2 error_log /var/log/nginx/error.log;
4 worker_connections 1024;
9 default_type application/octet-stream;
11 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
12 '$status $body_bytes_sent "$http_referer" '
13 '"$http_user_agent" "$http_x_forwarded_for"';
14 access_log /var/log/nginx/access.log main;
20 server_names_hash_bucket_size 128;
25 #server unix:/var/run/php-fpm.sock;
27 index index.html index.htm index.php;
29 ssl_certificate /etc/nginx/dummy-cert;
30 ssl_certificate_key /etc/nginx/dummy-key;
32 # http host for php 7.1 connect
33 # redirects to ssl only host below
35 # Note that the different ports are used below to decide
36 # which version of php-fpm to use
45 server_name example.net www.example.net;
46 root /usr/share/nginx/html/openemr;
48 ## redirect www to nowww
49 #if ($host = 'www.example.net' ) {
50 #rewrite ^/(.*)$ https://example.net/$1 permanent;
53 #access_log /var/log/*/example.net_access_log main;
54 #error_log /var/log/*/example.net_error_log notice;
56 # openemr specific SSL settings, I am still working on this?
57 #include openemr-ssl.conf;
59 # restrict/protect certain files
60 #include globals.conf;
61 # globals.conf configuration file.
62 # Designed to be included in any server {} block
63 # If this server only hosts openemr, this file can be merged with openemr.conf
65 # Stops the annoying error messages in the logs. robots are not allowed
66 location = /favicon.ico {
71 location = /robots.txt {
76 # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
77 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
82 # protect or deny access to important server information and testing files
83 # alternatively, you can deny access to all files using {deny all; return 404;} or remove them
84 #location ~* /(info|test)\.php$ {
85 #auth_basic "Restricted Access";
86 #auth_basic_user_file /path/to/.htpasswd;
87 #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
88 #fastcgi_pass fastcgi_pass dev-php-fpm-7-1:9000;
89 #include fastcgi_params;
92 # Not sure if openemr needs this. it comes from wordpress
93 location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
99 ## Deny certain Referers
100 if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) ) {
105 # Stop deep linking or hot linking
107 valid_referers none blocked www.example.com example.com;
108 if ($invalid_referer) {
112 # end globals.conf configuration file.
114 # deny access to writable files/directories
115 location ~* ^/sites/*/(documents|edi|era) {
119 # Pick one of the following two blockc, but not both:
120 # protect special files from outside openemer login, and restrict them to superAdmins only
121 #location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
122 #auth_basic "Restricted Access";
123 #auth_basic_user_file /path/to/.htpasswd;
124 #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
125 #fastcgi_pass dev-php-fpm-7-1:9000;
126 #include fastcgi_params;
129 # Alternatively all access to these files can be denied
130 #location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
135 if (!-e $request_filename) {
136 # Needed for zend to work
137 rewrite ^(.*/zend_modules/public)(.*) $1/index.php?$is_args$args last;
139 # Needed for patient portal to work
140 rewrite ^(.*/portal/patient)(.*) $1/index.php?_REWRITE_COMMAND=$1$2 last;
144 # try as file ($uri), as directory ($uri/) if not found, send to index file
145 # no php is touched for static content
146 try_files $uri $uri/ /index.php;
149 # redirect server error pages to the static page /50x.html
150 #error_page 500 502 503 504 /50x.html;
151 #location = /50x.html {
152 #root /usr/local/www/nginx-dist;
155 # pass the PHP scripts to the FastCGI server listening on unix socket, in this case php-fpm
156 # NOTE this is using if statements to decide which version of php-fpm to use, which is
157 # dependent on the port of the server that is used
160 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
161 if ($server_port = 80) {
162 fastcgi_pass dev-php-fpm-7-1:9000;
164 if ($server_port = 443) {
165 fastcgi_pass dev-php-fpm-7-1:9000;
167 if ($server_port = 81) {
168 fastcgi_pass dev-php-fpm-7-2:9000;
170 if ($server_port = 444) {
171 fastcgi_pass dev-php-fpm-7-2:9000;
173 if ($server_port = 82) {
174 fastcgi_pass dev-php-fpm-7-1-redis:9000;
176 if ($server_port = 445) {
177 fastcgi_pass dev-php-fpm-7-1-redis:9000;
179 if ($server_port = 83) {
180 fastcgi_pass dev-php-fpm-7-2-redis:9000;
182 if ($server_port = 446) {
183 fastcgi_pass dev-php-fpm-7-2-redis:9000;
185 include fastcgi_params;