wordpress allows to customize paths to /wp-content, uploads and plugins folders - it would be great to allow this customization via an additional ENV param as a base path for wp-content and plugin folders. It should also be reflected in the wodby/wordpress and wodby/wordpress-php images

Underscores in headers are forbidden by default, so there should be an ability to enabled it.

https://nginx.ru/en/docs/http/ngx_http_core_module.html#underscores_in_headers
https://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names

Is it possible to add webp extension to nginx assets extension ?

entrypoint.sh is not checking correctly the custom upstream conf path

This is currently set to check a relative path, although this needs to be absolute.

        elif [[ -f "includes/upstream.${NGINX_VHOST_PRESET}.conf.tmpl" ]]; then
            _gotpl "includes/upstream.${NGINX_VHOST_PRESET}.conf.tmpl" "/etc/nginx/upstream.conf"
        else

Specifying multiple values (index files) in NGINX_INDEX_FILE cause Nginx container startup error:

nginx: [emerg] invalid number of arguments in "fastcgi_index" directive in /etc/nginx/fastcgi.conf:36

It seems it is here https://github.com/wodby/nginx/blob/master/templates/includes/fastcgi.conf.tmpl#L36.

Docker image: wodby/nginx:1.15-5.0.16
Preset: WordPress
NGINX_INDEX_FILE value: index.php index.html

YAML files are often attached to content for explanatory or documentation purposes. A blanket ban makes no sense, and .yaml is still allowed sitewide anyway.
A concrete example of uploaded .yml files is in a developer portal, where a valid OpenAPI specification can be in JSON or YAML format, and needs to be uploaded for later rendering via SwaggerUI or a similar library. There are certainly other use cases that are all completely valid. YAML or JSON files in the files directory are safe because of all the other precautions we have in the config. I realize that the blanket 404 is a straight port from Drupal's .htaccess, and it should be fixed there as well, but here we can start.

Proposed change to line 39 of templates/presets/drupal9.conf.tmpl (and earlier Drupal versions as well):

-   location ~* /sites/.+/files/.+\.txt {
+   location ~* /sites/.+/files/.+\.(txt|yml) {

I cant figure out how to enable port 443.
This is my docker-compose file:

nginx:
image: wodby/nginx:$NGINX_TAG
container_name: "${PROJECT_NAME}_nginx"
depends_on:
- php
ports:
- "80:80"
- "443:443"
environment:
NGINX_STATIC_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
NGINX_VHOST_PRESET: wordpress
#NGINX_SERVER_ROOT: /var/www/html/subdir
volumes:
- $PWD/codebase:/var/www/html
- /etc/nginx

I checked the port , but it says its closed. (also not used by other services). I use nginx with wordpress.

With this docker-compose.yml I'm receiving:

• 502 Bad Gateway when accessing the site from host: http://localhost:8080
• Accessing from the php container, I'm getting Recv failure: Connection reset by peer for "http://php:9000" (note that using port 80, it gives Failed to connect to php port 80)

Any clue?

version: "2"
services:
  php:
    image: wodby/drupal-php:8.1-4.37.12
    environment:
      DB_HOST: mariadb
      DB_USER: drupal
      DB_PASSWORD: drupal
      DB_NAME: drupal
      DB_DRIVER: mysql
      PHP_XDEBUG: 0
      PHP_FPM_USER: wodby
      PHP_FPM_GROUP: wodby
      PHP_FPM_CLEAR_ENV: "yes"
      PHP_OPCACHE_PRELOAD_USER: wodby
      PHP_XDEBUG_DEFAULT_ENABLE: 0
      PHP_XDEBUG_REMOTE_CONNECT_BACK: 1
      PHP_XDEBUG_REMOTE_HOST: "10.254.254.254"
      PHP_XDEBUG_IDEKEY: "PHPSTORM"
      PHP_IDE_CONFIG: "serverName=drupalextension"
    volumes:
      - ./:/var/www/html

  mariadb:
    image: wodby/mariadb:10.3-3.8.4
    stop_grace_period: 30s
    environment:
      MYSQL_ROOT_PASSWORD: password
      MYSQL_DATABASE: drupal
      MYSQL_USER: drupal
      MYSQL_PASSWORD: drupal

  nginx:
    image: wodby/nginx:1.16-5.11.3
    depends_on:
      - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_BACKEND_PORT: 80
      NGINX_SERVER_ROOT: /var/www/html
      NGINX_VHOST_PRESET: drupal9
    volumes:
      - ./:/var/www/html
    ports:
      - "8080:80"

I think level 6 - not best idea.
It slower than gzip, also i can't use brotli_static and gzip together for static files.
I runed some tests and think than 2 - better level by default, response smaller than gziped and nginx work fast.

Custom presets will not work. Look at the docker-entrypoint.sh:
if [[ "${NGINX_VHOST_PRESET}" =~ ^drupal8|drupal7|drupal6|wordpress|php$ ]]; then
_gotpl "includes/upstream.php.conf.tmpl" "/etc/nginx/upstream.conf"
elif [[ "${NGINX_VHOST_PRESET}" =~ ^http-proxy|django$ ]]; then
if [[ -z "${NGINX_BACKEND_HOST}" && "${NGINX_VHOST_PRESET}" == "django" ]]; then
export NGINX_BACKEND_HOST="python";
fi

        _gotpl "includes/upstream.http-proxy.conf.tmpl" "/etc/nginx/upstream.conf"
    fi

As you see upstream is not gonna be parsed for custom preset and an error is generated:
nginx: [emerg] no port in upstream "php" in

When trying to use nfs volume on Catalina OS it is important to have the user wodby with uid 501:20 . In php container there is a work around by having -dev-macos. Is there any container for nginx? And also other containers mariadb and so on. Is there any other way to change the user with environment variables?

Alpine support has been added recently apache/incubator-pagespeed-ngx#1181. Disable by default, add env var to enable it.

Hello all.
Using the nginx 1.5-5.0.18 I can set the default index file other than index.php with the environment variable NGINX_INDEX_FILE, with NGINX_VHOST_PRESET: php

Unfortunately if I try to use any other version from 1.15-5.1.0 and above this doesn't work. Of 'course none of the available versions of 1.17 works as well.

Then change that happened at the php preset is at line 5 where
{{ $index := (getenv "NGINX_INDEX_FILE" "index.php") }}
cahnged to
{{ $index := (getenv "NGINX_FASTCGI_INDEX" "index.php") }}

As a result of the above is to have a different file mentioned at the produced preset.conf file inside /etc/nginx, where on every version from 5.1.0 there is the following line
try_files $uri /index.php?$args;
instead of
try_files $uri /front.php?$args;
For the above I set the NGINX_INDEX_FILE: front.php

Of 'course if I set both ENV variables the same file, it works just fine. i.e.
NGINX_INDEX_FILE: 'front.php'
NGINX_FASTCGI_INDEX: 'front.php'

Is this intentional or a mistake? I am asking because the documentation doesn't mention it anywhere.

Access to *.txt files allowed only if they are located in files directory

For pki verification *.txt files form <root>/.well-known directory also should be accessible.

Consider hiding header like X-Page-Speed: 1.13.35.2-0 or replacing it by boolean flag to do not disclosure PageSpeed version.

Actually I'm not able to load any custom setup for nginx. Whatever path I set with NGINX_SERVER_EXTRA_CONF_FILEPATH custom conf file is not found.

Or if someone can point me, need to set some custom location { ... } with proxy_pass
thanks

location ~* ^.+.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;

add_header Access-Control-Allow-Origin *;
try_files $uri @production;

}

location @production {
resolver 1.1.1.1;
#proxy_ssl_session_reuse on;
#proxy_ssl_verify off;
#proxy_ssl_verify_depth 2;
#proxy_ssl on;
#proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#proxy_ssl_server_name on;
proxy_pass https://someurl.com/$uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

Just a question: would it be maybe possible to make user id of www-data user customizable by environmental variable?

Currently when I'm running drupal-nginx container, the owner of the volume directory becomes user 82, which makes problems. Maybe customizable user id of www-data could solve the problem, by making it possible to set www-data user to the same id as the user on the host? Is it even possible? Or maybe there is some other way to get around of this? I'm kind of new so maybe I missed something.

Hello,

Lets say we have a php project in the directory located at /var/www/html/my-project
When trying to define that as the root dir of nginx, something seems to be failing:

https://github.com/wodby/nginx/blob/master/templates/includes/defaults.conf.tmpl#L7-L9

It looks like nginx will respond with some happy's 302 all the time, probably that sentence does not know the root it in that special directory. (this is a wordpress site, with the 'wordpress' preset been used)

What can we do about this?

It looks like nginx does not allow to put 'root /var/www/html/my-project ' in that particular sentence.

Thanks!

The custom log format option will not change the access log in nginx.conf

The reason is https://github.com/wodby/nginx/blob/master/templates/nginx.conf.tmpl#L24, the variable declared in this line has local scope as per go template parsing rules, so this will not override the variable declared($access_log_format ) in the outer scope.

Is there any reason why in fastcgi_params.tpl there is no fastcgi_param QUERY_STRING $query_string; line? I just finished a long debugging session to conclude that query parameters are not being passed to the web server, because of lack of this line, and this breaks some ready nginx configurations available on the internet. As you can see, in nginx this parameter is set by default: https://github.com/nginx/nginx/blob/branches/stable-1.10/conf/fastcgi_params

Brotli (br) compression can give quite a performance boost. Especially when CDN proxies it transparently.

since most of the installations will be behind some sort of docker ingress/load balancer/proxy - this would be great to have RespectXForwardedProto enabled by default:
https://www.modpagespeed.com/doc/https_support#RespectXForwardedProto

I believe it's a non-breaking change, or otherwise possibly an array or an environment var can be introduced to inject custom config lines without extra files. Ie just an ENV variable out in nginx config, instead of
https://github.com/wodby/nginx/blob/3d4db7d40e2decafa5b5bc0fff88272fea5ef809/templates/includes/defaults.conf.tmpl#L77-L80

Thank you.

Lines in the nginx.conf seem to attempt to re-initialize already set variable:
https://github.com/wodby/nginx/blob/master/templates/nginx.conf.tmpl#L24
I believe the fix for this is very simple and it is to remove : in the existing variable re-assignment, ie:
{{ $access_log_format = "custom" }}

Reference:
https://golang.org/pkg/text/template/#hdr-Variables

Hi there. I'm using the AdvAgg module and everything is working great except one small thing. Im using the D7 configuration but for some reason the location directive in line #55 is not working:

location ~* /sites/.*/files/advagg_css/css[_[:alnum:]]+\.css$ {
    access_log {{ getenv "NGINX_STATIC_ACCESS_LOG" "off" }};
    try_files $uri @drupal;
}

For one, I've disabled the static access log so AdvAgg files shouldn't be logged but they are. Also, I'm trying to send the inmutable cache-control directive in the same block, like this, but it's being ignored:

location ~* /sites/.*/files/advagg_css/css[_[:alnum:]]+\.css$ {
    access_log {{ getenv "NGINX_STATIC_ACCESS_LOG" "off" }};
    add_header Cache-Control "public, max-age=31536000, no-transform, immutable";
    try_files $uri @drupal;
}

If I put the directive in the outer block it works just fine. The issue seems to be the regex used to match the naming of AdvAgg's generated files. At least in the latest version (7.x-2.34) for Drupal 7, files are named something like this:

/sites/default/files/advagg_css/css__Tdw-8Mmgx7YtZQ05A9emTDXqrePB-bcUuv-axU4dEPc__ojEG3uFjJdKmsUekgDv2pRvliB8cz3RA2wwjKCXw8KA__0DJ0ZG79NTA--zXyGIopzC36trgu9i59TXgnuPuToaE.css

I'm not an expert but it looks like the css[_[:alnum:]]+\.css expression is trying to match a string like css_0123456789.css (obviously it may contain many more numbers) but in any case it won't be able to match anything given the current naming convention.

Should I just drop these lines in the outer block?

Thanks a lot in advance!

Looks like caused by fastcgi params in system files location

The popular Drupal module Backup and Migrate has an option to save the backup files on the server, and to restore them from there.

The module generates a URL of the form /admin/config/development/backup_migrate/settings/destination/backups/private_files/restore/backup-2022-08-23T16-26-47.tar.gz to perform the restore functionality. It seems that the presence of the full filename in the URL confuses nginx to attempt to locate the static file, which fails and throws a 404.

Any suggestion to add a special case to the config to avoid this error?

Steps to reproduce:

• Up and running Docker4Drupal stack;
• Installed the latest version of Drupal 8.
• removed web/robots.txt file;
• enabled robotstxt module on Drupal 8 installation;
• go to the /robots.txt page;

Expected results:

• Status code - 200;
• Returned default content of robots.txt file provided by robotstxt module;

Actual result:

• Status code - 404;
• No result provided. No request redirected to index.php when robots.txt file not exists.

I could not find a configuration to activate HSTS is there plans of implementing?

The Nginx official document recommends to enable ssl_session_cache and set that to shared:name:size, which enables cache shared between all worker processes.

"To reduce the processor load it is recommended to set the number of worker processes equal to the number of processors, enable keep-alive connections,enable the shared session cache,"

I wonder whether the default setting need to be changed. Thanks.

Hello, please help me to set NGINX_SERVER_EXTRA_CONF_FILEPATH for nginx in wodby/wordpress.
Here is my docker-compose

nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
      - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_VHOST_PRESET: wordpress
      NGINX_SERVER_EXTRA_CONF_FILEPATH: /etc/nginx/nginx-locations.conf
    volumes:
      - ./www:/var/www/html
      - ./nginx/nginx-locations.conf:/etc/nginx/nginx-locations.conf
    labels:
    - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"

And here is nginx-locations.conf:

location ~ ^/wp-content/uploads/(.*) {
      try_files $uri @live_uploads;
    }

    location @live_uploads {
        rewrite ^/wp-content/uploads/(.*)$ https://mysite.ru/wp-content/uploads/$1 permanent;
    }

And the whole combination is not working. What I am doing wrong?

Hi :)
First I want to say that I am absolutely loving all the containers and that you've done a wonderful job.
And second - to the question:

I want to use the wodby/nginx:1.17-5.6.8 but I want to additionally install yarn there so I thought I could use it and just extend it.
So this is what I did:
docker-compose.yml:

version: "3"
services:
  styleguide:
    build: nginx
    container_name: "${PROJECT_NAME}_page"
    environment:
      NGINX_SERVER_ROOT: /var/www/html/dist
    volumes:
      - ./:/var/www/html
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_styleguide.rule=Host(`${PROJECT_BASE_URL}`)"

nginx/Dockerfile:

FROM wodby/nginx:1.17-5.6.8

RUN apk add yarn

I also have a .env file of course with the PROJECT_NAME, PROJECT_BASE_URL values.

The thig is that when I am doing it so - it builds, but the environment variable NGINX_SERVER_ROOT does not get recognized.

on the other hand if I am not extending it, but simply am doing

version: "3"
services:
  styleguide:
    image: wodby/nginx:1.17-5.6.8
    container_name: "${PROJECT_NAME}_page"
    environment:
      NGINX_SERVER_ROOT: /var/www/html/dist
    volumes:
      - ./:/var/www/html
    labels:
      - "traefik.http.routers.${PROJECT_NAME}_styleguide.rule=Host(`${PROJECT_BASE_URL}`)"

using directly the image, without re-building - it of course works.
Would you please advise me on how could I both extend, and re-use the wonderful Environment Variables of this project?

Cheers and have a nice day,
Nikolay

In theory NGINX_HIDE_50x_ERRORS allows to exclude the creation of the error handler. However, leaving empty, setting 0 "Off" or "0" still generates the location section.

What is the value that we need to put there?

This is the definition on my docker-compose.yml file

  nginx:
    image: wodby/nginx:$NGINX_TAG
    container_name: "${PROJECT_NAME}_nginx"
    depends_on:
      - php
    environment:
      NGINX_STATIC_OPEN_FILE_CACHE: "off"
      NGINX_ERROR_LOG_LEVEL: debug
      NGINX_BACKEND_HOST: php
      NGINX_SERVER_ROOT: /var/www/html/docroot
      NGINX_VHOST_PRESET: $NGINX_VHOST_PRESET
      NGINX_HIDE_50x_ERRORS:
    volumes:
      - ./docroot:/var/www/html:cached

Howdy,

I have found a conflict between Wodby and W3 Total Cache which I believe is due to a rewrite that needs a condition in the nginx WordPress preset.
Nginx will throw a 404 when a user tries to access an HTML file that do not exist when "Browser cache" is enabled in W3 Total Cache.

It is the following configuration, added in W3's Nginx configuration, that will start the problem:

location ~ \.(html|htm|rtf|rtx|svg|txt|xsd|xsl|xml)$ {
    expires 3600s;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    add_header X-Powered-By "W3 Total Cache/0.9.7.3";
}

This configuration will cause an error giving a 404 response in Nginx instead of passing the URL to the web app when a user tries to access a static html file that do not exist. See the error message below.

nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "/wp-admin$" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "^/[_0-9a-zA-Z-]+(/wp-.*)" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "^/[_0-9a-zA-Z-]+(/.*\.php)$" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [notice] 42#42: *8 "/wp-admin$" does not match "/test-test.html", client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 2019/05/10 13:18:07 [error] 42#42: *8 open() "/var/www/html/test-test.html" failed (2: No such file or directory), client: 172.18.0.2, server: default, request: "GET /test-test.html HTTP/1.1", host: "nginx-test.localhost"
nginx_1    | 172.18.0.2 - - [10/May/2019:13:18:07 +0000] "GET /test-test.html HTTP/1.1" 404 193 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"

I'm guessing it's this rewrite rule that's the cause of the conflict: https://github.com/wodby/nginx/blob/master/templates/presets/wordpress.conf.tmpl#L109

How to reproduce:

• Create a fresh install of WordPress with the docker4wordpress Docker stack.
• Install W3 Total Cache plugin
• Enable Browser cache in W3 Total Cache (or import this json settings file )
• Add the new nginx.conf file in the root of the WordPress site (NGINX_SERVER_EXTRA_CONF_FILEPATH: /var/www/html/dev.nginx.conf)
• Try to access a random path ending with .html (example: http://vanilla-install.localhost/unknown-path.html)
• Nginx will now throw a 404 page without passing the URL to WordPress.

What was expected?

I expected the URL to be passed to WordPress so WordPress would be able to determine if it was an actual error or not. Right now Nginx just throws a 404 without hitting the web app.

Edit: Updated line-number in WordPress preset template.

I have added mod security module and owasp top 10 crs ruleset for protection. If any one can verify i can make a pull request for the same.

Please check
https://github.com/allupaku/nginx

We are having some trouble with pagespeed and HTTPS resources.
Example where you can see it: https://conscia.com/solutions/?PageSpeedFilters=+debug

Some of our assets do not get processed because of the following messages, when enabling pagespeed:
<!--The preceding resource was not rewritten because it is not authorized-->
<!--4xx status code, preventing rewriting of https://...-->

Looking around the internet it could be related to some of the following:
https://www.modpagespeed.com/doc/domains#mapping_origin
https://www.modpagespeed.com/doc/https_support#https_fetch

... and more unlikely something about certificates but it might be an issue based on the alpine build (we're hosted at Wodby and use Let's Encrypt certificates on the provided website):
https://www.modpagespeed.com/doc/https_support#configuring_ssl_certificates

Hi there,
I am using the entire Docker4Drupal stack for de-coupled Drupal development. I enabled 'CORS' in drupal services.yml and I need to enable Nginx to allow for CORS as well. By default, it uses the preset 'drupal8.conf.tmpl', how can I modify this tmpl file to enable CORS?

Thanks,

I would like to mount my volume readonly but the container exits because it can't change ownership of the files.

Steps to reproduce:

$ docker run -v /home/user/www/:/var/www/html/:ro -p 8080:80 wodby/nginx:1.20

Result:

chown: /var/www/html: Read-only file system

Type: enhancement
Environment: Kubernetes

We are using the Drupal 8 health_check module for K8 readiness and liveness tests but this clutters the access log.
Is het possible to create a variabele to exclude a path from the access_log (/health in our case)?

Ref: https://www.drupal.org/project/health_check

I am trying to use this container in a working project, the website loads but assets arend loaded en get a 404 from drupal. I am sharing only the files dir on a volume to nginx. Is there a way to get nginx to load js and css from core modules through the webserver? At the moment it tries to send it to index.php which result in a 404

I see the error_log location is /proc/self/fd/2 and it is not a regular file, how can I view the error log? And can I customize the location of error_log?

Hi there,

We got the requirement to start nginx using sudo -E nginx instead of just the default sudo nginx (= I dont provide a command at all).

I tried changing the docker command to sudo -E nginx , but it fails to come up entirely now. So I'm trying to understand how it all works.
The container runs as wodby user, where all the environment variables reside. Now the nginx is started with a regular sudo (without "-E") and it works. But how?
If all the env vars are registered in the shell the container runs as (=wodby), how does the nginx see all these env vars? Are they passed into the sudo environment somehow?
Or maybe the nginx doesnt even need the env vars since it's config is being generated out of these? But then why won't it work with sudo -E since there should be a proper config file either way. I really hope someone can help me understand, thank you!!

Make set_real_ip_* params configurable in http scope.

1. set_real_ip_from - env var value: JSON array of strings; in config: one or multiple strings, non-specified by default
2. real_ip_header - string, default X-Real-IP
3. real_ip_recursive - boolean, off by default

Ref http://nginx.org/en/docs/http/ngx_http_realip_module.html

It would be nice to be able to run WebSockets with Nginx.

The current configuration doesn't allow it, but it should be easy to add the ability. What do you think?

Consider support of proxying of static file requests to Wordpress preset simmilar to Drupals NGINX_DRUPAL_FILE_PROXY_URL`.