petemcw · February 2, 2024 11:50 · floor3 · Apr 19, 2015 · petemcw · Aug 25, 2015
diff --git a/assets.conf b/assets.conf
 # Directives to send expires headers and turn off 404 error logging for Static assets
 location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
    access_log off;
    log_not_found off;
    expires max;
    add_header Cache-Control public;
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods GET,OPTIONS;
    add_header Access-Control-Allow-Headers *;
 }

 location = /robots.txt {
    access_log off;
    log_not_found off;
 }

 location = /favicon.ico {
    access_log off;
    log_not_found off;
 }
diff --git a/default-site.conf b/default-site.conf
 server {
    # Server settings
    listen 80;
    #listen 443 ssl;
    server_name localhost;

    # Project location
    root /Users/prm/Projects/;
    index index.html index.htm index.php;

    # security
    ssl_session_timeout 7m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_certificate /usr/local/etc/nginx/ssl/localhost.pem;
    ssl_certificate_key /usr/local/etc/nginx/ssl/localhost.key;

    # Logging
    access_log off;
    error_log  /usr/local/var/log/nginx/error.log warn;
    location = /robots.txt  { access_log off; log_not_found off; }
    location = /favicon.ico { access_log off; log_not_found off; }

    # Routes
    #include /usr/local/etc/nginx/conf.d/magento.conf;
    #include /usr/local/etc/nginx/conf.d/drupal.conf;
    #include /usr/local/etc/nginx/conf.d/wordpress.conf;
    include /usr/local/etc/nginx/conf.d/drop.conf;
    include /usr/local/etc/nginx/conf.d/assets.conf;
 }
diff --git a/drop.conf b/drop.conf
 # Disable all methods besides HEAD, GET, and POST
 if ($request_method !~ ^(GET|HEAD|POST)$) {
    return 444;
 }

 # Do not log attempts for common files
 location ~ ^/(favicon.ico|robots.txt) {
    access_log off;
    log_not_found off;
 }

 # Deny access to hidden files
 location /. {
    access_log off;
    log_not_found off;
    return 404;
 }
diff --git a/drupal.conf b/drupal.conf
 # Deny access to files the public doesn't need
 location ~* ^.+(\.(txt|log|engine|inc|info|install|make|module|profile|test|po|sh|sql|theme|tpl(\.php)?|xtmpl))$ {
    internal;
 }

 # Deny access to other PHP files
 location ~ \..*/.*\.php {
    internal;
 }

 # Deny access to private and backups
 location ~* ^/sites/.*/(private|files/backup_migrate)/ {
    access_log off;
    return 404;
 }

 # Attempt to serve the request by trying direct file, directory, Drupal Controller
 location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
 }

 # Check: http://wiki.nginx.org/Pitfalls
 location ~* (install|update|apc|info)\.php$ {
    auth_basic "Restricted";
    auth_basic_user_file .htpasswd;

    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send to upstream
    fastcgi_pass phpfpm;
 }

 # Below locations are for image cache
 location ~* files/styles {
    access_log off;
    log_not_found off;
    expires max;
    try_files $uri @image_rewrite;
 }

 location @image_rewrite {
    rewrite ^/(.*)$ /index.php?q=$1;
 }

 # Pass PHP scripts to PHP-FPM daemon
 # Check: http://wiki.nginx.org/Pitfalls
 location ~* \.php$ {
    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send requests to upstream
    fastcgi_pass phpfpm;
 }
diff --git a/fastcgi.conf b/fastcgi.conf
 # Tell upstream who is making the request
 proxy_set_header                  Host $host;
 proxy_set_header                  X-Real-IP $remote_addr;
 proxy_set_header                  X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_redirect                    off;

 # Allow to complete long running requests
 proxy_read_timeout                600s;

 # Do not cache dynamic content
 expires                           off;

 # PHP Settings
 include                           fastcgi_params;
 fastcgi_connect_timeout           15s;
 fastcgi_send_timeout              3600s;
 fastcgi_read_timeout              3600s;

 fastcgi_buffer_size               128k;
 fastcgi_buffers                   512 16k;
 fastcgi_busy_buffers_size         256k;
 fastcgi_temp_file_write_size      256k;

 fastcgi_intercept_errors          off;
 fastcgi_ignore_client_abort       off;

 fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_split_path_info           ^(.+\.php)(/.+)$;
 fastcgi_index                     index.php;
diff --git a/fastcgi_params b/fastcgi_params
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
 fastcgi_param  CONTENT_LENGTH     $content_length;

 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_param  REQUEST_URI        $request_uri;
 fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 fastcgi_param  HTTPS              $https if_not_empty;

 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

 fastcgi_param  REMOTE_ADDR        $remote_addr;
 fastcgi_param  REMOTE_PORT        $remote_port;
 fastcgi_param  SERVER_ADDR        $server_addr;
 fastcgi_param  SERVER_PORT        $server_port;
 fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
diff --git a/magento.conf b/magento.conf
 # Deny access to files the public doesn't need
 location ^~ /(app|config|includes|lib|media/customer|media/downloadable|pkginfo|report/config.xml|shell|var)/ {
    internal;
 }

 # Attempt to serve the request by trying direct file, directory, Magento front controller
 location / {
    try_files $uri $uri/ /index.php?$args;
    expires max;
 }

 # The downloader has its own index.php that needs to be used
 location ~* ^(/downloader)(.*) {
    try_files $uri $uri/ /downloader/index.php$1;
 }

 # REST API endpoint
 location /api {
    rewrite ^/api/rest /api.php?type=rest last;
    rewrite ^/api/v2_soap /api.php?type=v2_soap last;
    rewrite ^/api/soap /api.php?type=soap last;
 }

 # Pass PHP scripts to PHP-FPM daemon
 # Check: http://wiki.nginx.org/Pitfalls
 location ~* \.php$ {
    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include conf.d/fastcgi.conf;
    fastcgi_param MAGE_IS_DEVELOPER_MODE true;
    fastcgi_param MAGE_RUN_CODE default;
    fastcgi_param MAGE_RUN_TYPE store;

    # send requests to Upstream, but blacklist media location from fcgi
    if ($uri !~ "^/(media)/") {
        fastcgi_pass phpfpm;
    }
 }
diff --git a/nginx.conf b/nginx.conf
 #----------------------------------------------------------------------
 #  http://wiki.nginx.org/NginxMainModule
 #----------------------------------------------------------------------
 user prm staff;
 worker_processes 2;
 pid /usr/local/var/run/nginx/nginx.pid;

 #----------------------------------------------------------------------
 # http://wiki.nginx.org/NginxEventsModule
 #----------------------------------------------------------------------
 events {
    worker_connections 1024;
    accept_mutex off;
 }

 #----------------------------------------------------------------------
 # http://wiki.nginx.org/NginxHttpCoreModule
 #----------------------------------------------------------------------
 http {
    include mime.types;
    access_log /usr/local/var/log/nginx/access.log;
    error_log  /usr/local/var/log/nginx/error.log warn;

    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    charset utf-8;

    # compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 2;
    gzip_disable "MSIE [1-6].(?!.*SV1)";
    gzip_http_version 1.0;
    gzip_min_length 10240;
    gzip_proxied any;
    gzip_static on;
    gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
    gzip_vary on;

    # general options
    client_body_buffer_size 512k;
    client_body_timeout 15;
    client_header_timeout 15;
    client_max_body_size 24m;
    ignore_invalid_headers on;
    keepalive_timeout 2 2;
    keepalive_requests 200;
    merge_slashes on;
    recursive_error_pages on;
    reset_timedout_connection on;
    sendfile on;
    send_timeout 15;
    server_names_hash_bucket_size 128;
    server_name_in_redirect off;
    server_tokens off;
    tcp_nodelay off;
    tcp_nopush on;
    types_hash_max_size 2048;
    underscores_in_headers on;

    # cache options
    #open_file_cache max=10000 inactive=30s;
    #open_file_cache_valid 5m;
    #open_file_cache_min_uses 5;
    #open_file_cache_errors off;

    # detect https
    map $scheme $fastcgi_https {
        default "";
        https on;
    }

    # PHP-FPM
    upstream phpfpm {
        server unix:/usr/local/var/run/php-fpm.sock;
        #server unix:/var/run/php-fpm/php-fpm.sock1 weight=1 max_fails=5 fail_timeout=10;
        #server unix:/var/run/php-fpm/php-fpm.sock2 weight=1 max_fails=5 fail_timeout=10;
        #server 127.0.0.1:9000;
    }

    # include active sites
    include /usr/local/etc/nginx/sites-enabled/*;
 }
diff --git a/php-fpm.conf b/php-fpm.conf
 ;;;;;;;;;;;;;;;;;;;;;
 ; FPM Configuration ;
 ;;;;;;;;;;;;;;;;;;;;;

 ;;;;;;;;;;;;;;;;;;
 ; Global Options ;
 ;;;;;;;;;;;;;;;;;;

 [global]
 ; Pid file
 ; Default Value: none
 pid = /usr/local/var/run/php-fpm.pid

 ; Error log file
 ; Default Value: log/php-fpm.log
 error_log = /usr/local/var/log/php-fpm.log

 ; Log level
 ; Possible Values: alert, error, warning, notice, debug
 ; Default Value: notice
 log_level = notice

 ; If this number of child processes exit with SIGSEGV or SIGBUS within the time
 ; interval set by emergency_restart_interval then FPM will restart. A value
 ; of '0' means 'Off'.
 ; Default Value: 0
 emergency_restart_threshold = 10

 ; Interval of time used by emergency_restart_interval to determine when
 ; a graceful restart will be initiated.  This can be useful to work around
 ; accidental corruptions in an accelerator's shared memory.
 ; Available Units: s(econds), m(inutes), h(ours), or d(ays)
 ; Default Unit: seconds
 ; Default Value: 0
 emergency_restart_interval = 1m

 ; Time limit for child processes to wait for a reaction on signals from master.
 ; Available units: s(econds), m(inutes), h(ours), or d(ays)
 ; Default Unit: seconds
 ; Default Value: 0
 process_control_timeout = 10s

 ;;;;;;;;;;;;;;;;;;;;
 ; Pool Definitions ;
 ;;;;;;;;;;;;;;;;;;;;

 include=/usr/local/etc/php/5.5/pool.d/*.conf
diff --git a/wordpress.conf b/wordpress.conf
 # Deny access to any files with a .php extension in the uploads directory
 # Works in sub-directory installs and also in multisite network
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
 }

 # Attempted to match last if rules below fail.
 # http://wiki.nginx.org/HttpCoreModule
 location / {
    try_files $uri $uri/ /index.php?$args;
 }

 # Add trailing slash to */wp-admin requests.
 rewrite /wp-admin$ $scheme://$host$uri/ permanent;

 # Pass PHP scripts to PHP-FPM daemon
 # Check: http://wiki.nginx.org/Pitfalls
 location ~* \.php$ {
    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send requests to upstream
    fastcgi_pass phpfpm;
 }
diff --git a/www.conf b/www.conf
 ;;;;;;;;;;;;;;;;;;;;
 ; Pool Definitions ;
 ;;;;;;;;;;;;;;;;;;;;

 [www]

 ; Unix user/group of processes
 ;user  = prm
 ;group = staff

 ; The address on which to accept FastCGI requests.
 listen = /usr/local/var/run/php-fpm.sock

 ; Set permissions for unix socket, if one is used.
 listen.mode  = 0666

 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 listen.allowed_clients = 127.0.0.1

 ; Choose how the process manager will control the number of child processes.
 pm = dynamic

 ; The number of child processes to be created when pm is set to 'static' and the
 ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
 ; This value sets the limit on the number of simultaneous requests that will be
 ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
 ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
 ; CGI. The below defaults are based on a server without much resources. Don't
 ; forget to tweak pm.* to fit your needs.
 pm.max_children = 10

 ; The number of child processes created on startup.
 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
 pm.start_servers = 3

 ; The desired minimum number of idle server processes.
 pm.min_spare_servers = 2

 ; The desired maximum number of idle server processes.
 pm.max_spare_servers = 5

 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 ; Default Value: 0
 pm.max_requests = 500

 ; The URI to view the FPM status page.
 ; Default Value: not set
 pm.status_path = /status

 ; The ping URI to call the monitoring page of FPM.
 ; Default Value: not set
 ;ping.path = /ping

 ; This directive may be used to customize the response of a ping request. The
 ; response is formatted as text/plain with a 200 response code.
 ; Default Value: pong
 ;ping.response = pong

 ; The log file for slow requests
 ; Default Value: not set
 slowlog = /usr/local/var/log/$pool.log.slow

 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_slowlog_timeout = 8s

 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_terminate_timeout = 0

 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 rlimit_files = 131072

 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 rlimit_core = unlimited

 ; Chdir to this directory at the start.
 ; Note: relative path can be used.
 ; Default Value: current directory or / when chroot
 ;chdir =

 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
 catch_workers_output = yes

 ; Additional php.ini defines, specific to this pool of workers. These settings
 ; overwrite the values previously defined in the php.ini.
 ;
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
 php_flag[display_errors] = on
 php_admin_flag[log_errors] = on
diff --git a/zzz.ini b/zzz.ini
 ; Custom php.ini overrides

 date.timezone = Etc/UTC
 memory_limit = 512M
 display_errors = On
 log_errors = On
 expose_php = On
 error_reporting = E_ALL
 realpath_cache_ttl = 120
 realpath_cache_size = 128k
 error_log = /usr/local/var/log/php-errors.log
 cgi.fix_pathinfo = 0
 max_execution_time = 120
	# Directives to send expires headers and turn off 404 error logging for Static assets
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpe?g\|gif\|png\|ico\|zip\|pdf\|t?gz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|swf\|bmp\|txt\|rtf\|md)$ {
	access_log off;
	log_not_found off;
	expires max;
	add_header Cache-Control public;
	add_header Access-Control-Allow-Origin *;
	add_header Access-Control-Allow-Methods GET,OPTIONS;
	add_header Access-Control-Allow-Headers *;
	}

	location = /robots.txt {
	access_log off;
	log_not_found off;
	}

	location = /favicon.ico {
	access_log off;
	log_not_found off;
	}
	server {
	# Server settings
	listen 80;
	#listen 443 ssl;
	server_name localhost;

	# Project location
	root /Users/prm/Projects/;
	index index.html index.htm index.php;

	# security
	ssl_session_timeout 7m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers RC4:HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;
	ssl_certificate /usr/local/etc/nginx/ssl/localhost.pem;
	ssl_certificate_key /usr/local/etc/nginx/ssl/localhost.key;

	# Logging
	access_log off;
	error_log /usr/local/var/log/nginx/error.log warn;
	location = /robots.txt { access_log off; log_not_found off; }
	location = /favicon.ico { access_log off; log_not_found off; }

	# Routes
	#include /usr/local/etc/nginx/conf.d/magento.conf;
	#include /usr/local/etc/nginx/conf.d/drupal.conf;
	#include /usr/local/etc/nginx/conf.d/wordpress.conf;
	include /usr/local/etc/nginx/conf.d/drop.conf;
	include /usr/local/etc/nginx/conf.d/assets.conf;
	}
	# Disable all methods besides HEAD, GET, and POST
	if ($request_method !~ ^(GET\|HEAD\|POST)$) {
	return 444;
	}

	# Do not log attempts for common files
	location ~ ^/(favicon.ico\|robots.txt) {
	access_log off;
	log_not_found off;
	}

	# Deny access to hidden files
	location /. {
	access_log off;
	log_not_found off;
	return 404;
	}
	# Deny access to files the public doesn't need
	location ~* ^.+(\.(txt\|log\|engine\|inc\|info\|install\|make\|module\|profile\|test\|po\|sh\|sql\|theme\|tpl(\.php)?\|xtmpl))$ {
	internal;
	}

	# Deny access to other PHP files
	location ~ \../.\.php {
	internal;
	}

	# Deny access to private and backups
	location ~* ^/sites/.*/(private\|files/backup_migrate)/ {
	access_log off;
	return 404;
	}

	# Attempt to serve the request by trying direct file, directory, Drupal Controller
	location / {
	try_files $uri $uri/ /index.php?q=$uri&$args;
	}

	# Check: http://wiki.nginx.org/Pitfalls
	location ~* (install\|update\|apc\|info)\.php$ {
	auth_basic "Restricted";
	auth_basic_user_file .htpasswd;

	# filter out problem conditions
	location ~ \../.\.php$ { return 404; }

	# bring in parameters
	include conf.d/fastcgi.conf;

	# send to upstream
	fastcgi_pass phpfpm;
	}

	# Below locations are for image cache
	location ~* files/styles {
	access_log off;
	log_not_found off;
	expires max;
	try_files $uri @image_rewrite;
	}

	location @image_rewrite {
	rewrite ^/(.*)$ /index.php?q=$1;
	}

	# Pass PHP scripts to PHP-FPM daemon
	# Check: http://wiki.nginx.org/Pitfalls
	location ~* \.php$ {
	# filter out problem conditions
	location ~ \../.\.php$ { return 404; }

	# bring in parameters
	include conf.d/fastcgi.conf;

	# send requests to upstream
	fastcgi_pass phpfpm;
	}
	# Tell upstream who is making the request
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_redirect off;

	# Allow to complete long running requests
	proxy_read_timeout 600s;

	# Do not cache dynamic content
	expires off;

	# PHP Settings
	include fastcgi_params;
	fastcgi_connect_timeout 15s;
	fastcgi_send_timeout 3600s;
	fastcgi_read_timeout 3600s;

	fastcgi_buffer_size 128k;
	fastcgi_buffers 512 16k;
	fastcgi_busy_buffers_size 256k;
	fastcgi_temp_file_write_size 256k;

	fastcgi_intercept_errors off;
	fastcgi_ignore_client_abort off;

	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_index index.php;
	fastcgi_param QUERY_STRING $query_string;
	fastcgi_param REQUEST_METHOD $request_method;
	fastcgi_param CONTENT_TYPE $content_type;
	fastcgi_param CONTENT_LENGTH $content_length;

	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param REQUEST_URI $request_uri;
	fastcgi_param DOCUMENT_URI $document_uri;
	fastcgi_param DOCUMENT_ROOT $document_root;
	fastcgi_param SERVER_PROTOCOL $server_protocol;
	fastcgi_param HTTPS $https if_not_empty;

	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

	fastcgi_param REMOTE_ADDR $remote_addr;
	fastcgi_param REMOTE_PORT $remote_port;
	fastcgi_param SERVER_ADDR $server_addr;
	fastcgi_param SERVER_PORT $server_port;
	fastcgi_param SERVER_NAME $server_name;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param REDIRECT_STATUS 200;
	# Deny access to files the public doesn't need
	location ^~ /(app\|config\|includes\|lib\|media/customer\|media/downloadable\|pkginfo\|report/config.xml\|shell\|var)/ {
	internal;
	}

	# Attempt to serve the request by trying direct file, directory, Magento front controller
	location / {
	try_files $uri $uri/ /index.php?$args;
	expires max;
	}

	# The downloader has its own index.php that needs to be used
	location ~* ^(/downloader)(.*) {
	try_files $uri $uri/ /downloader/index.php$1;
	}

	# REST API endpoint
	location /api {
	rewrite ^/api/rest /api.php?type=rest last;
	rewrite ^/api/v2_soap /api.php?type=v2_soap last;
	rewrite ^/api/soap /api.php?type=soap last;
	}

	# Pass PHP scripts to PHP-FPM daemon
	# Check: http://wiki.nginx.org/Pitfalls
	location ~* \.php$ {
	# filter out problem conditions
	location ~ \../.\.php$ { return 404; }

	# bring in parameters
	include conf.d/fastcgi.conf;
	fastcgi_param MAGE_IS_DEVELOPER_MODE true;
	fastcgi_param MAGE_RUN_CODE default;
	fastcgi_param MAGE_RUN_TYPE store;

	# send requests to Upstream, but blacklist media location from fcgi
	if ($uri !~ "^/(media)/") {
	fastcgi_pass phpfpm;
	}
	}
	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxMainModule
	#----------------------------------------------------------------------
	user prm staff;
	worker_processes 2;
	pid /usr/local/var/run/nginx/nginx.pid;

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxEventsModule
	#----------------------------------------------------------------------
	events {
	worker_connections 1024;
	accept_mutex off;
	}

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxHttpCoreModule
	#----------------------------------------------------------------------
	http {
	include mime.types;
	access_log /usr/local/var/log/nginx/access.log;
	error_log /usr/local/var/log/nginx/error.log warn;

	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] $request '
	'"$status" $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	charset utf-8;

	# compression
	gzip on;
	gzip_buffers 16 8k;
	gzip_comp_level 2;
	gzip_disable "MSIE [1-6].(?!.*SV1)";
	gzip_http_version 1.0;
	gzip_min_length 10240;
	gzip_proxied any;
	gzip_static on;
	gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
	gzip_vary on;

	# general options
	client_body_buffer_size 512k;
	client_body_timeout 15;
	client_header_timeout 15;
	client_max_body_size 24m;
	ignore_invalid_headers on;
	keepalive_timeout 2 2;
	keepalive_requests 200;
	merge_slashes on;
	recursive_error_pages on;
	reset_timedout_connection on;
	sendfile on;
	send_timeout 15;
	server_names_hash_bucket_size 128;
	server_name_in_redirect off;
	server_tokens off;
	tcp_nodelay off;
	tcp_nopush on;
	types_hash_max_size 2048;
	underscores_in_headers on;

	# cache options
	#open_file_cache max=10000 inactive=30s;
	#open_file_cache_valid 5m;
	#open_file_cache_min_uses 5;
	#open_file_cache_errors off;

	# detect https
	map $scheme $fastcgi_https {
	default "";
	https on;
	}

	# PHP-FPM
	upstream phpfpm {
	server unix:/usr/local/var/run/php-fpm.sock;
	#server unix:/var/run/php-fpm/php-fpm.sock1 weight=1 max_fails=5 fail_timeout=10;
	#server unix:/var/run/php-fpm/php-fpm.sock2 weight=1 max_fails=5 fail_timeout=10;
	#server 127.0.0.1:9000;
	}

	# include active sites
	include /usr/local/etc/nginx/sites-enabled/*;
	}
	;;;;;;;;;;;;;;;;;;;;;
	; FPM Configuration ;
	;;;;;;;;;;;;;;;;;;;;;

	;;;;;;;;;;;;;;;;;;
	; Global Options ;
	;;;;;;;;;;;;;;;;;;

	[global]
	; Pid file
	; Default Value: none
	pid = /usr/local/var/run/php-fpm.pid

	; Error log file
	; Default Value: log/php-fpm.log
	error_log = /usr/local/var/log/php-fpm.log

	; Log level
	; Possible Values: alert, error, warning, notice, debug
	; Default Value: notice
	log_level = notice

	; If this number of child processes exit with SIGSEGV or SIGBUS within the time
	; interval set by emergency_restart_interval then FPM will restart. A value
	; of '0' means 'Off'.
	; Default Value: 0
	emergency_restart_threshold = 10

	; Interval of time used by emergency_restart_interval to determine when
	; a graceful restart will be initiated. This can be useful to work around
	; accidental corruptions in an accelerator's shared memory.
	; Available Units: s(econds), m(inutes), h(ours), or d(ays)
	; Default Unit: seconds
	; Default Value: 0
	emergency_restart_interval = 1m

	; Time limit for child processes to wait for a reaction on signals from master.
	; Available units: s(econds), m(inutes), h(ours), or d(ays)
	; Default Unit: seconds
	; Default Value: 0
	process_control_timeout = 10s

	;;;;;;;;;;;;;;;;;;;;
	; Pool Definitions ;
	;;;;;;;;;;;;;;;;;;;;

	include=/usr/local/etc/php/5.5/pool.d/*.conf
	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	# Attempted to match last if rules below fail.
	# http://wiki.nginx.org/HttpCoreModule
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;

	# Pass PHP scripts to PHP-FPM daemon
	# Check: http://wiki.nginx.org/Pitfalls
	location ~* \.php$ {
	# filter out problem conditions
	location ~ \../.\.php$ { return 404; }

	# bring in parameters
	include conf.d/fastcgi.conf;

	# send requests to upstream
	fastcgi_pass phpfpm;
	}