Skip to content

Instantly share code, notes, and snippets.

@9zigen

9zigen/CS-Cart Nginx config example

Created June 27, 2019 12:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 9zigen/6b6f7ea5004263b39b373a5850f4ed08 to your computer and use it in GitHub Desktop.
Save 9zigen/6b6f7ea5004263b39b373a5850f4ed08 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CS-Cart Nginx config example
#######################################################################
# CUSTOM NGINX CS-CART SETUP
# Simon Nicklin @SimonNjO
#######################################################################
#######################################################################
# A default configuration for domains and IP address.
#######################################################################
server {
listen 80;
server_name _;
root /var/www/empty;
# Redirecting to our store by default
location / {
return 301 $scheme://WWW.WEBSITEDOMAIN.COM$request_uri;
}
}
#######################################################################
# Description and configuration of the primary domain for the store.
#######################################################################
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name DEVURL.COM WEBSITEDOMAIN.COM WWW.WEBSITEDOMAIN.COM;
include snippets/ids.lsservers.co.uk.conf;
include snippets/ssl-params.conf;
# Default encoding
charset utf-8;
# Location of the log files
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log;
############################################################################
# Used by Lets encrypt to validate domain
location ~ /.well-known {
allow all;
}
############################################################################
# The main directory of your store
root /var/www/public;
# fastcgi_buffering off;
# fastcgi_keep_conn on; # < solution
# proxy_buffering off;
# Compression
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/plain application/xml
application/javascript
text/css
text/js
text/xml
application/x-javascript
text/javascript
application/json
application/xml+rss;
# Other settings
client_max_body_size 100m;
client_body_buffer_size 128k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 16k;
# The entry point of your store
location / {
#######################################################################
# Restrict access during development.
#######################################################################
# auth_basic "Restricted";
# auth_basic_user_file /var/www/.htpasswd;
# The main directory of your store
root /var/www/public;
# The main script
index index.php index.html index.htm;
# For API
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last;
# The script search logic uses the following order: file, directory, script
try_files $uri $uri/ @fallback;
}
# Rewrite rules for the SEO module
location @fallback {
rewrite ^(.*)$ /index.php?$args last;
}
# The first rule for searching static files.
location ~* \.(jpeg|ico|jpg|gif|png|css|js|pdf|txt|tar|gz|wof|csv|zip|xml|yml) {
access_log off;
log_not_found off;
# The rule for searching static files. If the server can’t find the file in the store folder, it will use the @statics rule.
# For example, if your store is located at mynewshop.tk/shop/
try_files $uri @statics;
expires 14d;
add_header Access-Control-Allow-Origin *;
add_header Cache-Control public;
root /var/www/public;
}
# The rule for searching static files of the storefront. For example, when you have 2 storefronts in different directories: mynewshop.tk and mynewshop.tk/shop/
location @statics {
rewrite ^/(\w+)/(.*)$ /$2 break;
access_log off;
rewrite_log off;
expires 14d;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
root /var/www/public;
}
# Processing PHP scripts
location ~ \.php$ {
root /var/www/public;
add_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 61;
fastcgi_read_timeout 61;
# The path to the PHP-FPM daemon socket
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# fastcgi_buffering off;
try_files $uri $uri/ =404;
}
#
# Denying the ability to run PHP in the directories for security reasons.
#
location /app/ {
deny all;
# Allowing to run the script for 1C data exchange.
location ^~ /app/addons/rus_exim_1c/exim_1c.php {
allow all;
}
}
# Allowing to run the payment methods scripts.
location /app/payments/ {
allow all;
}
# Forbidding PHP in the /design directory.
location /design/ {
allow all;
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ {
deny all;
}
}
# Forbidding PHP in the /images directory.
location /images/ {
allow all;
location ~* \.([pP][hH][pP].?)$ {
deny all;
}
}
# Allowing static files only in the /var directory.
location /var/ {
deny all;
location ~* \.(js|css|png|jpg|gz|xml|yml)$ {
allow all;
expires 1M;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
}
# Blocking outside access to the store’s database backups (/var/database)
location /var/database/ {
deny all;
}
# Denying access to the template backups
location /var/skins_repository/ {
allow all;
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ {
deny all;
}
}
# Processing API
location ~* api/ {
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last;
}
# Denying access to .htaccess and .htpasswd
location ~ /\.ht {
deny all;
}
}
Raw
CS-Cart Nginx config using Laravel Forge
#######################################################################
# CUSTOM NGINX CS-CART SETUP
# Simon Nicklin @SimonNjO
# Replace DOMAINNAME with your domain name
#######################################################################
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/DOMAINNAME/before/*;
#######################################################################
# Description and configuration of the primary domain for the store.
#######################################################################
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name DEVURL.COM DOMAINNAME.COM WWW.DOMAINNAME.COM;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Default encoding
charset utf-8;
# Location of the log files
access_log off;
error_log /var/log/nginx/DOMAINNAME-error.log error;
# Don't log common files
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/DOMAINNAME/server/*;
# The main directory of your store
root /home/forge/DOMAINNAME/public;
# fastcgi_buffering off;
# fastcgi_keep_conn on; # < solution
# proxy_buffering off;
# Compression
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/plain application/xml
application/javascript
text/css
text/js
text/xml
application/x-javascript
text/javascript
application/json
application/xml+rss;
# Other settings
client_max_body_size 100m;
client_body_buffer_size 128k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 16k;
# The entry point of your store
location / {
#######################################################################
# Restrict access during development.
#######################################################################
# auth_basic "Restricted";
# auth_basic_user_file /var/www/.htpasswd;
# The main directory of your store
root /home/forge/DOMAINNAME/public;
# The main script
index index.php index.html index.htm;
# For API
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last;
# The script search logic uses the following order: file, directory, script
try_files $uri $uri/ @fallback;
}
# Rewrite rules for the SEO module
location @fallback {
rewrite ^(.*)$ /index.php?$args last;
}
# The first rule for searching static files.
location ~* \.(jpeg|ico|jpg|gif|png|css|js|pdf|txt|tar|gz|wof|csv|zip|xml|yml) {
access_log off;
log_not_found off;
# The rule for searching static files. If the server can’t find the file in the store folder, it will use the @statics rule.
# For example, if your store is located at mynewshop.tk/shop/
try_files $uri @statics;
expires 14d;
add_header Access-Control-Allow-Origin *;
add_header Cache-Control public;
root /home/forge/DOMAINNAME/public;
}
# The rule for searching static files of the storefront. For example, when you have 2 storefronts in different directories: mynewshop.tk and mynewshop.tk/shop/
location @statics {
rewrite ^/(\w+)/(.*)$ /$2 break;
access_log off;
rewrite_log off;
expires 14d;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
root /home/forge/DOMAINNAME/public;
}
# Processing PHP scripts
location ~ \.php$ {
root /var/www/public;
add_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 61;
fastcgi_read_timeout 61;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# The path to the PHP-FPM daemon socket
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# fastcgi_buffering off;
try_files $uri $uri/ =404;
}
#
# Denying the ability to run PHP in the directories for security reasons.
#
location /app/ {
deny all;
# Allowing to run the script for 1C data exchange.
location ^~ /app/addons/rus_exim_1c/exim_1c.php {
allow all;
}
}
# Allowing to run the payment methods scripts.
location /app/payments/ {
allow all;
}
# Forbidding PHP in the /design directory.
location /design/ {
allow all;
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ {
deny all;
}
}
# Forbidding PHP in the /images directory.
location /images/ {
allow all;
location ~* \.([pP][hH][pP].?)$ {
deny all;
}
}
# Allowing static files only in the /var directory.
location /var/ {
deny all;
location ~* \.(js|css|png|jpg|gz|xml|yml)$ {
allow all;
expires 1M;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
}
# Blocking outside access to the store’s database backups (/var/database)
location /var/database/ {
deny all;
}
# Denying access to the template backups
location /var/skins_repository/ {
allow all;
location ~* \.([tT][pP][lL]|[pP][hH][pP].?)$ {
deny all;
}
}
# Processing API
location ~* api/ {
rewrite ^/api/(.*)$ /api.php?_d=$1&ajax_custom=1&$args last;
}
# Denying access to .htaccess and .htpasswd
location ~ /\.ht {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/DOMAINNAME/after/*;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment