Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
TheLastCicada.com Nginx file
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# Microcaching
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=thelastcicada:20m inactive=60m max_size=200m;
fastcgi_cache_key "$scheme://request_method$host$request_uri";
fastcgi_ignore_headers Cache-Control Expires;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server_names_hash_bucket_size 64;
include /etc/nginx/conf.d/*.conf;
}
server {
##DM - uncomment following line for domain mapping
listen 443 default_server ssl spdy;
server_name thelastcicada.com www.thelastcicada.com;
##DM - uncomment following line for domain mapping
#server_name_in_redirect off;
access_log /var/log/nginx/thelastcicada.com.access.log;
error_log /var/log/nginx/thelastcicada.com.error.log;
root /var/www/html/thelastcicada.com;
index index.php;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_buffer_size 8k;
ssl_dhparam /etc/nginx/ssl/dh4096.pem;
ssl_session_cache shared:SSL:10m;
#ssl_certificate /etc/nginx/ssl/thelastcicada_com.crt;
ssl_certificate /etc/nginx/ssl/ssl-bundle6.crt;
ssl_certificate_key /etc/nginx/ssl/thelastcicada.key;
ssl_session_timeout 10m;
# Add SSL stapling
ssl_stapling on;
resolver 8.8.8.8;
# Compress the SSL headers
spdy_headers_comp 6;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Announce the SPDY alternate protocal
add_header Alternate-Protocol 443:npn-spdy/3,443:npn-spdy/2;
#add_header X-Frame-Options DENY;
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
# Microcaching
#Cache everything by default
set $no_cache 0;
#Don't cache logged in users or commenters
if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(wp-admin/|wp-login.php)")
{
set $no_cache 1;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#matches keys_zone in fastcgi_cache_path
fastcgi_cache thelastcicada;
#don't serve pages defined earlier
fastcgi_cache_bypass $no_cache;
#don't cache pages defined earlier
fastcgi_no_cache $no_cache;
#defines the default cache time
fastcgi_cache_valid any 90s;
#unsure what the impacts of this variable is
fastcgi_max_temp_file_size 2M;
#Use stale cache items while updating in the background
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_cache_lock on;
fastcgi_cache_lock_timeout 10s;
add_header X-Cache $upstream_cache_status;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ /\. { deny all; access_log off; log_not_found off; }
# This should match upload_max_filesize in php.ini
client_max_body_size 20M;
}
server {
##DM - uncomment following line for domain mapping
#listen 80;
server_name thelastcicada.com *.thelastcicada.com;
rewrite (.*) https://thelastcicada.com$1 permanent;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment