Sync Nginx config with upstream docs (#2476)

* Sync Nginx config with upstream docs

Signed-off-by: Kaloyan Nikolow <tzerber@gmail.com>

* Sync Nginx config with upstream docs

Signed-off-by: Kaloyan Nikolow <tzerber@gmail.com>

* Sync Nginx config with upstream docs

Signed-off-by: Kaloyan Nikolow <tzerber@gmail.com>

* Sync Nginx config with upstream docs

Signed-off-by: Kaloyan Nikolow <tzerber@gmail.com>

* Update nginx conf with upstream changes

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Remove application/wasm from nginx configuration

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Removed auto-added bracket from config file

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

---------

Signed-off-by: Kaloyan Nikolow <tzerber@gmail.com>
Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

Author: tzerber

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,26 +161,21 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
             add_header X-Content-Type-Options            "nosniff"           always;
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,26 +161,21 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
             add_header X-Content-Type-Options            "nosniff"           always;
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,26 +161,21 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
             add_header X-Content-Type-Options            "nosniff"           always;
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,26 +161,21 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
             add_header X-Content-Type-Options            "nosniff"           always;
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {