feat/factory_creation (#1)

Prepping for launch.

Reviewed-on: #1
Co-authored-by: Paul Couture <paul@paulcouture.com>
Co-committed-by: Paul Couture <paul@paulcouture.com>

nginx/default.conf

@@ -0,0 +1,38 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name _;
+    root /var/www/html/public;
+    index index.html index.htm index.php;
+
+    # SSL
+    ssl_certificate /etc/ssl/web/server.crt;
+    ssl_certificate_key /etc/ssl/web/server.key;
+
+    # additional config
+    include extra.d/*.conf;
+
+    # health check
+    location /ping {
+        access_log off;
+        include snippets/fastcgi-php.conf;
+        fastcgi_read_timeout 5s;
+        fastcgi_pass unix:/var/run/php/php-fpm.sock;
+    }
+
+    # handle .php
+    location ~ \.php$ {
+        fastcgi_pass  unix:/var/run/php/php-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include snippets/fastcgi-php.conf;
+    }
+
+    # index.php fallback
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+}
+

nginx/legacy_mappings.conf

@@ -0,0 +1,11 @@
+#snippets/legacy_mappings.conf
+
+map $uri $legacy_mapping {
+    ~^/assets/(?<filename>.+)$ $filename;
+    default $uri;
+}
+
+map $filename $modified_filename {
+    ~/(.*) $1---;
+    default $filename;
+}

nginx/nginx.conf

@@ -0,0 +1,146 @@
+# Generated by nginxconfig.io
+# https://www.serverion.com/nginx-config/#?0.domain=_&0.path=%2Fvar%2Fwww%2Fhtml&0.redirect=false&0.force_https=false&0.cert_type=custom&0.ssl_certificate=%2Fetc%2Fssl%2Fweb%2Fserver.crt&0.ssl_certificate_key=%2Fetc%2Fssl%2Fweb%2Fserver.key&0.wordpress&0.proxy_path=%2Fping&0.proxy_pass=unix:%2Fvar%2Frun%2Fphp%2Fphp-fpm.sock&0.index=index.html&content_security_policy=default-src%20'self'%20http:%20https:%20data:%20blob:%20'unsafe-inline';%20frame-ancestors%20'self';&php_server=%2Fvar%2Frun%2Fphp%2Fphp7.3-fpm.sock&expires_media=max&expires_svg=max&expires_fonts=max&user=www-data%20www-data&client_max_body_size=2048&symlink=false
+
+pcre_jit on;
+worker_processes auto;
+worker_rlimit_nofile 100000;
+user www-data www-data;
+
+events {
+    worker_connections 65535;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    # define common MIME types
+    include mime.types;
+
+    # define the default MIME type
+    default_type application/octet-stream;
+
+    # disable emitting nginx version
+    server_tokens off;
+
+    # disable the directory listing output
+    autoindex off;
+
+    # disable automatic generation of the "ETag"
+    etag off;
+
+    # disable warnings about uninitialized variables are logged
+    uninitialized_variable_warn off;
+
+    # ======================================================================== #
+
+    # the bucket size for the maps hash table
+    map_hash_bucket_size  256;
+    map_hash_max_size     4096;
+
+    # the bucket size for the server names hash tables
+    server_names_hash_bucket_size 256;
+    server_names_hash_max_size    4096;
+
+    # the bucket size for variables hash tables
+    variables_hash_max_size     4096;
+    variables_hash_bucket_size  4096;
+
+    # ======================================================================== #
+
+    # cache informations about FDs, frequently accessed files
+    # can boost performance, but you need to test those values
+    open_file_cache           max=200000 inactive=30s;
+    open_file_cache_valid     30s;
+    open_file_cache_min_uses  1;
+    open_file_cache_errors    off;
+    open_log_file_cache       max=10 inactive=30s min_uses=1 valid=5m;
+
+    # ======================================================================== #
+
+        # logging
+        access_log /var/log/nginx/access.log;
+        error_log  /var/log/nginx/error.log error;
+
+    # to boost I/O on HDD we can disable access logs
+    log_not_found   off;
+    log_subrequest  off;
+    rewrite_log     on;
+
+    # copies data between one FD and other from within the kernel
+    # faster than read() + write()
+    sendfile off;
+    sendfile_max_chunk 1m;
+
+    # send headers in one piece, it is better than sending them one by one
+    tcp_nopush on;
+
+    # don't buffer data sent, good for small data bursts in real time
+    tcp_nodelay on;
+
+    # large files can be read and sent using multi-threading
+    # without blocking a worker process
+    aio      threads;
+    directio 1m;
+
+    # how to compare modification time
+    ssi on;
+    if_modified_since off;
+
+    # set default size of the slice
+    slice 1m;
+
+    # ======================================================================== #
+
+    # allow the server to close connection on non responding client,
+    # this will free up memory
+    reset_timedout_connection on;
+
+    # timeout for reading client request header -- default: 60
+    client_header_timeout 10s;
+
+    # request timed out -- default: 60
+    client_body_timeout 75s;
+
+    # if the request body size is more than the buffer size, then the entire (or partial)
+    # request body is written into a temporary file
+    client_body_buffer_size 128k;
+
+    # if client stop responding, free up memory -- default: 60
+    send_timeout 30s;
+
+    # server will close connection after this time -- default: 75
+    keepalive_timeout 30s;
+
+    # number of requests client can make over keep-alive
+    keepalive_requests 100000;
+
+    # maximum number and size of buffers
+    # for large headers to read from client request -- default: 4 8k;
+    large_client_header_buffers 4 16k;
+
+    # ======================================================================== #
+
+        # SSL
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off;
+
+        # Diffie-Hellman parameter for DHE ciphersuites
+        ssl_dhparam /etc/ssl/dhparam.pem;
+
+        # Mozilla Intermediate configuration
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+        # OCSP Stapling
+        # ssl_stapling on;
+        # ssl_stapling_verify on;
+        resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
+        resolver_timeout 2s;
+
+    # ======================================================================== #
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/snippets/legacy_mappings.conf;
+    include /etc/nginx/sites-enabled/*;
+}