petemcw · February 2, 2024 11:50 · floor3 · Apr 19, 2015 · petemcw · Aug 25, 2015
diff --git a/assets.conf b/assets.conf
 # Directives to send expires headers and turn off 404 error logging for Static assets
 location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
    access_log off;
    log_not_found off;
    expires max;
    add_header Cache-Control public;
 }
diff --git a/default-site.conf b/default-site.conf
 server {
    # Server settings
    listen 80;
    server_name localhost;

    # Options
    limit_conn limit_per_ip 16;

    # Logging
    access_log /usr/local/var/log/nginx/access.log main;
    error_log  /usr/local/var/log/nginx/error.log warn;
    location = /robots.txt  { access_log off; log_not_found off; }
    location = /favicon.ico { access_log off; log_not_found off; }

    # Configuration
    include /usr/local/etc/nginx/conf.d/drop.conf;
    include /usr/local/etc/nginx/conf.d/php5.conf;
    include /usr/local/etc/nginx/conf.d/assets.conf;

    fastcgi_param MAGE_IS_DEVELOPER_MODE true;

    include /usr/local/etc/nginx/conf.d/magento.conf;

    # Environment
    root /Users/prm/Projects/;
    index index.php index.html index.htm;
 }
diff --git a/drop.conf b/drop.conf
 # Do not log attempts for common files
 location ~ ^/(favicon.ico|robots.txt) {
    access_log off;
    log_not_found off;
 }

 # Deny access to hidden files
 location /. {
    access_log off;
    log_not_found off;
    return 404;
 }

 # Deny obviously bad requests
 location ~ \.(aspx|asp|jsp|cgi)$ {
    return 410;
 }
diff --git a/drupal.conf b/drupal.conf
 # Deny access to files the public doesn't need
 location ~* ^.+(\.(txt|log|engine|inc|info|install|make|module|profile|test|po|sh|sql|theme|tpl(\.php)?|xtmpl))$ {
    internal;
 }

 # Deny access to other PHP files
 location ~ \..*/.*\.php {
    internal;
 }

 # Deny access to private and backups
 location ~* ^/sites/.*/(private|files/backup_migrate)/ {
    access_log off;
    return 404;
 }

 # Attempt to serve the request by trying direct file, directory, Drupal Controller
 location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
    expires max;
 }

 # Check: http://wiki.nginx.org/Pitfalls
 location ~* (install|update|apc|info)\.php$ {
    # do not cache dynamic content
    expires off;

    # php5 specific configuration options
    include /usr/local/etc/nginx/fastcgi_params;
 }

 # Below locations are for image cache
 location ~* files/styles {
    access_log off;
    log_not_found off;
    expires max;
    try_files $uri @image_rewrite;
 }

 location @image_rewrite {
    rewrite ^/(.*)$ /index.php?q=$1 last;
 }
diff --git a/magento.conf b/magento.conf
 # Deny access to files the public doesn't need
 location ^~ /(app|config|includes|lib|media/customer|media/downloadable|pkginfo|report/config.xml|shell|var)/ {
    internal;
 }

 # Restrict access to admins
 location /var/export {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
    autoindex on;
 }

 # Attempt to serve the request by trying direct file, directory, Magento controller
 location / {
    try_files $uri $uri/ /index.php?$args;
    expires max;
 }

 # The downloader has its own index.php that needs to be used
 location ~* ^(/downloader)(.*) {
    try_files $uri $uri/ /downloader/index.php$1;
 }

 # REST API endpoint
 location /api {
    rewrite ^/api/rest /api.php?type=rest last;
 }
diff --git a/nginx.conf b/nginx.conf
 ----------------------------------------------------------------------
 #  http://wiki.nginx.org/NginxMainModule
 #----------------------------------------------------------------------
 user prm staff;
 worker_processes 2;
 pid /usr/local/var/run/nginx/nginx.pid;

 #----------------------------------------------------------------------
 # http://wiki.nginx.org/NginxEventsModule
 #----------------------------------------------------------------------
 events {
    worker_connections 1024;
    accept_mutex off;
 }

 #----------------------------------------------------------------------
 # http://wiki.nginx.org/NginxHttpCoreModule
 #----------------------------------------------------------------------
 http {
    access_log /usr/local/var/log/nginx/access.log;
    error_log  /usr/local/var/log/nginx/error.log warn;

    include mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    # This tells Nginx to ignore the contents of a file it is sending
    # and uses the kernel sendfile instead
    sendfile on;

    # Set this to on if you have sendfile on
    # It will prepend the HTTP response headers before
    # calling sendfile()
    tcp_nopush on;

    # This disables the "Nagle buggering algorithm" (Nginx Docs)
    # Good for websites that send a lot of small requests that
    # don't need a response
    tcp_nodelay on;

    # timeouts
    keepalive_timeout 25;
    send_timeout 30;

    # general options
    charset utf-8;
    server_tokens off;
    server_name_in_redirect off;
    ignore_invalid_headers on;
    recursive_error_pages on;
    merge_slashes on;
    underscores_in_headers on;
    limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    types_hash_max_size 2048;
    server_names_hash_bucket_size 128;
    client_max_body_size 24m;
    client_body_buffer_size 128k;
    #proxy_read_timeout 18000;

    # compression
    gzip on;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_vary on;
    gzip_static on;
    gzip_min_length 1024;
    gzip_buffers 32 8k;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
    gzip_disable "MSIE [1-6].(?!.*SV1)";

    # PHP-FPM
    upstream phpfpm {
      #server unix:/usr/local/var/run/nginx/phpfpm.sock;
      server 127.0.0.1:9000;
    }

    # include active sites
    include /usr/local/etc/nginx/sites-enabled/*;
 }
diff --git a/php5.conf b/php5.conf
 # Pass PHP scripts to PHP-FPM daemon
 # Check: http://wiki.nginx.org/Pitfalls

 location ~* \.php$ {
    # do not cache dynamic content
    expires off;

    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include /usr/local/etc/nginx/fastcgi_params;

    # send requests to Upstream
    fastcgi_pass phpfpm;
 }
diff --git a/wordpress.conf b/wordpress.conf
 # Deny access to any files with a .php extension in the uploads directory
 # Works in sub-directory installs and also in multisite network
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
 }

 # Attempted to match last if rules below fail.
 # http://wiki.nginx.org/HttpCoreModule
 location / {
    try_files $uri $uri/ /index.php?$args;
    expires max;
 }

 # Add trailing slash to */wp-admin requests.
 rewrite /wp-admin$ $scheme://$host$uri/ permanent;
	# Directives to send expires headers and turn off 404 error logging for Static assets
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpe?g\|gif\|png\|ico\|zip\|pdf\|t?gz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|swf\|bmp\|txt\|rtf\|md)$ {
	access_log off;
	log_not_found off;
	expires max;
	add_header Cache-Control public;
	}
	server {
	# Server settings
	listen 80;
	server_name localhost;

	# Options
	limit_conn limit_per_ip 16;

	# Logging
	access_log /usr/local/var/log/nginx/access.log main;
	error_log /usr/local/var/log/nginx/error.log warn;
	location = /robots.txt { access_log off; log_not_found off; }
	location = /favicon.ico { access_log off; log_not_found off; }

	# Configuration
	include /usr/local/etc/nginx/conf.d/drop.conf;
	include /usr/local/etc/nginx/conf.d/php5.conf;
	include /usr/local/etc/nginx/conf.d/assets.conf;

	fastcgi_param MAGE_IS_DEVELOPER_MODE true;

	include /usr/local/etc/nginx/conf.d/magento.conf;

	# Environment
	root /Users/prm/Projects/;
	index index.php index.html index.htm;
	}
	# Do not log attempts for common files
	location ~ ^/(favicon.ico\|robots.txt) {
	access_log off;
	log_not_found off;
	}

	# Deny access to hidden files
	location /. {
	access_log off;
	log_not_found off;
	return 404;
	}

	# Deny obviously bad requests
	location ~ \.(aspx\|asp\|jsp\|cgi)$ {
	return 410;
	}
	# Deny access to files the public doesn't need
	location ~* ^.+(\.(txt\|log\|engine\|inc\|info\|install\|make\|module\|profile\|test\|po\|sh\|sql\|theme\|tpl(\.php)?\|xtmpl))$ {
	internal;
	}

	# Deny access to other PHP files
	location ~ \../.\.php {
	internal;
	}

	# Deny access to private and backups
	location ~* ^/sites/.*/(private\|files/backup_migrate)/ {
	access_log off;
	return 404;
	}

	# Attempt to serve the request by trying direct file, directory, Drupal Controller
	location / {
	try_files $uri $uri/ /index.php?q=$uri&$args;
	expires max;
	}

	# Check: http://wiki.nginx.org/Pitfalls
	location ~* (install\|update\|apc\|info)\.php$ {
	# do not cache dynamic content
	expires off;

	# php5 specific configuration options
	include /usr/local/etc/nginx/fastcgi_params;
	}

	# Below locations are for image cache
	location ~* files/styles {
	access_log off;
	log_not_found off;
	expires max;
	try_files $uri @image_rewrite;
	}

	location @image_rewrite {
	rewrite ^/(.*)$ /index.php?q=$1 last;
	}
	# Deny access to files the public doesn't need
	location ^~ /(app\|config\|includes\|lib\|media/customer\|media/downloadable\|pkginfo\|report/config.xml\|shell\|var)/ {
	internal;
	}

	# Restrict access to admins
	location /var/export {
	auth_basic "Restricted";
	auth_basic_user_file /etc/nginx/.htpasswd;
	autoindex on;
	}

	# Attempt to serve the request by trying direct file, directory, Magento controller
	location / {
	try_files $uri $uri/ /index.php?$args;
	expires max;
	}

	# The downloader has its own index.php that needs to be used
	location ~* ^(/downloader)(.*) {
	try_files $uri $uri/ /downloader/index.php$1;
	}

	# REST API endpoint
	location /api {
	rewrite ^/api/rest /api.php?type=rest last;
	}
	----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxMainModule
	#----------------------------------------------------------------------
	user prm staff;
	worker_processes 2;
	pid /usr/local/var/run/nginx/nginx.pid;

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxEventsModule
	#----------------------------------------------------------------------
	events {
	worker_connections 1024;
	accept_mutex off;
	}

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxHttpCoreModule
	#----------------------------------------------------------------------
	http {
	access_log /usr/local/var/log/nginx/access.log;
	error_log /usr/local/var/log/nginx/error.log warn;

	include mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] $request '
	'"$status" $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	# This tells Nginx to ignore the contents of a file it is sending
	# and uses the kernel sendfile instead
	sendfile on;

	# Set this to on if you have sendfile on
	# It will prepend the HTTP response headers before
	# calling sendfile()
	tcp_nopush on;

	# This disables the "Nagle buggering algorithm" (Nginx Docs)
	# Good for websites that send a lot of small requests that
	# don't need a response
	tcp_nodelay on;

	# timeouts
	keepalive_timeout 25;
	send_timeout 30;

	# general options
	charset utf-8;
	server_tokens off;
	server_name_in_redirect off;
	ignore_invalid_headers on;
	recursive_error_pages on;
	merge_slashes on;
	underscores_in_headers on;
	limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 128;
	client_max_body_size 24m;
	client_body_buffer_size 128k;
	#proxy_read_timeout 18000;

	# compression
	gzip on;
	gzip_http_version 1.0;
	gzip_proxied any;
	gzip_vary on;
	gzip_static on;
	gzip_min_length 1024;
	gzip_buffers 32 8k;
	gzip_comp_level 6;
	gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
	gzip_disable "MSIE [1-6].(?!.*SV1)";

	# PHP-FPM
	upstream phpfpm {
	#server unix:/usr/local/var/run/nginx/phpfpm.sock;
	server 127.0.0.1:9000;
	}

	# include active sites
	include /usr/local/etc/nginx/sites-enabled/*;
	}
	# Pass PHP scripts to PHP-FPM daemon
	# Check: http://wiki.nginx.org/Pitfalls

	location ~* \.php$ {
	# do not cache dynamic content
	expires off;

	# filter out problem conditions
	location ~ \../.\.php$ { return 404; }

	# bring in parameters
	include /usr/local/etc/nginx/fastcgi_params;

	# send requests to Upstream
	fastcgi_pass phpfpm;
	}
	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	# Attempted to match last if rules below fail.
	# http://wiki.nginx.org/HttpCoreModule
	location / {
	try_files $uri $uri/ /index.php?$args;
	expires max;
	}

	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;