Add custom "hook folders" /etc/nginx/{server.d,location.d}

Dockerfile

@@ -15,6 +15,9 @@ RUN \
     && rm /var/lib/nginx/logs \
     && mkdir -p /var/lib/nginx/logs \
     && ln -s /dev/stderr /var/lib/nginx/logs/error.log \
+# Create folder where the user hook into our default configs
+    && mkdir -p /etc/nginx/server.d/ \
+    && mkdir -p /etc/nginx/location.d/ \
 # Remove default content from the default $DOCUMENT_ROOT ...
     && rm -rf /var/www \
 # ... but ensure it exists with the right owner

etc/nginx/sites-available/redirect-apex-to-www.conf.tpl

@@ -2,5 +2,6 @@ server {
     listen 80;
     server_name ~^(?!www.)(?<domain>.+)$;
 
+    include /etc/nginx/server.d/*.conf;
     return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://www.$domain$request_uri;
 }

etc/nginx/sites-available/redirect-www-to-apex.conf.tpl

@@ -1,5 +1,7 @@
 server {
     listen 80;
     server_name ~^www.(?<domain>.+)$;
+
+    include /etc/nginx/server.d/*.conf;
     return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://$domain$request_uri;
 }

etc/nginx/sites-available/site.conf.tpl

@@ -5,10 +5,12 @@ server {
     index index.php index.html index.htm;
 
     location / {
+        include /etc/nginx/location.d/*.conf;
         try_files $uri $uri/ /index.php$is_args$args;
     }
 
     location ~ \.php$ {
+        include /etc/nginx/location.d/*.conf;
         fastcgi_pass [::]:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@@ -18,4 +20,5 @@ server {
         fastcgi_param SERVER_SOFTWARE "";
     }
 
+    include /etc/nginx/server.d/*.conf;
 }

examples/02-extra-headers/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+    backend:
+        build: ../../
+        volumes:
+        - './index.html:/var/www/index.html'
+        - './headers.conf:/etc/nginx/location.d/headers.conf'
+        ports:
+        - '80:80'

examples/02-extra-headers/headers.conf

@@ -0,0 +1,25 @@
+# The X-Frame-Options header indicates whether a browser should be allowed
+# to render a page within a frame or iframe.
+add_header X-Frame-Options "SAMEORIGIN" always;
+
+# MIME type sniffing security protection
+# There are very few edge cases where you wouldn't want this enabled.
+add_header X-Content-Type-Options "nosniff" always;
+
+# The X-XSS-Protection header is used by Internet Explorer version 8+
+# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
+add_header X-XSS-Protection "1; mode=block" always;
+
+# Prevent mobile network providers from modifying your site
+#
+# (!) If you are using `ngx_pagespeed`, please note that setting
+# the `Cache-Control: no-transform` response header will prevent
+# `PageSpeed` from rewriting `HTML` files, and, if
+# `pagespeed DisableRewriteOnNoTransform off` is not used, also
+# from rewriting other resources.
+#
+# https://developers.google.com/speed/pagespeed/module/configuration#notransform
+add_header "Cache-Control" "no-transform";
+
+# Force the latest IE version
+add_header "X-UA-Compatible" "IE=Edge";

examples/02-extra-headers/index.html

@@ -0,0 +1,3 @@
+<h1>Extra Headers</h1>
+
+<p>Please open your browsers dev-tools to inspect the respone headers!</p>