Skip to content

Instantly share code, notes, and snippets.

@CHERTS

CHERTS/mysite.js

Last active November 5, 2017 17:19
Show Gist options
  • Save CHERTS/d68579165fa164f45b23311f37694181 to your computer and use it in GitHub Desktop.
Save CHERTS/d68579165fa164f45b23311f37694181 to your computer and use it in GitHub Desktop.
Download ZIP
Image resize with nginx (this is replace phpThumb script)
Raw
mysite.js
// Image resize with nginx (this is replace phpThumb script)
function escapeRegExp(str) {
return str.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1");
}
function replaceAll(str, find, replace) {
return str.replace(new RegExp(escapeRegExp(find), 'g'), replace);
}
function isEmpty(str) {
return (!str || 0 === str.length);
}
function js_get_uri_src_dirname(req, res) {
var src, decoded;
src = req.args["src"];
if(isEmpty(src)) {
decoded = "/s/images/no-photo.jpg";
} else {
decoded = decodeURIComponent(src);
}
var dirname = decoded.replace(/[^\\\/]*$/, '');
return dirname;
}
function js_get_image_uri(req, res) {
var uri, src, w, h, q, decoded, filename, dirname;
src = req.args["src"];
w = req.args["w"];
h = req.args["h"];
q = req.args["q"];
if(isEmpty(src)) {
decoded = "/s/images/no-photo.jpg";
} else {
src = replaceAll(src, "+", "%20");
decoded = decodeURIComponent(src);
}
filename = decoded.replace(/^.*[\\\/]/, '');
if(isEmpty(w)) {
w = "150";
}
if(isEmpty(h)) {
h = "150";
}
if(isEmpty(q)) {
q = "90";
}
dirname = decoded.replace(/[^\\\/]*$/, '');
uri = "image_resize/" + filename + "?width=" + w + "&height=" + h + "&path=" + dirname + "&quality=" + q;
return uri;
}
function js_get_image_filename(req, res) {
var image_filename, src, w, h, q, decoded, filename, dirname;
src = req.args["src"];
w = req.args["w"];
h = req.args["h"];
q = req.args["q"];
if(isEmpty(src)) {
decoded = "/s/images/no-photo.jpg";
} else {
src = replaceAll(src, "+", "%20");
decoded = decodeURIComponent(src);
}
filename = decoded.replace(/^.*[\\\/]/, '');
if(isEmpty(w)) {
w = "150";
}
if(isEmpty(h)) {
h = "150";
}
if(isEmpty(q)) {
q = "90";
}
dirname = decoded.replace(/[^\\\/]*$/, '');
image_filename = dirname + w + h + q + "_" + filename;
return image_filename;
}
function js_get_resized_image_filename(req, res) {
var resized_image_filename, src, w, h, q, decoded, filename, dirname;
src = req.args["src"];
w = req.args["w"];
h = req.args["h"];
q = req.args["q"];
if(isEmpty(src)) {
decoded = "/s/images/no-photo.jpg";
} else {
src = replaceAll(src, "+", "%20");
decoded = decodeURIComponent(src);
}
filename = decoded.replace(/^.*[\\\/]/, '');
if(isEmpty(w)) {
w = "150";
}
if(isEmpty(h)) {
h = "150";
}
if(isEmpty(q)) {
q = "90";
}
dirname = decoded.replace(/[^\\\/]*$/, '');
resized_image_filename = w + h + q + "_" + filename + "?path=" + dirname;
return resized_image_filename;
}
Raw
mysite.ru.vhost
# Image resize with nginx (this is replace phpThumb script)
js_include mysite.js;
js_set $js_get_uri_src_dirname js_get_uri_src_dirname;
js_set $js_get_image_uri js_get_image_uri;
js_set $js_get_image_filename js_get_image_filename;
js_set $js_get_resized_image_filename js_get_resized_image_filename;
server {
set $dm mysite.ru;
set $cs utf-8;
set $docroot /var/www/mysite.ru/web;
listen XX.XX.XX.XX:80;
listen XX.XX.XX.XX:443 http2 ssl;
server_name www.mysite.ru;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/mysite.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.ru/privkey.pem;
ssl_session_cache shared:MYSITESSL:10m;
ssl_session_timeout 5m;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/letsencrypt-ca.pem;
ssl_stapling_responder http://ocsp.int-x3.letsencrypt.org;
return 301 $scheme://$dm$request_uri;
}
server {
set $dm mysite.ru;
set $cs utf-8;
set $docroot /var/www/mysite.ru/web;
set $fastcgipass unix:/var/lib/php5-fpm/xxx.sock;
# Image resize with nginx (this is replace phpThumb script)
set $image_resize_dir /var/www/mysite.ru/private/image_resize;
listen XX.XX.XX.XX:80;
listen XX.XX.XX.XX:443 http2 ssl;
server_name mysite.ru;
root $docroot;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/mysite.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.ru/privkey.pem;
ssl_session_cache shared:MYSITESSL:10m;
ssl_session_timeout 5m;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/letsencrypt-ca.pem;
ssl_stapling_responder http://ocsp.int-x3.letsencrypt.org;
index index.php index.html index.htm;
error_log /var/www/mysite.ru/log/error.log;
access_log /var/www/mysite.ru/log/access.log main flush=1m buffer=256k;
## Disable .htaccess and other hidden files
location ~* /\.(ht|svn|hg) {
deny all;
access_log off;
log_not_found off;
}
## Disable .gitignore file and .git directory
location ~ (/\.gitignore|/\.git) {
deny all;
access_log off;
log_not_found off;
}
# Image resize with nginx (this is replace phpThumb script)
location ^~ /phpThumb/ {
alias $image_resize_dir$js_get_uri_src_dirname;
access_log on;
set $image_filename $image_resize_dir$js_get_image_filename;
if (!-f $image_filename) {
proxy_pass http://127.0.0.1:81/$js_get_image_uri;
break;
}
if (-f $image_filename) {
proxy_pass http://127.0.0.1:81/$js_get_resized_image_filename;
break;
}
proxy_store $image_filename;
proxy_temp_path /tmp;
proxy_store_access user:rw group:rw all:r;
expires 168h;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|exe|xls|doc|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mov)$ {
expires $expires_image_and_media;
access_log off;
log_not_found off;
}
location ~* ^.+\.(css|js)$ {
expires $expires_css_js;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* /(netcat_dump|netcat_files)/.*\.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~ ^/(netcat_cache|netcat_trash)/ {
deny all;
access_log off;
log_not_found off;
}
location ~* ru_cp1251.js$ {
charset cp1251;
break;
}
location /netcat/FCKeditor {
client_body_buffer_size 128k;
charset utf-8;
index index.php;
}
location /netcat/editors/FCKeditor {
client_body_buffer_size 128k;
charset utf-8;
index index.php;
}
location /netcat/editors/ckeditor {
client_body_buffer_size 128k;
charset utf-8;
index index.php;
}
location /netcat/editors/ckeditor4 {
client_body_buffer_size 128k;
charset utf-8;
index index.php;
}
error_page 404 = @cms;
location / {
limit_req zone=req_limit_per_ip burst=40 nodelay;
charset $cs;
try_files $uri $uri/ @cms;
index index.php index.html index.htm;
}
location ~ \.php$ {
limit_req zone=req_limit_per_ip burst=50 nodelay;
try_files $uri @cms;
charset $cs;
include /etc/nginx/fastcgi_params;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_pass $fastcgipass;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location @cms {
limit_req zone=req_limit_per_ip burst=40 nodelay;
charset $cs;
include /etc/nginx/fastcgi_params;
fastcgi_pass $fastcgipass;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/netcat/require/e404.php;
fastcgi_param SCRIPT_NAME /netcat/require/e404.php;
fastcgi_param QUERY_STRING REQUEST_URI=$uri&$args;
}
}
# Image resize with nginx (this is replace phpThumb script)
server {
listen 127.0.0.1:81;
access_log off;
location / {
set $img_path $arg_path;
alias /var/www/mysite.ru/private/image_resize/$img_path;
}
location /image_resize {
set $img_width $arg_width;
set $img_height $arg_height;
set $img_quality $arg_quality;
set $img_path $arg_path;
alias /var/www/mysite.ru/web$img_path;
image_filter resize $img_width $img_height;
image_filter_jpeg_quality $img_quality;
image_filter_buffer 4M;
}
}
Raw
nginx.conf
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 51200;
worker_shutdown_timeout 30;
pid /run/nginx.pid;
load_module modules/ngx_http_image_filter_module.so;
load_module modules/ngx_http_js_module.so;
load_module modules/ngx_stream_js_module.so;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
##
# Tunning
##
server_tokens off;
sendfile on;
sendfile_max_chunk 128k;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60s;
keepalive_requests 500;
reset_timedout_connection on;
client_body_timeout 30s;
client_max_body_size 256m;
send_timeout 30s;
types_hash_max_size 2048;
server_names_hash_max_size 8192;
server_names_hash_bucket_size 128;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:kRSA+3DES:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
##
# Logging Settings
##
map $status $loggable {
~^[23] 1;
default 0;
}
log_format hosting '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$http_x_forwarded_for" "$host" $upstream_response_time';
log_format bytes '$bytes_sent';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
log_format postdata '$remote_addr [$time_local] "$request" $status "$request_body" "$http_cookie"';
log_format postdata_ext '$remote_addr [$time_local] "$host" "$request" $status "$request_body" "$http_cookie"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_min_length 512;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
gzip_disable msie6;
gzip_proxied any;
##
# nginx fastcgi config
##
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 120s;
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
## Set expires content map
map $http_host $expires_css_js {
default 24h;
}
map $http_host $expires_image_and_media {
default 14d;
}
# Zone limit
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
@CHERTS
Copy link
Author

CHERTS commented Aug 11, 2017
edited
Loading

This is a full nginx web server configuration for running CMS Netcat.
The server has nginx-1.13.4, nginx-module-image-filter, nginx-module-njs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment