TheLastCicada/TheLastCicada.com nginx.conf

## TheLastCicada.com nginx.conf

user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    # Microcaching
    fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=thelastcicada:20m inactive=60m max_size=200m;
    fastcgi_cache_key "$scheme://request_method$host$request_uri";
    fastcgi_ignore_headers Cache-Control Expires;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    server_names_hash_bucket_size 64;

    include /etc/nginx/conf.d/*.conf;
}

## TheLastCicada.conf nginx server config
server {
        ##DM - uncomment following line for domain mapping
        listen 443 default_server ssl spdy;
        server_name thelastcicada.com www.thelastcicada.com;
        ##DM - uncomment following line for domain mapping
        #server_name_in_redirect off;

        access_log   /var/log/nginx/thelastcicada.com.access.log;
        error_log    /var/log/nginx/thelastcicada.com.error.log;

        root /var/www/html/thelastcicada.com;
        index index.php;

        ssl    on;
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers               ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_buffer_size           8k;

        ssl_dhparam /etc/nginx/ssl/dh4096.pem;

        ssl_session_cache shared:SSL:10m;

        #ssl_certificate    /etc/nginx/ssl/thelastcicada_com.crt;
        ssl_certificate    /etc/nginx/ssl/ssl-bundle6.crt;
        ssl_certificate_key    /etc/nginx/ssl/thelastcicada.key;

        ssl_session_timeout    10m;

        # Add SSL stapling
        ssl_stapling    on;
        resolver        8.8.8.8;

        # Compress the SSL headers
        spdy_headers_comp    6;

        #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

        # Announce the SPDY alternate protocal
        add_header    Alternate-Protocol 443:npn-spdy/3,443:npn-spdy/2;
        #add_header X-Frame-Options DENY;

        if (!-e $request_filename) {
                rewrite /wp-admin$ $scheme://$host$uri/ permanent;
                rewrite ^(/[^/]+)?(/wp-.*) $2 last;
                rewrite ^(/[^/]+)?(/.*\.php) $2 last;
        }

        location / {
                try_files $uri $uri/ /index.php?$args ;
        }

        # Microcaching
        #Cache everything by default
        set $no_cache 0;

        #Don't cache logged in users or commenters
        if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
                set $no_cache 1;
        }

        #Don't cache the following URLs
        if ($request_uri ~* "/(wp-admin/|wp-login.php)")
        {
                set $no_cache 1;
        }

       location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

                include /etc/nginx/fastcgi_params;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                #matches keys_zone in fastcgi_cache_path
                fastcgi_cache thelastcicada;

                #don't serve pages defined earlier
                fastcgi_cache_bypass $no_cache;

                #don't cache pages defined earlier
                fastcgi_no_cache $no_cache;

                #defines the default cache time
                fastcgi_cache_valid any 90s;

                #unsure what the impacts of this variable is
                fastcgi_max_temp_file_size 2M;

                #Use stale cache items while updating in the background
                fastcgi_cache_use_stale updating error timeout invalid_header http_500;
                fastcgi_cache_lock on;
                fastcgi_cache_lock_timeout 10s;

                add_header X-Cache $upstream_cache_status;

        }

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                access_log off; log_not_found off; expires max;
        }

        location ~ /\. { deny  all; access_log off; log_not_found off; }

        # This should match upload_max_filesize in php.ini
        client_max_body_size 20M;
}

server {
        ##DM - uncomment following line for domain mapping
        #listen 80;
        server_name thelastcicada.com *.thelastcicada.com;

        rewrite (.*) https://thelastcicada.com$1 permanent;

}

	user www-data;
	worker_processes 1;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	# Microcaching
	fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=thelastcicada:20m inactive=60m max_size=200m;
	fastcgi_cache_key "$scheme://request_method$host$request_uri";
	fastcgi_ignore_headers Cache-Control Expires;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	server_names_hash_bucket_size 64;

	include /etc/nginx/conf.d/*.conf;
	}
	server {
	##DM - uncomment following line for domain mapping
	listen 443 default_server ssl spdy;
	server_name thelastcicada.com www.thelastcicada.com;
	##DM - uncomment following line for domain mapping
	#server_name_in_redirect off;

	access_log /var/log/nginx/thelastcicada.com.access.log;
	error_log /var/log/nginx/thelastcicada.com.error.log;

	root /var/www/html/thelastcicada.com;
	index index.php;

	ssl on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	ssl_buffer_size 8k;

	ssl_dhparam /etc/nginx/ssl/dh4096.pem;

	ssl_session_cache shared:SSL:10m;

	#ssl_certificate /etc/nginx/ssl/thelastcicada_com.crt;
	ssl_certificate /etc/nginx/ssl/ssl-bundle6.crt;
	ssl_certificate_key /etc/nginx/ssl/thelastcicada.key;

	ssl_session_timeout 10m;

	# Add SSL stapling
	ssl_stapling on;
	resolver 8.8.8.8;

	# Compress the SSL headers
	spdy_headers_comp 6;

	#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

	# Announce the SPDY alternate protocal
	add_header Alternate-Protocol 443:npn-spdy/3,443:npn-spdy/2;
	#add_header X-Frame-Options DENY;

	if (!-e $request_filename) {
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;
	rewrite ^(/[^/]+)?(/wp-.*) $2 last;
	rewrite ^(/[^/]+)?(/.*\.php) $2 last;
	}

	location / {
	try_files $uri $uri/ /index.php?$args ;
	}

	# Microcaching
	#Cache everything by default
	set $no_cache 0;

	#Don't cache logged in users or commenters
	if ( $http_cookie ~* "comment_author_\|wordpress_(?!test_cookie)\|wp-postpass_" ) {
	set $no_cache 1;
	}

	#Don't cache the following URLs
	if ($request_uri ~* "/(wp-admin/\|wp-login.php)")
	{
	set $no_cache 1;
	}

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	include /etc/nginx/fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

	#matches keys_zone in fastcgi_cache_path
	fastcgi_cache thelastcicada;

	#don't serve pages defined earlier
	fastcgi_cache_bypass $no_cache;

	#don't cache pages defined earlier
	fastcgi_no_cache $no_cache;

	#defines the default cache time
	fastcgi_cache_valid any 90s;

	#unsure what the impacts of this variable is
	fastcgi_max_temp_file_size 2M;

	#Use stale cache items while updating in the background
	fastcgi_cache_use_stale updating error timeout invalid_header http_500;
	fastcgi_cache_lock on;
	fastcgi_cache_lock_timeout 10s;

	add_header X-Cache $upstream_cache_status;

	}

	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	access_log off; log_not_found off; expires max;
	}

	location ~ /\. { deny all; access_log off; log_not_found off; }

	# This should match upload_max_filesize in php.ini
	client_max_body_size 20M;
	}

	server {
	##DM - uncomment following line for domain mapping
	#listen 80;
	server_name thelastcicada.com *.thelastcicada.com;

	rewrite (.*) https://thelastcicada.com$1 permanent;

	}