user jumpapp;
worker_processes auto;

events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application/octet-stream;

    # Define custom log format to include reponse times
    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" '
                          '$request_time $upstream_response_time $pipe $upstream_cache_status';

    access_log /dev/stdout main_timed;

    keepalive_timeout 5;

    # Write temporary files to /tmp so they can be created as a non-privileged user
    client_body_temp_path /tmp/client_temp;
    proxy_temp_path /tmp/proxy_temp_path;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    scgi_temp_path /tmp/scgi_temp;

    # Default server definition
    server {
        listen [::]:8080 default_server;
        listen 8080 default_server;
        server_name _;

        sendfile off;
        absolute_redirect off;

        root /var/www/html;
        index index.php index.html;

        # Hide nginx server tokens and version number
        server_tokens off;

        location / {
            # Exclude unused HTTP methods
            limit_except GET HEAD POST { deny all; }
            # First attempt to serve request as file, then
            # as directory, then fall back to index.php
            try_files $uri $uri/ index.php$is_args$args;
        }

        location ~ \.php$ {
            include fastcgi_params;
            fastcgi_pass unix:/run/php-fpm.sock;
            fastcgi_index $document_root/index.php;

            fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
            fastcgi_param PATH_TRANSLATED $document_root/$fastcgi_path_info;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        }

        # Tell browsers to cache static assets
        location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|svg)$ {
            expires 3d;
        }

        # Deny access to dot files
        location ~ /\. {
            log_not_found off;
            deny all;
        }

        # Deny yaml, twig, markdown, ini file access.
        location ~* /.+\.(markdown|md|twig|yaml|yml|ini)$ {
            deny all;
            log_not_found off;
        }

        # Deny all grunt, package files.
        location ~* (Gruntfile|package)\.(js|json|jsonc)$ {
            deny all;
            log_not_found off;
        }

        # Deny all composer files.
        location ~* composer\. {
            deny all;
            log_not_found off;
        }

        # Deny vendor directory.
        location ^~ /vendor/ {
            deny all;
            log_not_found off;
        }

        # Deny jump version file
        location ^~ .jump-version {
            deny all;
            log_not_found off;
        }

        # Allow fpm ping from localhost, useful for docker HEALTHCHECK.
        location ~ ^/(fpm-ping)$ {
            access_log off;
            allow 127.0.0.1;
            deny all;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            fastcgi_pass unix:/run/php-fpm.sock;
        }
    }

    gzip on;
    gzip_proxied any;
    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
    gzip_vary on;
    gzip_disable "msie6";

    # Include other server configs
    include /etc/nginx/conf.d/*.conf;
}