chore(ddev): configure nginx

.ddev/.gitignore

@@ -0,0 +1,37 @@
+/**/*.example
+/.dbimageBuild
+/.dbimageExtra
+/.ddev-docker-*.yaml
+/.*downloads
+/.global_commands
+/.homeadditions
+/.importdb*
+/.sshimageBuild
+/.venv
+/.webimageBuild
+/.webimageExtra
+/apache/apache-site.conf
+/commands/.gitattributes
+/commands/db/mysql
+/commands/host/launch
+/commands/web/xdebug
+/commands/web/live
+/config.local.y*ml
+/db_snapshots
+/import-db
+/import.yaml
+/mutagen/mutagen.yml
+/mutagen/.start-synced
+#/nginx_full/nginx-site.conf
+/postgres/postgresql.conf
+/providers/acquia.yaml
+/providers/lagoon.yaml
+/providers/platform.yaml
+/providers/upsun.yaml
+/sequelpro.spf
+/settings/settings.ddev.py
+/traefik/config/og-image-generator.yaml
+/traefik/certs/og-image-generator.crt
+/traefik/certs/og-image-generator.key
+/xhprof/xhprof_prepend.php
+/**/README.*

.ddev/nginx_full/nginx-site.conf

@@ -0,0 +1,68 @@
+# ddev default (PHP project type) config
+
+# See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#custom-nginx-configuration
+
+server {
+    listen 80 default_server;
+    listen 443 ssl default_server;
+
+    root /var/www/html/public;
+
+    ssl_certificate /etc/ssl/certs/master.crt;
+    ssl_certificate_key /etc/ssl/certs/master.key;
+
+    include /etc/nginx/monitoring.conf;
+
+    index index.php index.htm index.html;
+
+    # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
+    sendfile off;
+    error_log /dev/stdout info;
+    access_log /var/log/nginx/access.log;
+
+    location / {
+        absolute_redirect off;
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location @rewrite {
+        # For D7 and above:
+        # Clean URLs are handled in drupal_environment_initialize().
+        rewrite ^ /index.php;
+    }
+
+    # pass the PHP scripts to FastCGI server listening on socket
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php-fpm.sock;
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_intercept_errors off;
+        # fastcgi_read_timeout should match max_execution_time in php.ini
+        fastcgi_read_timeout 10m;
+        fastcgi_param SERVER_NAME $host;
+        fastcgi_param HTTPS on;
+    }
+
+    # Prevent clients from accessing hidden files (starting with a dot)
+    # This is particularly important if you store .htpasswd files in the site hierarchy
+    # Access to `/.well-known/` is allowed.
+    # https://www.mnot.net/blog/2010/04/07/well-known
+    # https://tools.ietf.org/html/rfc5785
+    location ~* /\.(?!well-known\/) {
+        deny all;
+    }
+
+    # Prevent clients from accessing to backup/config/source files
+    location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
+        deny all;
+    }
+
+    include /etc/nginx/common.d/*.conf;
+    include /mnt/ddev_config/nginx/*.conf;
+}