Created
June 27, 2019 12:53
-
-
Save 9zigen/6b6f7ea5004263b39b373a5850f4ed08 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
####################################################################### | |
# CUSTOM NGINX CS-CART SETUP | |
# Simon Nicklin @SimonNjO | |
####################################################################### | |
####################################################################### | |
# A default configuration for domains and IP address. | |
####################################################################### | |
server { | |
listen 80; | |
server_name _; | |
root /var/www/empty; | |
# Redirecting to our store by default | |
location / { | |
return 301 $scheme://WWW.WEBSITEDOMAIN.COM$request_uri; | |
} | |
} | |
####################################################################### | |
# Description and configuration of the primary domain for the store. | |
####################################################################### | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
listen 443 ssl http2 default_server; | |
listen [::]:443 ssl http2 default_server; | |
server_name DEVURL.COM WEBSITEDOMAIN.COM WWW.WEBSITEDOMAIN.COM; | |
include snippets/ids.lsservers.co.uk.conf; | |
include snippets/ssl-params.conf; | |
# Default encoding | |
charset utf-8; | |
# Location of the log files | |
access_log /var/log/nginx/access.log combined; | |
error_log /var/log/nginx/error.log; | |
############################################################################ | |
# Used by Lets encrypt to validate domain | |
location ~ /.well-known { | |
allow all; | |
} | |
############################################################################ | |
# The main directory of your store | |
root /var/www/public; | |
# fastcgi_buffering off; | |
# fastcgi_keep_conn on; # < solution | |
# proxy_buffering off; | |
# Compression | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_comp_level 6; | |
gzip_min_length 1100; | |
gzip_buffers 16 8k; | |
gzip_proxied any; | |
gzip_types text/plain application/xml | |
application/javascript | |
text/css | |
text/js | |
text/xml | |
application/x-javascript | |
text/javascript | |
application/json | |
application/xml+rss; | |
# Other settings | |
client_max_body_size 100m; | |
client_body_buffer_size 128k; | |
client_header_timeout 3m; | |
client_body_timeout 3m; | |
send_timeout 3m; | |
client_header_buffer_size 1k; | |
large_client_header_buffers 4 16k; | |
# The entry point of your store | |
location / { | |
####################################################################### | |
# Restrict access during development. | |
####################################################################### | |
# auth_basic "Restricted"; | |
# auth_basic_user_file /var/www/.htpasswd; | |
# The main directory of your store | |
root /var/www/public; | |
# The main script | |
index index.php index.html index.htm; | |
# For API | |
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last; | |
# The script search logic uses the following order: file, directory, script | |
try_files $uri $uri/ @fallback; | |
} | |
# Rewrite rules for the SEO module | |
location @fallback { | |
rewrite ^(.*)$ /index.php?$args last; | |
} | |
# The first rule for searching static files. | |
location ~* \.(jpeg|ico|jpg|gif|png|css|js|pdf|txt|tar|gz|wof|csv|zip|xml|yml) { | |
access_log off; | |
log_not_found off; | |
# The rule for searching static files. If the server can’t find the file in the store folder, it will use the @statics rule. | |
# For example, if your store is located at mynewshop.tk/shop/ | |
try_files $uri @statics; | |
expires 14d; | |
add_header Access-Control-Allow-Origin *; | |
add_header Cache-Control public; | |
root /var/www/public; | |
} | |
# The rule for searching static files of the storefront. For example, when you have 2 storefronts in different directories: mynewshop.tk and mynewshop.tk/shop/ | |
location @statics { | |
rewrite ^/(\w+)/(.*)$ /$2 break; | |
access_log off; | |
rewrite_log off; | |
expires 14d; | |
add_header Cache-Control public; | |
add_header Access-Control-Allow-Origin *; | |
root /var/www/public; | |
} | |
# Processing PHP scripts | |
location ~ \.php$ { | |
root /var/www/public; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
proxy_read_timeout 61; | |
fastcgi_read_timeout 61; | |
# The path to the PHP-FPM daemon socket | |
fastcgi_pass unix:/run/php/php7.0-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
# fastcgi_buffering off; | |
try_files $uri $uri/ =404; | |
} | |
# | |
# Denying the ability to run PHP in the directories for security reasons. | |
# | |
location /app/ { | |
deny all; | |
# Allowing to run the script for 1C data exchange. | |
location ^~ /app/addons/rus_exim_1c/exim_1c.php { | |
allow all; | |
} | |
} | |
# Allowing to run the payment methods scripts. | |
location /app/payments/ { | |
allow all; | |
} | |
# Forbidding PHP in the /design directory. | |
location /design/ { | |
allow all; | |
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ { | |
deny all; | |
} | |
} | |
# Forbidding PHP in the /images directory. | |
location /images/ { | |
allow all; | |
location ~* \.([pP][hH][pP].?)$ { | |
deny all; | |
} | |
} | |
# Allowing static files only in the /var directory. | |
location /var/ { | |
deny all; | |
location ~* \.(js|css|png|jpg|gz|xml|yml)$ { | |
allow all; | |
expires 1M; | |
add_header Cache-Control public; | |
add_header Access-Control-Allow-Origin *; | |
} | |
} | |
# Blocking outside access to the store’s database backups (/var/database) | |
location /var/database/ { | |
deny all; | |
} | |
# Denying access to the template backups | |
location /var/skins_repository/ { | |
allow all; | |
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ { | |
deny all; | |
} | |
} | |
# Processing API | |
location ~* api/ { | |
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last; | |
} | |
# Denying access to .htaccess and .htpasswd | |
location ~ /\.ht { | |
deny all; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
####################################################################### | |
# CUSTOM NGINX CS-CART SETUP | |
# Simon Nicklin @SimonNjO | |
# Replace DOMAINNAME with your domain name | |
####################################################################### | |
# FORGE CONFIG (DO NOT REMOVE!) | |
include forge-conf/DOMAINNAME/before/*; | |
####################################################################### | |
# Description and configuration of the primary domain for the store. | |
####################################################################### | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
listen 443 ssl http2 default_server; | |
listen [::]:443 ssl http2 default_server; | |
server_name DEVURL.COM DOMAINNAME.COM WWW.DOMAINNAME.COM; | |
# FORGE SSL (DO NOT REMOVE!) | |
# ssl_certificate; | |
# ssl_certificate_key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; | |
ssl_prefer_server_ciphers on; | |
ssl_dhparam /etc/nginx/dhparams.pem; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Content-Type-Options "nosniff"; | |
# Default encoding | |
charset utf-8; | |
# Location of the log files | |
access_log off; | |
error_log /var/log/nginx/DOMAINNAME-error.log error; | |
# Don't log common files | |
location = /favicon.ico { access_log off; log_not_found off; } | |
location = /robots.txt { access_log off; log_not_found off; } | |
# FORGE CONFIG (DO NOT REMOVE!) | |
include forge-conf/DOMAINNAME/server/*; | |
# The main directory of your store | |
root /home/forge/DOMAINNAME/public; | |
# fastcgi_buffering off; | |
# fastcgi_keep_conn on; # < solution | |
# proxy_buffering off; | |
# Compression | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_comp_level 6; | |
gzip_min_length 1100; | |
gzip_buffers 16 8k; | |
gzip_proxied any; | |
gzip_types text/plain application/xml | |
application/javascript | |
text/css | |
text/js | |
text/xml | |
application/x-javascript | |
text/javascript | |
application/json | |
application/xml+rss; | |
# Other settings | |
client_max_body_size 100m; | |
client_body_buffer_size 128k; | |
client_header_timeout 3m; | |
client_body_timeout 3m; | |
send_timeout 3m; | |
client_header_buffer_size 1k; | |
large_client_header_buffers 4 16k; | |
# The entry point of your store | |
location / { | |
####################################################################### | |
# Restrict access during development. | |
####################################################################### | |
# auth_basic "Restricted"; | |
# auth_basic_user_file /var/www/.htpasswd; | |
# The main directory of your store | |
root /home/forge/DOMAINNAME/public; | |
# The main script | |
index index.php index.html index.htm; | |
# For API | |
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last; | |
# The script search logic uses the following order: file, directory, script | |
try_files $uri $uri/ @fallback; | |
} | |
# Rewrite rules for the SEO module | |
location @fallback { | |
rewrite ^(.*)$ /index.php?$args last; | |
} | |
# The first rule for searching static files. | |
location ~* \.(jpeg|ico|jpg|gif|png|css|js|pdf|txt|tar|gz|wof|csv|zip|xml|yml) { | |
access_log off; | |
log_not_found off; | |
# The rule for searching static files. If the server can’t find the file in the store folder, it will use the @statics rule. | |
# For example, if your store is located at mynewshop.tk/shop/ | |
try_files $uri @statics; | |
expires 14d; | |
add_header Access-Control-Allow-Origin *; | |
add_header Cache-Control public; | |
root /home/forge/DOMAINNAME/public; | |
} | |
# The rule for searching static files of the storefront. For example, when you have 2 storefronts in different directories: mynewshop.tk and mynewshop.tk/shop/ | |
location @statics { | |
rewrite ^/(\w+)/(.*)$ /$2 break; | |
access_log off; | |
rewrite_log off; | |
expires 14d; | |
add_header Cache-Control public; | |
add_header Access-Control-Allow-Origin *; | |
root /home/forge/DOMAINNAME/public; | |
} | |
# Processing PHP scripts | |
location ~ \.php$ { | |
root /var/www/public; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
proxy_read_timeout 61; | |
fastcgi_read_timeout 61; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
# The path to the PHP-FPM daemon socket | |
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
# fastcgi_buffering off; | |
try_files $uri $uri/ =404; | |
} | |
# | |
# Denying the ability to run PHP in the directories for security reasons. | |
# | |
location /app/ { | |
deny all; | |
# Allowing to run the script for 1C data exchange. | |
location ^~ /app/addons/rus_exim_1c/exim_1c.php { | |
allow all; | |
} | |
} | |
# Allowing to run the payment methods scripts. | |
location /app/payments/ { | |
allow all; | |
} | |
# Forbidding PHP in the /design directory. | |
location /design/ { | |
allow all; | |
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ { | |
deny all; | |
} | |
} | |
# Forbidding PHP in the /images directory. | |
location /images/ { | |
allow all; | |
location ~* \.([pP][hH][pP].?)$ { | |
deny all; | |
} | |
} | |
# Allowing static files only in the /var directory. | |
location /var/ { | |
deny all; | |
location ~* \.(js|css|png|jpg|gz|xml|yml)$ { | |
allow all; | |
expires 1M; | |
add_header Cache-Control public; | |
add_header Access-Control-Allow-Origin *; | |
} | |
} | |
# Blocking outside access to the store’s database backups (/var/database) | |
location /var/database/ { | |
deny all; | |
} | |
# Denying access to the template backups | |
location /var/skins_repository/ { | |
allow all; | |
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ { | |
deny all; | |
} | |
} | |
# Processing API | |
location ~* api/ { | |
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last; | |
} | |
# Denying access to .htaccess and .htpasswd | |
location ~ /\.ht { | |
deny all; | |
} | |
} | |
# FORGE CONFIG (DO NOT REMOVE!) | |
include forge-conf/DOMAINNAME/after/*; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment