pterodactyl-panel-docker/services/http/nginx.conf

user pterodactyl;
worker_processes  8;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  4096;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    
    # Set HSTS if forwarded proto is https
    map $http_x_forwarded_proto $hsts_header {
      default "";
      https "max-age=31536000; includeSubDomains;";
    }

    server {
        listen       80 default_server;

        root /var/www/html/pterodactyl/public;
        index index.php;
        charset utf-8;

        access_log off;
        error_log  /var/log/nginx/pterodactyl.app-error.log error;
        
        # Redirect to https
        if ($http_x_forwarded_proto != "https") {
            set $shouldRedirectToHTTPS 1;
        }
        if ($http_x_forwarded_proto = false) {
            set $shouldRedirectToHTTPS 0;
        }
        if ($shouldRedirectToHTTPS = 1) {
            return 301 https://$host$request_uri;
        }

        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        client_max_body_size 100m;
        client_body_timeout 120s;

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        sendfile off;
        
        add_header Strict-Transport-Security $hsts_header;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header Content-Security-Policy "frame-ancestors 'self'";

        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass php:9000;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTP_PROXY "";
            fastcgi_intercept_errors off;
            fastcgi_buffer_size 16k;
            fastcgi_buffers 4 16k;
            fastcgi_connect_timeout 300;
            fastcgi_send_timeout 300;
            fastcgi_read_timeout 300;
            include /etc/nginx/fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
            deny  all;
        }
    }
}