TheLastCicada.com Nginx file

TheLastCicada.com nginx.conf

user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    # Microcaching
    fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=thelastcicada:20m inactive=60m max_size=200m;
    fastcgi_cache_key "$scheme://request_method$host$request_uri";
    fastcgi_ignore_headers Cache-Control Expires;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    
    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    server_names_hash_bucket_size 64;

    include /etc/nginx/conf.d/*.conf;
}

TheLastCicada.conf nginx server config

server {
        ##DM - uncomment following line for domain mapping
        listen 443 default_server ssl spdy;
        server_name thelastcicada.com www.thelastcicada.com;
        ##DM - uncomment following line for domain mapping
        #server_name_in_redirect off;

        access_log   /var/log/nginx/thelastcicada.com.access.log;
        error_log    /var/log/nginx/thelastcicada.com.error.log;

        root /var/www/html/thelastcicada.com;
        index index.php;

        ssl    on;
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers               ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_buffer_size           8k;

        ssl_dhparam /etc/nginx/ssl/dh4096.pem;

        ssl_session_cache shared:SSL:10m;

        #ssl_certificate    /etc/nginx/ssl/thelastcicada_com.crt;
        ssl_certificate    /etc/nginx/ssl/ssl-bundle6.crt;
        ssl_certificate_key    /etc/nginx/ssl/thelastcicada.key;

        ssl_session_timeout    10m;

        # Add SSL stapling
        ssl_stapling    on;
        resolver        8.8.8.8;
        
        # Compress the SSL headers
        spdy_headers_comp    6;

        #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

        # Announce the SPDY alternate protocal
        add_header    Alternate-Protocol 443:npn-spdy/3,443:npn-spdy/2;
        #add_header X-Frame-Options DENY;

        if (!-e $request_filename) {
                rewrite /wp-admin$ $scheme://$host$uri/ permanent;
                rewrite ^(/[^/]+)?(/wp-.*) $2 last;
                rewrite ^(/[^/]+)?(/.*\.php) $2 last;
        }

        location / {
                try_files $uri $uri/ /index.php?$args ;
        }

        # Microcaching
        #Cache everything by default
        set $no_cache 0;

        #Don't cache logged in users or commenters
        if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
                set $no_cache 1;
        }

        #Don't cache the following URLs
        if ($request_uri ~* "/(wp-admin/|wp-login.php)")
        {
                set $no_cache 1;
        }
        
       location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

                include /etc/nginx/fastcgi_params;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                #matches keys_zone in fastcgi_cache_path
                fastcgi_cache thelastcicada;

                #don't serve pages defined earlier
                fastcgi_cache_bypass $no_cache;

                #don't cache pages defined earlier
                fastcgi_no_cache $no_cache;

                #defines the default cache time
                fastcgi_cache_valid any 90s;

                #unsure what the impacts of this variable is
                fastcgi_max_temp_file_size 2M;

                #Use stale cache items while updating in the background
                fastcgi_cache_use_stale updating error timeout invalid_header http_500;
                fastcgi_cache_lock on;
                fastcgi_cache_lock_timeout 10s;

                add_header X-Cache $upstream_cache_status;

        }

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                access_log off; log_not_found off; expires max;
        }

        location ~ /\. { deny  all; access_log off; log_not_found off; }

        # This should match upload_max_filesize in php.ini
        client_max_body_size 20M;
}

server {
        ##DM - uncomment following line for domain mapping
        #listen 80;
        server_name thelastcicada.com *.thelastcicada.com;

        rewrite (.*) https://thelastcicada.com$1 permanent;

}