tmslnz/Nginx Megaconf

## Nginx Megaconf
server {
    server_name     "~^((?<subdomain>www)\.)?(?<domain>location\.com)$";
    index 		    index.php index.htm index.html default.asp;

    ## Performs 301 redirects to non-www plus other minor things.
    #include         templates/server.main.conf;
    # ----------------------------------------------------------------------->

    # set main domain root to _
    if ($subdomain = "") {
        set $subdomain _;
    }

    # Ditch www
    if ($subdomain ~ www) { rewrite ^(.*) http://$domain$1 permanent; }

    # favicon shitso
    rewrite ^/(.*)/favicon.ico$ /favicon.ico last;
    location ~* ^/favicon\..*$ { try_files $uri @empty_gif; }
    location @empty_gif { empty_gif; }
    # <-----------------------------------------------------------------------


    # Set root and logs semi-automatically from the <named matches> above.
    root 		    /home/location/domains/$domain/$subdomain;
    access_log	    /home/location/domains/.logs/$domain.$subdomain.access.log;
    error_log	    /home/location/domains/.logs/$domain.$subdomain.error.log;


    ## include         templates/location.symphony2.conf;
    # ----------------------------------------------------------------------->
    # Serve static files directly, otherwise pass as parameters
    try_files $uri $uri/  /index.php?symphony-page=$uri&$args;

    # Symphony admin redirects
    location ~ ^/symphony(/?.*)$ {
        # If not requesting assest files...
        if (!-f $request_filename) {
            # ...internal redirect Symphony admin, which in turn will redirect to...
            rewrite ^/symphony/?$ /index.php?mode=administration&$query_string last;
            # ...some admin page.
            rewrite ^/symphony(/(.*/?))?$ /index.php?symphony-page=$1&mode=administration&$query_string last;
        }
    }

    # Any request to /images/ that is not a real file, send it to JIT
    location ~ ^/image/(.*)$ {
        try_files $uri $uri/ /extensions/jit_image_manipulation/lib/image.php?param=$1;
    }


    ## Pretty standard includes you might want to leave here.
    #include         templates/server.listen.local-only.conf;
    # ----------------------------------------------------------------------->
    listen 127.0.0.1:8081;


    #include         templates/gzip-settings.conf;
    # ----------------------------------------------------------------------->
    gzip  on;
    gzip_disable "msie6";
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types 	text/plain
    			text/css
    			text/javascript
    			text/xml
    			application/json
    			application/x-javascript
    			application/xml
    			application/xml+rss;

    # make sure gzip does not lose large gzipped js or css files (see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl)
    gzip_buffers 16 8k;


    #include         templates/location.deny.conf;
    # ----------------------------------------------------------------------->
    location ~ /\.ht {
        deny  all;
    }

    location ~ /\.hg {
        deny  all;
    }

    location ~ /\.git {
        deny  all;
    }


    #include         templates/server.nolog-assets.conf;
    # ----------------------------------------------------------------------->
    # this is proboably being overridden by previous location{} blocks, as Nginx stops at the first match if two collide.
    location ~* ^/.*\.(jpe|g)|(gif)|(css)|(less)|(png)|(js)|(ico)$ {
      access_log        off;
      #log_not_found     off;
      expires           30d;
    }


    #include         templates/location.php5-socket.conf;
    # ----------------------------------------------------------------------->
    uninitialized_variable_warn off;


        #include templates/location.php5-security.conf;
        # ------------------------------------------------------------------->
        # should anyone manage to upload malicious PHP files, we block execution from some dirs.
        # these are usually upload dirs or static assets dirs
        location ~* ^(.*)?/uploads/(.*)?\.php($|/)$ {return 403;}
        location ~* ^(.*)?/images/(.*)?\.php($|/)$ {return 403;}
        location ~* ^(.*)?/videos/(.*)?\.php($|/)$ {return 403;}
        location ~* ^(.*)?/media/(.*)?\.php($|/)$ {return 403;}
        location ~* ^(.*)?/static/(.*)?\.php($|/)$ {return 403;}
        location ~* ^(.*)?/web/(.*)?\.php($|/)$ {return 403;}


    # We ONLY execute scripts ending in .php for safety's sake.
    location ~ (.*)?\.php($|/) {

        # No tricks
    	if (!-f $request_filename) {
    		return 404;
    	}

        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_pass            unix:/tmp/php5-fpm.sock;
    	fastcgi_index           index.php;
    	#include                 templates/fastcgi-params.conf;
    	# ------------------------------------------------------------------->
    	fastcgi_param  SCRIPT_FILENAME      $document_root$fastcgi_script_name; # index.php or whatever is set as index
        fastcgi_param  QUERY_STRING         $query_string; # foo=123&bar=blahblah;

        # for POST requests
        fastcgi_param  REQUEST_METHOD       $request_method;
        fastcgi_param  CONTENT_TYPE         $content_type;
        fastcgi_param  CONTENT_LENGTH       $content_length;

        fastcgi_param  SCRIPT_NAME          $fastcgi_script_name;
        fastcgi_param  REQUEST_URI          $request_uri; # /foo/bar.php?arg=baz
        fastcgi_param  DOCUMENT_URI         $document_uri;
        fastcgi_param  DOCUMENT_ROOT        $document_root;
        fastcgi_param  SERVER_PROTOCOL      $server_protocol;

        fastcgi_param  GATEWAY_INTERFACE    CGI/1.1;
        fastcgi_param  SERVER_SOFTWARE      nginx/$nginx_version;

        fastcgi_param  REMOTE_ADDR          $remote_addr;
        fastcgi_param  REMOTE_PORT          $remote_port;
        fastcgi_param  SERVER_ADDR          $server_addr;
        fastcgi_param  SERVER_PORT          $server_port;
        fastcgi_param  SERVER_NAME          $server_name;

        # PHP only, required if PHP was built with --enable-force-cgi-redirect
        fastcgi_param  REDIRECT_STATUS      200;

        # This directive determines whether or not to transfer 4xx and 5xx errors back
        # to the client or to allow Nginx to answer with directive error_page
        fastcgi_intercept_errors            off;

        # This directive determines if current request to the FastCGI-server must be
        # aborted in case the client aborts the request to the server.
        fastcgi_ignore_client_abort         off;

        # Directive sets timeout period for connection with FastCGI-server.
        # It should be noted that this value can't exceed 75 seconds.
        fastcgi_connect_timeout             60;

        # Directive sets the amount of time for upstream to wait for a fastcgi process
        # to send data. Change this directive if you have long running fastcgi processes
        # that do not produce output until they have finished processing.
        # If you are seeing an upstream timed out error in the error log, then increase
        # this parameter to something more appropriate.
        fastcgi_send_timeout                180;
        fastcgi_read_timeout                180;

        # Sets the buffer size to 16k + 256 * 16k = 4112k. Anything greater than 4M
        # goes to disk
        fastcgi_buffers                     8 256k;

        # By default, the buffer size is equal to the size of one buffer in
        # fastcgi_buffers. This directive allows you to set it to an arbitrary value.
        fastcgi_buffer_size                 128k;

        #fastcgi_busy_buffers_size           256k;
        #fastcgi_temp_file_write_size        256k;
    }
}
	server {
	server_name "~^((?<subdomain>www)\.)?(?<domain>location\.com)$";
	index index.php index.htm index.html default.asp;

	## Performs 301 redirects to non-www plus other minor things.
	#include templates/server.main.conf;
	# ----------------------------------------------------------------------->

	# set main domain root to _
	if ($subdomain = "") {
	set $subdomain _;
	}

	# Ditch www
	if ($subdomain ~ www) { rewrite ^(.*) http://$domain$1 permanent; }

	# favicon shitso
	rewrite ^/(.*)/favicon.ico$ /favicon.ico last;
	location ~* ^/favicon\..*$ { try_files $uri @empty_gif; }
	location @empty_gif { empty_gif; }
	# <-----------------------------------------------------------------------




	# Set root and logs semi-automatically from the <named matches> above.
	root /home/location/domains/$domain/$subdomain;
	access_log /home/location/domains/.logs/$domain.$subdomain.access.log;
	error_log /home/location/domains/.logs/$domain.$subdomain.error.log;




	## include templates/location.symphony2.conf;
	# ----------------------------------------------------------------------->
	# Serve static files directly, otherwise pass as parameters
	try_files $uri $uri/ /index.php?symphony-page=$uri&$args;

	# Symphony admin redirects
	location ~ ^/symphony(/?.*)$ {
	# If not requesting assest files...
	if (!-f $request_filename) {
	# ...internal redirect Symphony admin, which in turn will redirect to...
	rewrite ^/symphony/?$ /index.php?mode=administration&$query_string last;
	# ...some admin page.
	rewrite ^/symphony(/(.*/?))?$ /index.php?symphony-page=$1&mode=administration&$query_string last;
	}
	}

	# Any request to /images/ that is not a real file, send it to JIT
	location ~ ^/image/(.*)$ {
	try_files $uri $uri/ /extensions/jit_image_manipulation/lib/image.php?param=$1;
	}





	## Pretty standard includes you might want to leave here.
	#include templates/server.listen.local-only.conf;
	# ----------------------------------------------------------------------->
	listen 127.0.0.1:8081;





	#include templates/gzip-settings.conf;
	# ----------------------------------------------------------------------->
	gzip on;
	gzip_disable "msie6";
	gzip_http_version 1.1;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_proxied any;
	gzip_types text/plain
	text/css
	text/javascript
	text/xml
	application/json
	application/x-javascript
	application/xml
	application/xml+rss;

	# make sure gzip does not lose large gzipped js or css files (see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl)
	gzip_buffers 16 8k;





	#include templates/location.deny.conf;
	# ----------------------------------------------------------------------->
	location ~ /\.ht {
	deny all;
	}

	location ~ /\.hg {
	deny all;
	}

	location ~ /\.git {
	deny all;
	}





	#include templates/server.nolog-assets.conf;
	# ----------------------------------------------------------------------->
	# this is proboably being overridden by previous location{} blocks, as Nginx stops at the first match if two collide.
	location ~* ^/.*\.(jpe\|g)\|(gif)\|(css)\|(less)\|(png)\|(js)\|(ico)$ {
	access_log off;
	#log_not_found off;
	expires 30d;
	}





	#include templates/location.php5-socket.conf;
	# ----------------------------------------------------------------------->
	uninitialized_variable_warn off;



	#include templates/location.php5-security.conf;
	# ------------------------------------------------------------------->
	# should anyone manage to upload malicious PHP files, we block execution from some dirs.
	# these are usually upload dirs or static assets dirs
	location ~* ^(.)?/uploads/(.)?\.php($\|/)$ {return 403;}
	location ~* ^(.)?/images/(.)?\.php($\|/)$ {return 403;}
	location ~* ^(.)?/videos/(.)?\.php($\|/)$ {return 403;}
	location ~* ^(.)?/media/(.)?\.php($\|/)$ {return 403;}
	location ~* ^(.)?/static/(.)?\.php($\|/)$ {return 403;}
	location ~* ^(.)?/web/(.)?\.php($\|/)$ {return 403;}




	# We ONLY execute scripts ending in .php for safety's sake.
	location ~ (.*)?\.php($\|/) {

	# No tricks
	if (!-f $request_filename) {
	return 404;
	}

	fastcgi_split_path_info ^(.+\.php)(.*)$;
	fastcgi_pass unix:/tmp/php5-fpm.sock;
	fastcgi_index index.php;
	#include templates/fastcgi-params.conf;
	# ------------------------------------------------------------------->
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # index.php or whatever is set as index
	fastcgi_param QUERY_STRING $query_string; # foo=123&bar=blahblah;

	# for POST requests
	fastcgi_param REQUEST_METHOD $request_method;
	fastcgi_param CONTENT_TYPE $content_type;
	fastcgi_param CONTENT_LENGTH $content_length;

	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param REQUEST_URI $request_uri; # /foo/bar.php?arg=baz
	fastcgi_param DOCUMENT_URI $document_uri;
	fastcgi_param DOCUMENT_ROOT $document_root;
	fastcgi_param SERVER_PROTOCOL $server_protocol;

	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

	fastcgi_param REMOTE_ADDR $remote_addr;
	fastcgi_param REMOTE_PORT $remote_port;
	fastcgi_param SERVER_ADDR $server_addr;
	fastcgi_param SERVER_PORT $server_port;
	fastcgi_param SERVER_NAME $server_name;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param REDIRECT_STATUS 200;

	# This directive determines whether or not to transfer 4xx and 5xx errors back
	# to the client or to allow Nginx to answer with directive error_page
	fastcgi_intercept_errors off;

	# This directive determines if current request to the FastCGI-server must be
	# aborted in case the client aborts the request to the server.
	fastcgi_ignore_client_abort off;

	# Directive sets timeout period for connection with FastCGI-server.
	# It should be noted that this value can't exceed 75 seconds.
	fastcgi_connect_timeout 60;

	# Directive sets the amount of time for upstream to wait for a fastcgi process
	# to send data. Change this directive if you have long running fastcgi processes
	# that do not produce output until they have finished processing.
	# If you are seeing an upstream timed out error in the error log, then increase
	# this parameter to something more appropriate.
	fastcgi_send_timeout 180;
	fastcgi_read_timeout 180;

	# Sets the buffer size to 16k + 256 * 16k = 4112k. Anything greater than 4M
	# goes to disk
	fastcgi_buffers 8 256k;

	# By default, the buffer size is equal to the size of one buffer in
	# fastcgi_buffers. This directive allows you to set it to an arbitrary value.
	fastcgi_buffer_size 128k;

	#fastcgi_busy_buffers_size 256k;
	#fastcgi_temp_file_write_size 256k;
	}
	}