Pross/domain.com.conf

## domain.com.conf
upstream php {
	server 127.0.0.1:9001;
}
upstream hhvm {
        server 127.0.0.1:9002;
}


fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache_fpm:100m max_size=1000m;
add_header rt-Fastcgi-Cache $upstream_cache_status;

server {

	access_log /var/log/nginx/pross-access.log;
	listen 443 ssl spdy;
	root /home/pross/public_html;
	index index.php index.html;

	# SSL Configuration
	ssl_certificate /etc/nginx/certs/ssl-unified.crt;
        ssl_certificate_key /etc/nginx/certs/ssl.key;
	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers         ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
	ssl_prefer_server_ciphers  on;
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout  24h;
	spdy_keepalive_timeout 300;
	spdy_headers_comp 6;
	add_header Alternate-Protocol  443:npn-spdy/3;
	add_header Strict-Transport-Security max-age=31536000;

	# See https://bjornjohansen.no/optimizing-https-nginx
	# on how to get the following 5 lines working properly
	ssl_dhparam /etc/nginx/certs/dhparam.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/ssl/certs/startssl.stapling.crt;
	resolver 8.8.8.8 8.8.4.4;

	gzip on;
	gzip_buffers 16 8k;
	gzip_comp_level 9;
	gzip_http_version 1.0;
	gzip_min_length 0;
	gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript;
	gzip_vary on;
	gzip_proxied expired no-cache no-store private auth;
	gzip_disable "MSIE [1-6]\.";

	location ~* \.(?:rss|atom)$ {
		expires 1h;
		add_header Cache-Control "public";
	}

	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
		expires 1M;
		access_log off;
		add_header Cache-Control "public";
	}

	location ~* \.(?:css|js)$ {
		expires 1y;
		access_log off;
		add_header Cache-Control "public";
	}

	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.(hh|php)$ {

	sub_filter </head>
	"<script>jQuery(document).ready(function(){jQuery('.p_stats').append(' Nginx: $upstream_cache_status')})</script></head>";
	sub_filter_once on;

	# Set some proxy cache stuff
	fastcgi_cache microcache_fpm;
	fastcgi_cache_key $scheme$host$request_method$request_uri;
	fastcgi_cache_valid 200 30s;
	fastcgi_cache_use_stale updating;
	fastcgi_max_temp_file_size 1M;
	fastcgi_cache_min_uses 3; # Hit a URL 3 times before caching it

	set $no_cache_set  0;
	set $no_cache_get  0;

	set $temp_caching_exemption 0;
	if ($request_method !~ ^(GET|HEAD)$) {
		set $temp_caching_exemption 1;
	}

	if ( $temp_caching_exemption = 1 ) {
		add_header Set-Cookie "_mcnc=1; Max-Age=10; Path=/";
	}

	# Bypass cache if no-cache cookie is set
	if ( $http_cookie ~* "_mcnc" ) {
		set $no_cache_set 1;
		set $no_cache_get 1;
	}

	if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
		set $no_cache_set 1;
		set $no_cache_get 1;
	}

	# fastcgi_no_cache means "Do not store this proxy response in the cache"
	fastcgi_no_cache $no_cache_set;

	# fastcgi_cache_bypass means "Do not look in the cache for this request"
	fastcgi_cache_bypass $no_cache_get;

	include        /etc/nginx/fastcgi_params;


	proxy_intercept_errors on;
	error_page 502 = @fpm;
	try_files      $uri =404;
	fastcgi_pass hhvm;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}

	location @fpm {
	try_files $uri /index.php;
	include /etc/nginx/fastcgi_params;
	fastcgi_pass php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}
	# Local includes
	include /home/pross/nginx.conf;
}
server {
  listen       443;
  server_name  www.pross.org.uk;
  return       301 https://pross.org.uk$request_uri;
}

server {
  listen       80;
  server_name  www.pross.org.uk;
  return       301 https://pross.org.uk$request_uri;
}

server {
  listen       80;
  server_name  pross.org.uk;
  return       301 https://pross.org.uk$request_uri;
}
	upstream php {
	server 127.0.0.1:9001;
	}
	upstream hhvm {
	server 127.0.0.1:9002;
	}


	fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache_fpm:100m max_size=1000m;
	add_header rt-Fastcgi-Cache $upstream_cache_status;

	server {

	access_log /var/log/nginx/pross-access.log;
	listen 443 ssl spdy;
	root /home/pross/public_html;
	index index.php index.html;

	# SSL Configuration
	ssl_certificate /etc/nginx/certs/ssl-unified.crt;
	ssl_certificate_key /etc/nginx/certs/ssl.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 24h;
	spdy_keepalive_timeout 300;
	spdy_headers_comp 6;
	add_header Alternate-Protocol 443:npn-spdy/3;
	add_header Strict-Transport-Security max-age=31536000;

	# See https://bjornjohansen.no/optimizing-https-nginx
	# on how to get the following 5 lines working properly
	ssl_dhparam /etc/nginx/certs/dhparam.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/ssl/certs/startssl.stapling.crt;
	resolver 8.8.8.8 8.8.4.4;

	gzip on;
	gzip_buffers 16 8k;
	gzip_comp_level 9;
	gzip_http_version 1.0;
	gzip_min_length 0;
	gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript;
	gzip_vary on;
	gzip_proxied expired no-cache no-store private auth;
	gzip_disable "MSIE [1-6]\.";

	location ~* \.(?:rss\|atom)$ {
	expires 1h;
	add_header Cache-Control "public";
	}

	location ~* \.(?:jpg\|jpeg\|gif\|png\|ico\|cur\|gz\|svg\|svgz\|mp4\|ogg\|ogv\|webm\|htc)$ {
	expires 1M;
	access_log off;
	add_header Cache-Control "public";
	}

	location ~* \.(?:css\|js)$ {
	expires 1y;
	access_log off;
	add_header Cache-Control "public";
	}

	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.(hh\|php)$ {

	sub_filter </head>
	"<script>jQuery(document).ready(function(){jQuery('.p_stats').append(' Nginx: $upstream_cache_status')})</script></head>";
	sub_filter_once on;

	# Set some proxy cache stuff
	fastcgi_cache microcache_fpm;
	fastcgi_cache_key $scheme$host$request_method$request_uri;
	fastcgi_cache_valid 200 30s;
	fastcgi_cache_use_stale updating;
	fastcgi_max_temp_file_size 1M;
	fastcgi_cache_min_uses 3; # Hit a URL 3 times before caching it

	set $no_cache_set 0;
	set $no_cache_get 0;

	set $temp_caching_exemption 0;
	if ($request_method !~ ^(GET\|HEAD)$) {
	set $temp_caching_exemption 1;
	}

	if ( $temp_caching_exemption = 1 ) {
	add_header Set-Cookie "_mcnc=1; Max-Age=10; Path=/";
	}

	# Bypass cache if no-cache cookie is set
	if ( $http_cookie ~* "_mcnc" ) {
	set $no_cache_set 1;
	set $no_cache_get 1;
	}

	if ( $http_cookie ~* "comment_author_\|wordpress_(?!test_cookie)\|wp-postpass_" ) {
	set $no_cache_set 1;
	set $no_cache_get 1;
	}

	# fastcgi_no_cache means "Do not store this proxy response in the cache"
	fastcgi_no_cache $no_cache_set;

	# fastcgi_cache_bypass means "Do not look in the cache for this request"
	fastcgi_cache_bypass $no_cache_get;

	include /etc/nginx/fastcgi_params;


	proxy_intercept_errors on;
	error_page 502 = @fpm;
	try_files $uri =404;
	fastcgi_pass hhvm;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}

	location @fpm {
	try_files $uri /index.php;
	include /etc/nginx/fastcgi_params;
	fastcgi_pass php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}
	# Local includes
	include /home/pross/nginx.conf;
	}
	server {
	listen 443;
	server_name www.pross.org.uk;
	return 301 https://pross.org.uk$request_uri;
	}

	server {
	listen 80;
	server_name www.pross.org.uk;
	return 301 https://pross.org.uk$request_uri;
	}

	server {
	listen 80;
	server_name pross.org.uk;
	return 301 https://pross.org.uk$request_uri;
	}