anthonyscolaro/nginx.files.etc.nginx.nginx-wordpress.conf.jinja Secret

## nginx.files.etc.nginx.nginx-wordpress.conf.jinja
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 1024;
        multi_accept on;
        use epoll;
}

http {
{% if grains.get('environment') == 'production' %}
	include /etc/nginx/pagespeed.conf;
{% endif %}
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
        reset_timedout_connection on;
	# server_tokens off;
	add_header rt-Fastcgi-Cache $upstream_cache_status;

	# memcached servers, generated according to wp-ffpc config
	upstream memcached-servers {
		server 127.0.0.1:11211;

	}

	# PHP-FPM upstream; change it accordingly to your local config!
	upstream php-fpm {
		server 127.0.0.1:9000;
	}

	open_file_cache          max=10000 inactive=5m;
	open_file_cache_valid    2m;
	open_file_cache_min_uses 1;
	open_file_cache_errors   on;

	fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m inactive=20m;
	fastcgi_cache_key "$scheme$request_method$host$request_uri";
	fastcgi_cache_use_stale error timeout invalid_header http_500;
	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

	server_names_hash_bucket_size 64;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	include /etc/nginx/conf.d/*.conf;
	include /var/www/nginx/*.conf;
}

## nginx.files.etc.nginx.pagespeed.conf
# Enable ngx_pagespeed
pagespeed on;
pagespeed FileCachePath /var/ngx_pagespeed_cache;  # Use tmpfs for best results.

pagespeed Statistics on;
pagespeed StatisticsLogging on;
pagespeed MessageBufferSize 100000;
pagespeed LogDir /var/log/pagespeed;

pagespeed StatisticsPath /ngx_pagespeed_statistics;
pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics;
pagespeed MessagesPath /ngx_pagespeed_message;
pagespeed ConsolePath /pagespeed_console;
pagespeed AdminPath /pagespeed_admin;
pagespeed GlobalAdminPath /pagespeed_global_admin;

pagespeed EnableCachePurge on;

# disable CoreFilters
#pagespeed RewriteLevel OptimizeForBandwidth;
#pagespeed RewriteLevel PassThrough;
pagespeed RewriteLevel CoreFilters;

# improve resource cacheability
pagespeed EnableFilters extend_cache;

# pre-solve DNS lookup
pagespeed EnableFilters insert_dns_prefetch;

# enable Collapse whitespace filter
pagespeed EnableFilters collapse_whitespace;

# remove comments
pagespeed EnableFilters remove_comments;

# Rewrite, resize and recompress images
pagespeed EnableFilters rewrite_images;
pagespeed EnableFilters convert_jpeg_to_progressive;
pagespeed EnableFilters recompress_images;
pagespeed DisableFilters insert_image_dimensions;

# Defer and minify and inline Javascript
pagespeed EnableFilters rewrite_javascript;
pagespeed EnableFilters combine_javascript;

# insert contents of small external JS into the HTML doc
pagespeed EnableFilters inline_javascript;
pagespeed JsInlineMaxBytes 500;

pagespeed DisableFilters defer_javascript;
pagespeed DisableFilters canonicalize_javascript_libraries;

# combine multiple CSS files into one
#pagespeed DisableFilters combine_css;
#pagespeed EnableFilters combine_css;

# rewrite CSS to load page-rendering CSS rules first.
#pagespeed EnableFilters prioritize_critical_css;

# Inline and minimize css
#pagespeed EnableFilters rewrite_css;
#pagespeed EnableFilters fallback_rewrite_css_urls;

# Loads CSS faster
#pagespeed EnableFilters move_css_above_scripts;
#pagespeed EnableFilters move_css_to_head;

# flatten CSS files by replacing @import with the imported file
pagespeed EnableFilters flatten_css_imports;
pagespeed CssFlattenMaxBytes 5120;

# defer the loading of images which are not visible to the client
#pagespeed DisableFilters lazyload_images;

# remove tags with default attributes
#pagespeed EnableFilters elide_attributes;

# inlines a small loader CSS into the webpage
pagespeed EnableFilters inline_google_font_css;

pagespeed FetchWithGzip on;
gzip  on;
gzip_vary on;
# Turn on gzip for all content types that should benefit from it.
gzip_types application/ecmascript;
gzip_types application/javascript;
gzip_types application/json;
gzip_types application/pdf;
gzip_types application/postscript;
gzip_types application/x-javascript;
gzip_types image/svg+xml;
gzip_types text/css;
gzip_types text/csv;
# "gzip_types text/html" is assumed.
gzip_types text/javascript;
gzip_types text/plain;
gzip_types text/xml;

gzip_http_version 1.0;

# To enable Varnish
#pagespeed DownstreamCachePurgeLocationPrefix http://127.0.0.1:80;
#pagespeed DownstreamCachePurgeMethod PURGE;
#pagespeed DownstreamCacheRewrittenPercentageThreshold 95;
#pagespeed DownstreamCacheRebeaconingKey Kgy8igJHvgjvghCVfcfhtcTHCFhc;

## nginx.files.var.www.nginx.nginx-wordpress.conf.jinja
server {
{% if salt["pillar.get"]('sites:'~grains['domain']~':SSL') == 'On' %}
	listen			443 ssl;
	listen			80;
{% else %}
	listen			80;
	listen 			[::]:80 ipv6only=on;
{% endif %}

{% if grains.get('environment') == 'production' %}
  {% if salt["pillar.get"]('sites:'~grains['domain']~':nginx-redirect') == 'True' %}
	server_name 	www.{{ grains['domain'] }};
  {% else %}
	server_name 	{{ grains['domain'] }};
  {% endif %}
{% endif %}

{% if grains.get('environment') == 'staging' %}
	server_name 	staging.{{ grains['domain'] }};
{% endif %}

{% if salt["pillar.get"]('sites:'~grains['domain']~':SSL') == 'On' %}
	ssl_certificate /etc/nginx/ssl/{{ grains['domain'] }}-chained.crt;
	ssl_certificate_key /etc/nginx/ssl/{{ grains['domain'] }}.key;
{% endif %}

	access_log      /var/www/{{ grains['domain'] }}/shared/log/access.log;
	error_log       /var/www/{{ grains['domain'] }}/shared/log/error.log;
	root            /var/www/{{ grains['domain'] }}/current/web/;
	index           index.php;

	#include		/var/www/{{ grains['domain'] }}/shared/system/nginx.conf;

	set $skip_cache 0;

	client_max_body_size    10m;
	client_body_buffer_size 128k;
	client_header_buffer_size 64k;
	server_name_in_redirect off;
	port_in_redirect off;

{% if grains.get('environment') == 'production' %}
	set $cache_uri $request_uri;

  	# let's speed up PageSpeed by storing it in the super duper fast memcached
  	pagespeed MemcachedThreads 1;
  	pagespeed MemcachedServers "localhost:11211";
{% endif %}

	# POST requests and urls with a query string should always go to PHP
	if ($request_method = POST) {
		set $cache_uri 'null cache';
		set $skip_cache 1;
	}
	if ($query_string != "") {
		set $cache_uri 'null cache';
		set $skip_cache 1;
	}

	# Don't cache uris containing the following segments
	if ($request_uri ~* "(/wp-admin/|/wp/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
		set $cache_uri 'null cache';
		set $skip_cache 1;
	}

	# Don't use the cache for logged in users or recent commenters
	if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
		set $skip_cache 1;
	}

{% if grains.get('environment') == 'production' %}
	location ~ "^/ngx_pagespeed_static/" { }
	location ~ "^/ngx_pagespeed_beacon$" { }
	location /ngx_pagespeed_statistics { allow 121.97.199.55; deny all; }
	location /ngx_pagespeed_global_statistics { allow 121.97.199.55; deny all; }
	location /ngx_pagespeed_message { allow 121.97.199.55; deny all; }
	location /pagespeed_console { allow 121.97.199.55; deny all; }
	location ~ ^/pagespeed_admin { allow 121.97.199.55; deny all; }
	location ~ ^/pagespeed_global_admin { allow 121.97.199.55; deny all; }

	# Ensure requests for pagespeed optimized resources go to the pagespeed handler
	# and no extraneous headers get set.
	location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; }
{% endif %}

        if (!-e $request_filename)
        {
                rewrite ^(.+)$ /index.php?q=$1 last;
        }

{% if grains.get('environment') == 'production' %}
	# try to get result from memcached
	location @memcached {
		default_type text/html;
		set $memcached_key data-$scheme://$host$request_uri;
		set $memcached_request 1;

		# exceptions
		# avoid cache serve of POST requests
		if ($request_method = POST ) {
			set $memcached_request 0;
			set $skip_cache 1;
			}

		# avoid cache serve of wp-admin-like pages, starting with "wp-"
		if ( $uri ~ "/wp-" ) {
			set $memcached_request 0;
			set $skip_cache 1;
		}

		# avoid cache serve of any URL with query strings
		if ( $args ) {
			set $memcached_request 0;
		}


		if ($http_cookie ~* "comment_author_|wordpressuser_|wp-postpass_|wordpress_logged_in_" ) {
			set $memcached_request 0;
			set $skip_cache 1;
		}


		if ( $memcached_request = 1) {

			memcached_pass memcached-servers;
			error_page 404 = @rewrites;
		}

		if ( $memcached_request = 0) {
			rewrite ^ /index.php last;
		}
		}

		## rewrite rules
		location @rewrites {
			add_header X-Cache-Engine "";
			rewrite ^ /index.php last;
		}
{% endif %}

	# Rewrites for WordPress SEO XML Sitemap
	rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

	location ~ /nginx.conf { deny all; access_log off; log_not_found off; }
	location = /favicon.ico { allow all; log_not_found off; access_log off;}
	location = /robots.txt { allow all; log_not_found off; access_log off; }
	location ~ /\. { access_log off; log_not_found off; deny all; }


{% if grains.get('environment') == 'production' %}
	# Cache static files for as long as possible
	location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
               expires max; log_not_found off; access_log off;
	}
{% endif %}

	location ~ \.php$ {
		try_files $uri = 404;
		fastcgi_pass 127.0.0.1:9000;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
		fastcgi_param QUERY_STRING    $args;
		fastcgi_connect_timeout 60;
		fastcgi_keep_conn on;
		fastcgi_send_timeout 180;
		fastcgi_read_timeout 180;
		fastcgi_buffer_size 512k;
		fastcgi_buffers 4 256k;
		fastcgi_busy_buffers_size 512k;
		fastcgi_temp_file_write_size 512k;
		fastcgi_hide_header 'X-Generator';
		fastcgi_index   index.php;
		fastcgi_param  SERVER_PORT 80;
		fastcgi_cache_bypass $skip_cache;
		fastcgi_no_cache $skip_cache;
		fastcgi_cache WORDPRESS;
		fastcgi_cache_valid  60m;
		error_page 405 = $uri;
	}

{% if grains.get('environment') == 'production' %}
	location ~ /purge(/.*) {
	    fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
	}

	# Uses referral-spam.conf from https://github.com/Stevie-Ray/apache-nginx-referral-spam-blacklist
	if ($bad_referer) {
		return 444;
	}
{% endif %}
}
{% if salt["pillar.get"]('sites:'~grains['domain']~':nginx-redirect') == 'True' %}
server {
	listen	[::]:80;
	server_name {{ grains['domain'] }};
	return 301 $scheme://www.{{ grains['domain'] }}$request_uri;
}
{% endif %}
{% if salt["pillar.get"]('sites:'~grains['domain']~':nginx-redirect') == 'False' %}
server {
	listen	[::]:80;
	server_name www.{{ grains['domain'] }};
	return 301 $scheme://{{ grains['domain'] }}$request_uri;
}
{% endif %}

## nginx.files.var.www.nginx.referral-spam.conf
# https://github.com/Stevie-Ray/apache-nginx-referral-spam-blacklist
# Updated 2015-10-06
#
# /etc/nginx/referral-spam.conf
#
# With referral-spam.conf in /etc/nginx, include it globally from within /etc/nginx/nginx.conf:
#
#     include referral-spam.conf;
#
# Add the following to each /etc/nginx/site-available/your-site.conf that needs protection:
#
#     server {
#       if ($bad_referer) {
#         return 444;
#       }
#     }
#
map $http_referer $bad_referer {
    default 0;

    "~*0n-line\.tv" 1;
    "~*100dollars-seo\.com" 1;
    "~*12masterov\.com" 1;
    "~*1pamm\.ru" 1;
    "~*4webmasters\.org" 1;
    "~*5forex\.ru" 1;
    "~*76brighton\.com" 1;
    "~*7makemoneyonline\.com" 1;
    "~*7zap\.com" 1;
    "~*abovetherivernc\.com" 1;
    "~*acads\.net" 1;
    "~*acunetix-referrer\.com" 1;
    "~*adcash\.com" 1;
    "~*addons\.mozilla\.org/en-US/firefox/addon/ilovevitaly" 1;
    "~*adelly\.bg" 1;
    "~*adspart\.com" 1;
    "~*adventureparkcostarica\.com" 1;
    "~*adviceforum\.info" 1;
    "~*advokateg\.co" 1;
    "~*advokateg\.com" 1;
    "~*advokateg\.ru" 1;
    "~*affordablewebsitesandmobileapps\.com" 1;
    "~*afora\.ru" 1;
    "~*akuhni\.by" 1;
    "~*alessandraleone\.com" 1;
    "~*alfa9\.com" 1;
    "~*alibestsale.com" 1;
    "~*allknow\.info" 1;
    "~*allnews\.md" 1;
    "~*allwomen\.info" 1;
    "~*alpharma\.net" 1;
    "~*altermix\.ua" 1;
    "~*amanda-porn\.ga" 1;
    "~*amt-k\.ru" 1;
    "~*anapa-inns\.ru" 1;
    "~*android-style\.com" 1;
    "~*anticrawler\.org" 1;
    "~*aosheng-tech\.com" 1;
    "~*arendakvartir\.kz" 1;
    "~*arkkivoltti\.net" 1;
    "~*artparquet\.ru" 1;
    "~*aruplighting\.com" 1;
    "~*audiobangout\.com" 1;
    "~*autovideobroadcast\.com" 1;
    "~*aviva-limoux\.com" 1;
    "~*avkzarabotok\.com" 1;
    "~*avkzarabotok\.info" 1;
    "~*azartclub\.org" 1;
    "~*bablonow\.ru" 1;
    "~*backgroundpictures\.net" 1;
    "~*baixar-musicas-gratis\.com" 1;
    "~*baladur\.ru" 1;
    "~*balitouroffice\.com" 1;
    "~*bard-real\.com\.ua" 1;
    "~*bbtec\.net" 1;
    "~*best-seo-offer\.com" 1;
    "~*best-seo-software\.xyz" 1;
    "~*best-seo-solution\.com" 1;
    "~*bestmobilityscooterstoday\.com" 1;
    "~*bestwebsitesawards\.com" 1;
    "~*bif-ru\.info" 1;
    "~*biglistofwebsites\.com" 1;
    "~*billiard-classic\.com\.ua" 1;
    "~*bioca\.org" 1;
    "~*bizru\.info" 1;
    "~*bkns\.vn" 1;
    "~*blackhatworth\.com" 1;
    "~*blackle\.com" 1;
    "~*blogtotal\.de" 1;
    "~*blue-square\.biz" 1;
    "~*bluerobot\.info" 1;
    "~*boleznikogi\.com" 1;
    "~*bookmark4you\.biz" 1;
    "~*bookmark4you\.com" 1;
    "~*brakehawk\.com" 1;
    "~*break-the-chains\.com" 1;
    "~*bristolhostel\.com" 1;
    "~*bristolhotel\.com" 1;
    "~*bristolhotel\.com\.ua" 1;
    "~*brk-rti\.ru" 1;
    "~*brothers-smaller\.ru" 1;
    "~*budmavtomatika\.com\.ua" 1;
    "~*burger-imperia\.com" 1;
    "~*buttons-for-website\.com" 1;
    "~*buttons-for-your-website\.com" 1;
    "~*buy-cheap-online\.info" 1;
    "~*buy-forum\.ru" 1;
    "~*buyantiviralwp\.com" 1;
    "~*buypharmacydrug\.com" 1;
    "~*callejondelpozo\.es" 1;
    "~*cardiosport\.com\.ua" 1;
    "~*cartechnic\.ru" 1;
    "~*cbcseward\.com" 1;
    "~*cenokos\.ru" 1;
    "~*cenoval\.ru" 1;
    "~*cezartabac\.ro" 1;
    "~*cherrypointplace\.ca" 1;
    "~*cherubinimobili\.it" 1;
    "~*chinese-amezon\.com" 1;
    "~*ci\.ua" 1;
    "~*cityadspix\.com" 1;
    "~*civilwartheater\.com" 1;
    "~*clicksor\.com" 1;
    "~*clmforexeu\.com" 1;
    "~*coderstate\.com" 1;
    "~*codysbbq\.com" 1;
    "~*conciergegroup\.org" 1;
    "~*connectikastudio\.com" 1;
    "~*constantaservice\.net" 1;
    "~*covadhosting\.biz" 1;
    "~*cubook\.supernew\.org" 1;
    "~*customsua\.com\.ua" 1;
    "~*dailyrank\.net" 1;
    "~*darodar\.com" 1;
    "~*delfin-aqua\.com\.ua" 1;
    "~*demenageur\.com" 1;
    "~*depositfiles-porn\.com" 1;
    "~*descargar-musica-gratis\.net" 1;
    "~*detskie-konstruktory\.ru" 1;
    "~*dipstar\.org" 1;
    "~*djekxa\.ru" 1;
    "~*dojki-hd\.com" 1;
    "~*domination\.ml" 1;
    "~*doska-vsem\.ru" 1;
    "~*dostavka-v-krym\.com" 1;
    "~*drupa\.com" 1;
    "~*dvr\.biz\.ua" 1;
    "~*e-buyeasy\.com" 1;
    "~*e-kwiaciarz\.pl" 1;
    "~*ecomp3\.ru" 1;
    "~*econom\.co" 1;
    "~*edakgfvwql\.ru" 1;
    "~*edelstahlschornstein-123\.de" 1;
    "~*egovaleo\.it" 1;
    "~*ekto\.ee" 1;
    "~*elitesportsadvisor\.com" 1;
    "~*elmifarhangi\.com" 1;
    "~*embedle\.com" 1;
    "~*erot\.co" 1;
    "~*escort-russian\.com" 1;
    "~*este-line\.com\.ua" 1;
    "~*euromasterclass\.ru" 1;
    "~*europages\.com\.ru" 1;
    "~*eurosamodelki\.ru" 1;
    "~*event-tracking\.com" 1;
    "~*extener\.com" 1;
    "~*extremez\.net" 1;
    "~*family1st\.ca" 1;
    "~*fbdownloader\.com" 1;
    "~*fbfreegifts\.com" 1;
    "~*feedouble\.com" 1;
    "~*feedouble\.net" 1;
    "~*filmetricsasia\.com" 1;
    "~*fitness-video\.net" 1;
    "~*fiverr\.com" 1;
    "~*floating-share-buttons\.com" 1;
    "~*forex-procto\.ru" 1;
    "~*forsex\.info" 1;
    "~*forum69\.info" 1;
    "~*foxtechfpv\.com" 1;
    "~*free-floating-buttons\.com" 1;
    "~*free-share-buttons\.com" 1;
    "~*free-social-buttons\.com" 1;
    "~*freeseedsonline\.com" 1;
    "~*freewhatsappload\.com" 1;
    "~*fsalas\.com" 1;
    "~*ftns\.ru" 1;
    "~*fungirlsgames\.net" 1;
    "~*funnypica\.com" 1;
    "~*generalporn\.org" 1;
    "~*germes-trans\.com" 1;
    "~*get-free-social-traffic\.com" 1;
    "~*get-free-traffic-now\.com" 1;
    "~*girlporn\.ru" 1;
    "~*gkvector\.ru" 1;
    "~*glavprofit\.ru" 1;
    "~*gobongo\.info" 1;
    "~*goodprotein\.ru" 1;
    "~*googlsucks\.com" 1;
    "~*gototal\.co\.nz" 1;
    "~*guardlink\.(com?|org)" 1;
    "~*h2monline\.com" 1;
    "~*handicapvantoday\.com" 1;
    "~*hazardky\.net" 1;
    "~*hol\.es" 1;
    "~*hongfanji\.com" 1;
    "~*hostcritique\.com" 1;
    "~*hostingclub\.lk" 1;
    "~*houseofrose\.com" 1;
    "~*howopen\.ru" 1;
    "~*howtostopreferralspam\.eu" 1;
    "~*hulfingtonpost\.com" 1;
    "~*humanorightswatch\.org" 1;
    "~*hundejo\.com" 1;
    "~*hvd-store\.com" 1;
    "~*ico\.re" 1;
    "~*igru-xbox\.net" 1;
    "~*iloveitaly\.ro" 1;
    "~*iloveitaly\.ru" 1;
    "~*ilovevitaly\.co" 1;
    "~*ilovevitaly\.com" 1;
    "~*ilovevitaly\.info" 1;
    "~*ilovevitaly\.org" 1;
    "~*ilovevitaly\.ro" 1;
    "~*ilovevitaly\.ru" 1;
    "~*iminent\.com" 1;
    "~*imperiafilm\.ru" 1;
    "~*inboxdollars\.com" 1;
    "~*intermesh\.net" 1;
    "~*investpamm\.ru" 1;
    "~*invivo\.hu" 1;
    "~*iskalko\.ru" 1;
    "~*ispaniya-costa-blanca\.ru" 1;
    "~*istanbulit\.com" 1;
    "~*it-max\.com\.ua" 1;
    "~*itronics\.ca" 1;
    "~*itsdp3\.com" 1;
    "~*jasonpartington\.com" 1;
    "~*jjbabskoe\.ru" 1;
    "~*joinandplay\.me" 1;
    "~*joingames\.org" 1;
    "~*justprofit\.xyz" 1;
    "~*jwss\.cc" 1;
    "~*kabbalah-red-bracelets\.com" 1;
    "~*kambasoft\.com" 1;
    "~*kazrent\.com" 1;
    "~*kino-fun\.ru" 1;
    "~*kino-key\.info" 1;
    "~*kinopolet\.net" 1;
    "~*knigonosha\.net" 1;
    "~*konkursov\.net" 1;
    "~*kosova\.de" 1;
    "~*laxdrills\.com" 1;
    "~*leadwayau\.com" 1;
    "~*littleberry\.ru" 1;
    "~*livefixer\.com" 1;
    "~*lmrauction\.com" 1;
    "~*lol-smurfs\.com" 1;
    "~*lombia\.co" 1;
    "~*lombia\.com" 1;
    "~*lumb\.co" 1;
    "~*luxup\.ru" 1;
    "~*m1media\.net" 1;
    "~*mainlinehobby\.net" 1;
    "~*makemoneyonline\.com" 1;
    "~*malls\.com" 1;
    "~*manualterap\.roleforum\.ru" 1;
    "~*maridan\.com\.au" 1;
    "~*masterseek\.com" 1;
    "~*maxthon\.com" 1;
    "~*mebelcomplekt\.ru" 1;
    "~*mebeldekor\.com\.au" 1;
    "~*med-zdorovie\.com\.au" 1;
    "~*medi-fitt\.hu" 1;
    "~*medicovi\.com" 1;
    "~*medispainstitute\.com\.au" 1;
    "~*meendo-free-traffic\.ga" 1;
    "~*mericanmopedstore\.com" 1;
    "~*micasainvest\.com" 1;
    "~*microsearch\.ru" 1;
    "~*minegam\.com" 1;
    "~*mini\.7zap\.com" 1;
    "~*mir-betting\.ru" 1;
    "~*mirobuvi\.com\.au" 1;
    "~*mirtorrent\.net" 1;
    "~*mobilemedia\.md" 1;
    "~*motion-interactive\.com" 1;
    "~*mountainstream\.ms" 1;
    "~*moyakuhnia\.ru" 1;
    "~*mpftpupload\.com" 1;
    "~*mrmoneymustache\.com" 1;
    "~*msk\.afora\.ru" 1;
    "~*muscle-factory\.com\.au" 1;
    "~*musicas\.baixar-musicas-gratis\.com" 1;
    "~*musicprojectfoundation\.com" 1;
    "~*myprintscreen\.com" 1;
    "~*nate\.com" 1;
    "~*niki-mlt\.ru" 1;
    "~*notaria-desalas\.com" 1;
    "~*noumeda\.com" 1;
    "~*novosti-hi-tech\.ru" 1;
    "~*o-o-6-o-o\.com" 1;
    "~*o-o-6-o-o\.ru" 1;
    "~*o-o-8-o-o\.com" 1;
    "~*o-o-8-o-o\.ru" 1;
    "~*offers\.bycontext\.com" 1;
    "~*online-hit\.info" 1;
    "~*onlywoman\.org" 1;
    "~*ooo-olni\.ru" 1;
    "~*openfrost\.com" 1;
    "~*openmediasoft\.com" 1;
    "~*osoznanie-narkotikam\.net" 1;
    "~*ozas\.net" 1;
    "~*palvira\.com\.au" 1;
    "~*paparazzistudios\.com\.au" 1;
    "~*petrovka-online\.com" 1;
    "~*photokitchendesign\.com" 1;
    "~*pizza-tycoon\.com" 1;
    "~*pochemychka\.net" 1;
    "~*poisk-zakona\.ru" 1;
    "~*pornhub-forum\.ga" 1;
    "~*pornhub-forum\.uni\.me" 1;
    "~*pornhub-ru\.com" 1;
    "~*pornoforadult\.com" 1;
    "~*portnoff\.od\.au" 1;
    "~*powitania\.pl" 1;
    "~*pozdravleniya-c\.ru" 1;
    "~*priceg\.com" 1;
    "~*pricheski-video\.com" 1;
    "~*princeadvantagesales\.com" 1;
    "~*prlog\.ru" 1;
    "~*producm\.ru" 1;
    "~*prodvigator\.au" 1;
    "~*prohoster\.info" 1;
    "~*prointer\.net\.au" 1;
    "~*promoforum\.ru" 1;
    "~*psa48\.ru" 1;
    "~*putitin\.me" 1;
    "~*pyrodesigns\.com\.au" 1;
    "~*qualitymarketzone\.com" 1;
    "~*qwesa\.ru" 1;
    "~*rankings-analytics\.com" 1;
    "~*ranksonic\.info" 1;
    "~*ranksonic\.org" 1;
    "~*rapidgator-porn\.ga" 1;
    "~*rcb101\.ru" 1;
    "~*realting-moscow\.ru" 1;
    "~*rednise\.com" 1;
    "~*rentalmaty\.kz" 1;
    "~*research\.ifmo\.ru" 1;
    "~*resellerclub\.com" 1;
    "~*retreatia\.com" 1;
    "~*reversing\.cc" 1;
    "~*rightenergysolutions\.com\.au" 1;
    "~*rospromtest\.ru" 1;
    "~*sady-urala\.ru" 1;
    "~*salutmontreal\.com" 1;
    "~*sanjosestartups\.com" 1;
    "~*savetubevideo\.com" 1;
    "~*screentoolkit\.com" 1;
    "~*search-error\.com" 1;
    "~*semalt\.com" 1;
    "~*semaltmedia\.com" 1;
    "~*seo-platform\.com" 1;
    "~*seo-smm\.kz" 1;
    "~*seoanalyses\.com" 1;
    "~*seoexperimenty\.ru" 1;
    "~*seokicks\.de" 1;
    "~*seopub\.net" 1;
    "~*setioweb\.com" 1;
    "~*sexyali\.com" 1;
    "~*sharebutton\.net" 1;
    "~*sharebutton\.to" 1;
    "~*shop\.xz618\.com" 1;
    "~*sibecoprom\.ru" 1;
    "~*simple-share-buttons\.com" 1;
    "~*siteripz\.net" 1;
    "~*sitevaluation\.com" 1;
    "~*sitevaluation\.org" 1;
    "~*sklad-24\.ru" 1;
    "~*sledstvie-veli\.net" 1;
    "~*slftsdybbg\.ru" 1;
    "~*slkrm\.ru" 1;
    "~*smailik\.org" 1;
    "~*soaksoak\.ru" 1;
    "~*social-buttons\.com" 1;
    "~*socialseet\.ru" 1;
    "~*softomix\.com" 1;
    "~*softomix\.net" 1;
    "~*softomix\.org" 1;
    "~*softomix\.ru" 1;
    "~*sohoindia\.net" 1;
    "~*solnplast\.ru" 1;
    "~*sonyelektronik\.com" 1;
    "~*sosdepotdebilan\.com" 1;
    "~*soundfrost\.org" 1;
    "~*spb\.afora\.ru" 1;
    "~*spravka130\.ru" 1;
    "~*srecorder\.com" 1;
    "~*steame\.ru" 1;
    "~*streha-metalko\.si" 1;
    "~*success-seo\.com" 1;
    "~*superiends\.org" 1;
    "~*susanholtphotography\.com" 1;
    "~*taihouse\.ru" 1;
    "~*tastyfoodideas\.com" 1;
    "~*tattooha\.com" 1;
    "~*teastory\.co" 1;
    "~*tedxrj\.com" 1;
    "~*thecoral\.com\.br" 1;
    "~*theguardlan\.com" 1;
    "~*thepokertimer\.com" 1;
    "~*tomck\.com" 1;
    "~*torture\.ml" 1;
    "~*touchmods\.fr" 1;
    "~*traffic2money\.com" 1;
    "~*trafficmonetize\.org" 1;
    "~*trafficmonetizer\.org" 1;
    "~*trion\.od\.au" 1;
    "~*twincitiescarservice\.com" 1;
    "~*uasb\.ru" 1;
    "~*uni\.me" 1;
    "~*urlopener\.blogspot\.com\.au" 1;
    "~*uzungil\.com" 1;
    "~*vapmedia\.org" 1;
    "~*video--production\.com" 1;
    "~*video-woman\.com" 1;
    "~*videofrost\.com" 1;
    "~*videofrost\.net" 1;
    "~*videos-for-your-business\.com" 1;
    "~*viel\.su" 1;
    "~*viktoria-center\.ru" 1;
    "~*vodaodessa\.com" 1;
    "~*vodkoved\.ru" 1;
    "~*web-betting\.ru" 1;
    "~*webmaster-traffic\.com" 1;
    "~*webmonetizer\.net" 1;
    "~*website-errors-scanner\.com" 1;
    "~*websites-reviews\.com" 1;
    "~*websocial\.me" 1;
    "~*williamrobsonproperty\.com" 1;
    "~*wmasterlead\.com" 1;
    "~*xn--80adgcaax6acohn6r\.xn--p1ai" 1;
    "~*xn--c1acygb\.xn--p1ai" 1;
    "~*xn--q1a\.xn--b1aube0e\.xn--c1acygb\.xn--p1ai" 1;
    "~*ykecwqlixx\.ru" 1;
    "~*youporn-forum\.ga" 1;
    "~*youporn-forum\.uni\.me" 1;
    "~*youporn-ru\.com" 1;
    "~*yourserverisdown\.com" 1;
    "~*youtubedownload\.org" 1;
    "~*yurgorod\.ru" 1;
    "~*zastroyka\.org" 1;
    "~*zazagames\.org" 1;
    "~*zverokruh-shop\.cz" 1;
}

## nginx.init.sls
nginx.dotdeb.repo:
  pkgrepo.managed:
    - order: 1
    - humanname: Dotdeb
    - name: deb http://packages.dotdeb.org {{ salt['grains.get']('oscodename') }} all
    - dist: {{ salt['grains.get']('oscodename') }}
    - file: /etc/apt/sources.list.d/dotbeb.list
    - keyid: 89DF5277
    - keyserver: keys.gnupg.net
    - refresh_db: true

nginx:
  pkg.installed:
    - fromrepo: {{ salt['grains.get']('oscodename') }}
    - pkgs:
      - nginx-extras
      - nginx-common

/etc/nginx/nginx.conf:
  file.managed:
{% if grains.get('application') == 'wordpress' %}
    - source: salt://nginx/files/etc/nginx/nginx-wordpress.conf.jinja
{% elif grains.get('application') == 'toran' %}
    - source: salt://nginx/files/etc/nginx/nginx-toran.conf.jinja
{% elif grains.get('application') == 'magento' %}
    - source: salt://nginx/files/etc/nginx/nginx-magento.conf.jinja
{% elif grains.get('application') == 'whmcs' %}
    - source: salt://nginx/files/etc/nginx/nginx-whmcs.conf.jinja
{% endif %}
    - template: jinja
    - user: root
    - group: root
    - mode: 640

/etc/nginx/pagespeed.conf:
  file.managed:
    - source: salt://nginx/files/etc/nginx/pagespeed.conf
    - user: root
    - group: root
    - mode: 640

/var/www/nginx/referral-spam.conf:
  file.managed:
    - source: salt://nginx/files/var/www/nginx/referral-spam.conf
    - user: deploy
    - group: www-data
    - mode: 640
    - makedirs: True

/var/www/{{ salt['grains.get']('domain') }}:
  file.directory:
    - user: deploy
    - group: www-data
    - file_mode: 0660
    - dir_mode: 2775
    - recurse:
      - user
      - group
      - mode

/var/www/{{ grains['domain'] }}/shared/log:
  file.directory:
    - makedirs: true
    - user: deploy
    - group: www-data
    - dir_mode: 2775
    - recurse:
      - user
      - group
      - mode

/var/www/nginx/{{ grains['domain'] }}.conf:
  file.managed:
{% if grains.get('application') == 'wordpress' %}
    - source: salt://nginx/files/var/www/nginx/nginx-wordpress.conf.jinja
{% elif grains.get('application') == 'toran' %}
    - source: salt://nginx/files/var/www/nginx/nginx-toran.conf.jinja
{% elif grains.get('application') == 'magento' %}
    - source: salt://nginx/files/var/www/nginx/nginx-magento.conf.jinja
{% elif grains.get('application') == 'whmcs' %}
    - source: salt://nginx/files/var/www/nginx/nginx-whmcs.conf.jinja
{% endif %}
    - template: jinja
    - user: deploy
    - group: www-data
    - mode: 0660
    - makedirs: True

/home/deploy/{{ grains['domain'] }}:
  file.symlink:
    - target: /var/www/{{ grains['domain'] }}

delete-default-site:
  file.absent:
    - name: /etc/nginx/sites-enabled/default

delete-default-directory:
  file.absent:
    - name: /var/www/html
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 1024;
	multi_accept on;
	use epoll;
	}

	http {
	{% if grains.get('environment') == 'production' %}
	include /etc/nginx/pagespeed.conf;
	{% endif %}
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	reset_timedout_connection on;
	# server_tokens off;
	add_header rt-Fastcgi-Cache $upstream_cache_status;

	# memcached servers, generated according to wp-ffpc config
	upstream memcached-servers {
	server 127.0.0.1:11211;

	}

	# PHP-FPM upstream; change it accordingly to your local config!
	upstream php-fpm {
	server 127.0.0.1:9000;
	}

	open_file_cache max=10000 inactive=5m;
	open_file_cache_valid 2m;
	open_file_cache_min_uses 1;
	open_file_cache_errors on;

	fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m inactive=20m;
	fastcgi_cache_key "$scheme$request_method$host$request_uri";
	fastcgi_cache_use_stale error timeout invalid_header http_500;
	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

	server_names_hash_bucket_size 64;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	include /etc/nginx/conf.d/*.conf;
	include /var/www/nginx/*.conf;
	}
	# Enable ngx_pagespeed
	pagespeed on;
	pagespeed FileCachePath /var/ngx_pagespeed_cache; # Use tmpfs for best results.

	pagespeed Statistics on;
	pagespeed StatisticsLogging on;
	pagespeed MessageBufferSize 100000;
	pagespeed LogDir /var/log/pagespeed;

	pagespeed StatisticsPath /ngx_pagespeed_statistics;
	pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics;
	pagespeed MessagesPath /ngx_pagespeed_message;
	pagespeed ConsolePath /pagespeed_console;
	pagespeed AdminPath /pagespeed_admin;
	pagespeed GlobalAdminPath /pagespeed_global_admin;

	pagespeed EnableCachePurge on;

	# disable CoreFilters
	#pagespeed RewriteLevel OptimizeForBandwidth;
	#pagespeed RewriteLevel PassThrough;
	pagespeed RewriteLevel CoreFilters;

	# improve resource cacheability
	pagespeed EnableFilters extend_cache;

	# pre-solve DNS lookup
	pagespeed EnableFilters insert_dns_prefetch;

	# enable Collapse whitespace filter
	pagespeed EnableFilters collapse_whitespace;

	# remove comments
	pagespeed EnableFilters remove_comments;

	# Rewrite, resize and recompress images
	pagespeed EnableFilters rewrite_images;
	pagespeed EnableFilters convert_jpeg_to_progressive;
	pagespeed EnableFilters recompress_images;
	pagespeed DisableFilters insert_image_dimensions;

	# Defer and minify and inline Javascript
	pagespeed EnableFilters rewrite_javascript;
	pagespeed EnableFilters combine_javascript;

	# insert contents of small external JS into the HTML doc
	pagespeed EnableFilters inline_javascript;
	pagespeed JsInlineMaxBytes 500;

	pagespeed DisableFilters defer_javascript;
	pagespeed DisableFilters canonicalize_javascript_libraries;

	# combine multiple CSS files into one
	#pagespeed DisableFilters combine_css;
	#pagespeed EnableFilters combine_css;

	# rewrite CSS to load page-rendering CSS rules first.
	#pagespeed EnableFilters prioritize_critical_css;

	# Inline and minimize css
	#pagespeed EnableFilters rewrite_css;
	#pagespeed EnableFilters fallback_rewrite_css_urls;

	# Loads CSS faster
	#pagespeed EnableFilters move_css_above_scripts;
	#pagespeed EnableFilters move_css_to_head;

	# flatten CSS files by replacing @import with the imported file
	pagespeed EnableFilters flatten_css_imports;
	pagespeed CssFlattenMaxBytes 5120;

	# defer the loading of images which are not visible to the client
	#pagespeed DisableFilters lazyload_images;

	# remove tags with default attributes
	#pagespeed EnableFilters elide_attributes;

	# inlines a small loader CSS into the webpage
	pagespeed EnableFilters inline_google_font_css;

	pagespeed FetchWithGzip on;
	gzip on;
	gzip_vary on;
	# Turn on gzip for all content types that should benefit from it.
	gzip_types application/ecmascript;
	gzip_types application/javascript;
	gzip_types application/json;
	gzip_types application/pdf;
	gzip_types application/postscript;
	gzip_types application/x-javascript;
	gzip_types image/svg+xml;
	gzip_types text/css;
	gzip_types text/csv;
	# "gzip_types text/html" is assumed.
	gzip_types text/javascript;
	gzip_types text/plain;
	gzip_types text/xml;

	gzip_http_version 1.0;

	# To enable Varnish
	#pagespeed DownstreamCachePurgeLocationPrefix http://127.0.0.1:80;
	#pagespeed DownstreamCachePurgeMethod PURGE;
	#pagespeed DownstreamCacheRewrittenPercentageThreshold 95;
	#pagespeed DownstreamCacheRebeaconingKey Kgy8igJHvgjvghCVfcfhtcTHCFhc;
	server {
	{% if salt["pillar.get"]('sites:'~grains['domain']~':SSL') == 'On' %}
	listen 443 ssl;
	listen 80;
	{% else %}
	listen 80;
	listen [::]:80 ipv6only=on;
	{% endif %}

	{% if grains.get('environment') == 'production' %}
	{% if salt["pillar.get"]('sites:'~grains['domain']~':nginx-redirect') == 'True' %}
	server_name www.{{ grains['domain'] }};
	{% else %}
	server_name {{ grains['domain'] }};
	{% endif %}
	{% endif %}

	{% if grains.get('environment') == 'staging' %}
	server_name staging.{{ grains['domain'] }};
	{% endif %}

	{% if salt["pillar.get"]('sites:'~grains['domain']~':SSL') == 'On' %}
	ssl_certificate /etc/nginx/ssl/{{ grains['domain'] }}-chained.crt;
	ssl_certificate_key /etc/nginx/ssl/{{ grains['domain'] }}.key;
	{% endif %}

	access_log /var/www/{{ grains['domain'] }}/shared/log/access.log;
	error_log /var/www/{{ grains['domain'] }}/shared/log/error.log;
	root /var/www/{{ grains['domain'] }}/current/web/;
	index index.php;

	#include /var/www/{{ grains['domain'] }}/shared/system/nginx.conf;

	set $skip_cache 0;

	client_max_body_size 10m;
	client_body_buffer_size 128k;
	client_header_buffer_size 64k;
	server_name_in_redirect off;
	port_in_redirect off;

	{% if grains.get('environment') == 'production' %}
	set $cache_uri $request_uri;

	# let's speed up PageSpeed by storing it in the super duper fast memcached
	pagespeed MemcachedThreads 1;
	pagespeed MemcachedServers "localhost:11211";
	{% endif %}

	# POST requests and urls with a query string should always go to PHP
	if ($request_method = POST) {
	set $cache_uri 'null cache';
	set $skip_cache 1;
	}
	if ($query_string != "") {
	set $cache_uri 'null cache';
	set $skip_cache 1;
	}

	# Don't cache uris containing the following segments
	if ($request_uri ~* "(/wp-admin/\|/wp/wp-admin/\|/xmlrpc.php\|/wp-(app\|cron\|login\|register\|mail).php\|wp-.*.php\|/feed/\|index.php\|wp-comments-popup.php\|wp-links-opml.php\|wp-locations.php\|sitemap(_index)?.xml\|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
	set $cache_uri 'null cache';
	set $skip_cache 1;
	}

	# Don't use the cache for logged in users or recent commenters
	if ($http_cookie ~* "comment_author\|wordpress_[a-f0-9]+\|wp-postpass\|wordpress_no_cache\|wordpress_logged_in") {
	set $skip_cache 1;
	}

	{% if grains.get('environment') == 'production' %}
	location ~ "^/ngx_pagespeed_static/" { }
	location ~ "^/ngx_pagespeed_beacon$" { }
	location /ngx_pagespeed_statistics { allow 121.97.199.55; deny all; }
	location /ngx_pagespeed_global_statistics { allow 121.97.199.55; deny all; }
	location /ngx_pagespeed_message { allow 121.97.199.55; deny all; }
	location /pagespeed_console { allow 121.97.199.55; deny all; }
	location ~ ^/pagespeed_admin { allow 121.97.199.55; deny all; }
	location ~ ^/pagespeed_global_admin { allow 121.97.199.55; deny all; }

	# Ensure requests for pagespeed optimized resources go to the pagespeed handler
	# and no extraneous headers get set.
	location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; }
	{% endif %}

	if (!-e $request_filename)
	{
	rewrite ^(.+)$ /index.php?q=$1 last;
	}

	{% if grains.get('environment') == 'production' %}
	# try to get result from memcached
	location @memcached {
	default_type text/html;
	set $memcached_key data-$scheme://$host$request_uri;
	set $memcached_request 1;

	# exceptions
	# avoid cache serve of POST requests
	if ($request_method = POST ) {
	set $memcached_request 0;
	set $skip_cache 1;
	}

	# avoid cache serve of wp-admin-like pages, starting with "wp-"
	if ( $uri ~ "/wp-" ) {
	set $memcached_request 0;
	set $skip_cache 1;
	}

	# avoid cache serve of any URL with query strings
	if ( $args ) {
	set $memcached_request 0;
	}


	if ($http_cookie ~* "comment_author_\|wordpressuser_\|wp-postpass_\|wordpress_logged_in_" ) {
	set $memcached_request 0;
	set $skip_cache 1;
	}


	if ( $memcached_request = 1) {

	memcached_pass memcached-servers;
	error_page 404 = @rewrites;
	}

	if ( $memcached_request = 0) {
	rewrite ^ /index.php last;
	}
	}

	## rewrite rules
	location @rewrites {
	add_header X-Cache-Engine "";
	rewrite ^ /index.php last;
	}
	{% endif %}

	# Rewrites for WordPress SEO XML Sitemap
	rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

	location ~ /nginx.conf { deny all; access_log off; log_not_found off; }
	location = /favicon.ico { allow all; log_not_found off; access_log off;}
	location = /robots.txt { allow all; log_not_found off; access_log off; }
	location ~ /\. { access_log off; log_not_found off; deny all; }


	{% if grains.get('environment') == 'production' %}
	# Cache static files for as long as possible
	location ~* .(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|css\|rss\|atom\|js\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	expires max; log_not_found off; access_log off;
	}
	{% endif %}

	location ~ \.php$ {
	try_files $uri = 404;
	fastcgi_pass 127.0.0.1:9000;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param QUERY_STRING $args;
	fastcgi_connect_timeout 60;
	fastcgi_keep_conn on;
	fastcgi_send_timeout 180;
	fastcgi_read_timeout 180;
	fastcgi_buffer_size 512k;
	fastcgi_buffers 4 256k;
	fastcgi_busy_buffers_size 512k;
	fastcgi_temp_file_write_size 512k;
	fastcgi_hide_header 'X-Generator';
	fastcgi_index index.php;
	fastcgi_param SERVER_PORT 80;
	fastcgi_cache_bypass $skip_cache;
	fastcgi_no_cache $skip_cache;
	fastcgi_cache WORDPRESS;
	fastcgi_cache_valid 60m;
	error_page 405 = $uri;
	}

	{% if grains.get('environment') == 'production' %}
	location ~ /purge(/.*) {
	fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
	}

	# Uses referral-spam.conf from https://github.com/Stevie-Ray/apache-nginx-referral-spam-blacklist
	if ($bad_referer) {
	return 444;
	}
	{% endif %}
	}
	{% if salt["pillar.get"]('sites:'~grains['domain']~':nginx-redirect') == 'True' %}
	server {
	listen [::]:80;
	server_name {{ grains['domain'] }};
	return 301 $scheme://www.{{ grains['domain'] }}$request_uri;
	}
	{% endif %}
	{% if salt["pillar.get"]('sites:'~grains['domain']~':nginx-redirect') == 'False' %}
	server {
	listen [::]:80;
	server_name www.{{ grains['domain'] }};
	return 301 $scheme://{{ grains['domain'] }}$request_uri;
	}
	{% endif %}
	# https://github.com/Stevie-Ray/apache-nginx-referral-spam-blacklist
	# Updated 2015-10-06
	#
	# /etc/nginx/referral-spam.conf
	#
	# With referral-spam.conf in /etc/nginx, include it globally from within /etc/nginx/nginx.conf:
	#
	# include referral-spam.conf;
	#
	# Add the following to each /etc/nginx/site-available/your-site.conf that needs protection:
	#
	# server {
	# if ($bad_referer) {
	# return 444;
	# }
	# }
	#
	map $http_referer $bad_referer {
	default 0;

	"~*0n-line\.tv" 1;
	"~*100dollars-seo\.com" 1;
	"~*12masterov\.com" 1;
	"~*1pamm\.ru" 1;
	"~*4webmasters\.org" 1;
	"~*5forex\.ru" 1;
	"~*76brighton\.com" 1;
	"~*7makemoneyonline\.com" 1;
	"~*7zap\.com" 1;
	"~*abovetherivernc\.com" 1;
	"~*acads\.net" 1;
	"~*acunetix-referrer\.com" 1;
	"~*adcash\.com" 1;
	"~*addons\.mozilla\.org/en-US/firefox/addon/ilovevitaly" 1;
	"~*adelly\.bg" 1;
	"~*adspart\.com" 1;
	"~*adventureparkcostarica\.com" 1;
	"~*adviceforum\.info" 1;
	"~*advokateg\.co" 1;
	"~*advokateg\.com" 1;
	"~*advokateg\.ru" 1;
	"~*affordablewebsitesandmobileapps\.com" 1;
	"~*afora\.ru" 1;
	"~*akuhni\.by" 1;
	"~*alessandraleone\.com" 1;
	"~*alfa9\.com" 1;
	"~*alibestsale.com" 1;
	"~*allknow\.info" 1;
	"~*allnews\.md" 1;
	"~*allwomen\.info" 1;
	"~*alpharma\.net" 1;
	"~*altermix\.ua" 1;
	"~*amanda-porn\.ga" 1;
	"~*amt-k\.ru" 1;
	"~*anapa-inns\.ru" 1;
	"~*android-style\.com" 1;
	"~*anticrawler\.org" 1;
	"~*aosheng-tech\.com" 1;
	"~*arendakvartir\.kz" 1;
	"~*arkkivoltti\.net" 1;
	"~*artparquet\.ru" 1;
	"~*aruplighting\.com" 1;
	"~*audiobangout\.com" 1;
	"~*autovideobroadcast\.com" 1;
	"~*aviva-limoux\.com" 1;
	"~*avkzarabotok\.com" 1;
	"~*avkzarabotok\.info" 1;
	"~*azartclub\.org" 1;
	"~*bablonow\.ru" 1;
	"~*backgroundpictures\.net" 1;
	"~*baixar-musicas-gratis\.com" 1;
	"~*baladur\.ru" 1;
	"~*balitouroffice\.com" 1;
	"~*bard-real\.com\.ua" 1;
	"~*bbtec\.net" 1;
	"~*best-seo-offer\.com" 1;
	"~*best-seo-software\.xyz" 1;
	"~*best-seo-solution\.com" 1;
	"~*bestmobilityscooterstoday\.com" 1;
	"~*bestwebsitesawards\.com" 1;
	"~*bif-ru\.info" 1;
	"~*biglistofwebsites\.com" 1;
	"~*billiard-classic\.com\.ua" 1;
	"~*bioca\.org" 1;
	"~*bizru\.info" 1;
	"~*bkns\.vn" 1;
	"~*blackhatworth\.com" 1;
	"~*blackle\.com" 1;
	"~*blogtotal\.de" 1;
	"~*blue-square\.biz" 1;
	"~*bluerobot\.info" 1;
	"~*boleznikogi\.com" 1;
	"~*bookmark4you\.biz" 1;
	"~*bookmark4you\.com" 1;
	"~*brakehawk\.com" 1;
	"~*break-the-chains\.com" 1;
	"~*bristolhostel\.com" 1;
	"~*bristolhotel\.com" 1;
	"~*bristolhotel\.com\.ua" 1;
	"~*brk-rti\.ru" 1;
	"~*brothers-smaller\.ru" 1;
	"~*budmavtomatika\.com\.ua" 1;
	"~*burger-imperia\.com" 1;
	"~*buttons-for-website\.com" 1;
	"~*buttons-for-your-website\.com" 1;
	"~*buy-cheap-online\.info" 1;
	"~*buy-forum\.ru" 1;
	"~*buyantiviralwp\.com" 1;
	"~*buypharmacydrug\.com" 1;
	"~*callejondelpozo\.es" 1;
	"~*cardiosport\.com\.ua" 1;
	"~*cartechnic\.ru" 1;
	"~*cbcseward\.com" 1;
	"~*cenokos\.ru" 1;
	"~*cenoval\.ru" 1;
	"~*cezartabac\.ro" 1;
	"~*cherrypointplace\.ca" 1;
	"~*cherubinimobili\.it" 1;
	"~*chinese-amezon\.com" 1;
	"~*ci\.ua" 1;
	"~*cityadspix\.com" 1;
	"~*civilwartheater\.com" 1;
	"~*clicksor\.com" 1;
	"~*clmforexeu\.com" 1;
	"~*coderstate\.com" 1;
	"~*codysbbq\.com" 1;
	"~*conciergegroup\.org" 1;
	"~*connectikastudio\.com" 1;
	"~*constantaservice\.net" 1;
	"~*covadhosting\.biz" 1;
	"~*cubook\.supernew\.org" 1;
	"~*customsua\.com\.ua" 1;
	"~*dailyrank\.net" 1;
	"~*darodar\.com" 1;
	"~*delfin-aqua\.com\.ua" 1;
	"~*demenageur\.com" 1;
	"~*depositfiles-porn\.com" 1;
	"~*descargar-musica-gratis\.net" 1;
	"~*detskie-konstruktory\.ru" 1;
	"~*dipstar\.org" 1;
	"~*djekxa\.ru" 1;
	"~*dojki-hd\.com" 1;
	"~*domination\.ml" 1;
	"~*doska-vsem\.ru" 1;
	"~*dostavka-v-krym\.com" 1;
	"~*drupa\.com" 1;
	"~*dvr\.biz\.ua" 1;
	"~*e-buyeasy\.com" 1;
	"~*e-kwiaciarz\.pl" 1;
	"~*ecomp3\.ru" 1;
	"~*econom\.co" 1;
	"~*edakgfvwql\.ru" 1;
	"~*edelstahlschornstein-123\.de" 1;
	"~*egovaleo\.it" 1;
	"~*ekto\.ee" 1;
	"~*elitesportsadvisor\.com" 1;
	"~*elmifarhangi\.com" 1;
	"~*embedle\.com" 1;
	"~*erot\.co" 1;
	"~*escort-russian\.com" 1;
	"~*este-line\.com\.ua" 1;
	"~*euromasterclass\.ru" 1;
	"~*europages\.com\.ru" 1;
	"~*eurosamodelki\.ru" 1;
	"~*event-tracking\.com" 1;
	"~*extener\.com" 1;
	"~*extremez\.net" 1;
	"~*family1st\.ca" 1;
	"~*fbdownloader\.com" 1;
	"~*fbfreegifts\.com" 1;
	"~*feedouble\.com" 1;
	"~*feedouble\.net" 1;
	"~*filmetricsasia\.com" 1;
	"~*fitness-video\.net" 1;
	"~*fiverr\.com" 1;
	"~*floating-share-buttons\.com" 1;
	"~*forex-procto\.ru" 1;
	"~*forsex\.info" 1;
	"~*forum69\.info" 1;
	"~*foxtechfpv\.com" 1;
	"~*free-floating-buttons\.com" 1;
	"~*free-share-buttons\.com" 1;
	"~*free-social-buttons\.com" 1;
	"~*freeseedsonline\.com" 1;
	"~*freewhatsappload\.com" 1;
	"~*fsalas\.com" 1;
	"~*ftns\.ru" 1;
	"~*fungirlsgames\.net" 1;
	"~*funnypica\.com" 1;
	"~*generalporn\.org" 1;
	"~*germes-trans\.com" 1;
	"~*get-free-social-traffic\.com" 1;
	"~*get-free-traffic-now\.com" 1;
	"~*girlporn\.ru" 1;
	"~*gkvector\.ru" 1;
	"~*glavprofit\.ru" 1;
	"~*gobongo\.info" 1;
	"~*goodprotein\.ru" 1;
	"~*googlsucks\.com" 1;
	"~*gototal\.co\.nz" 1;
	"~*guardlink\.(com?\|org)" 1;
	"~*h2monline\.com" 1;
	"~*handicapvantoday\.com" 1;
	"~*hazardky\.net" 1;
	"~*hol\.es" 1;
	"~*hongfanji\.com" 1;
	"~*hostcritique\.com" 1;
	"~*hostingclub\.lk" 1;
	"~*houseofrose\.com" 1;
	"~*howopen\.ru" 1;
	"~*howtostopreferralspam\.eu" 1;
	"~*hulfingtonpost\.com" 1;
	"~*humanorightswatch\.org" 1;
	"~*hundejo\.com" 1;
	"~*hvd-store\.com" 1;
	"~*ico\.re" 1;
	"~*igru-xbox\.net" 1;
	"~*iloveitaly\.ro" 1;
	"~*iloveitaly\.ru" 1;
	"~*ilovevitaly\.co" 1;
	"~*ilovevitaly\.com" 1;
	"~*ilovevitaly\.info" 1;
	"~*ilovevitaly\.org" 1;
	"~*ilovevitaly\.ro" 1;
	"~*ilovevitaly\.ru" 1;
	"~*iminent\.com" 1;
	"~*imperiafilm\.ru" 1;
	"~*inboxdollars\.com" 1;
	"~*intermesh\.net" 1;
	"~*investpamm\.ru" 1;
	"~*invivo\.hu" 1;
	"~*iskalko\.ru" 1;
	"~*ispaniya-costa-blanca\.ru" 1;
	"~*istanbulit\.com" 1;
	"~*it-max\.com\.ua" 1;
	"~*itronics\.ca" 1;
	"~*itsdp3\.com" 1;
	"~*jasonpartington\.com" 1;
	"~*jjbabskoe\.ru" 1;
	"~*joinandplay\.me" 1;
	"~*joingames\.org" 1;
	"~*justprofit\.xyz" 1;
	"~*jwss\.cc" 1;
	"~*kabbalah-red-bracelets\.com" 1;
	"~*kambasoft\.com" 1;
	"~*kazrent\.com" 1;
	"~*kino-fun\.ru" 1;
	"~*kino-key\.info" 1;
	"~*kinopolet\.net" 1;
	"~*knigonosha\.net" 1;
	"~*konkursov\.net" 1;
	"~*kosova\.de" 1;
	"~*laxdrills\.com" 1;
	"~*leadwayau\.com" 1;
	"~*littleberry\.ru" 1;
	"~*livefixer\.com" 1;
	"~*lmrauction\.com" 1;
	"~*lol-smurfs\.com" 1;
	"~*lombia\.co" 1;
	"~*lombia\.com" 1;
	"~*lumb\.co" 1;
	"~*luxup\.ru" 1;
	"~*m1media\.net" 1;
	"~*mainlinehobby\.net" 1;
	"~*makemoneyonline\.com" 1;
	"~*malls\.com" 1;
	"~*manualterap\.roleforum\.ru" 1;
	"~*maridan\.com\.au" 1;
	"~*masterseek\.com" 1;
	"~*maxthon\.com" 1;
	"~*mebelcomplekt\.ru" 1;
	"~*mebeldekor\.com\.au" 1;
	"~*med-zdorovie\.com\.au" 1;
	"~*medi-fitt\.hu" 1;
	"~*medicovi\.com" 1;
	"~*medispainstitute\.com\.au" 1;
	"~*meendo-free-traffic\.ga" 1;
	"~*mericanmopedstore\.com" 1;
	"~*micasainvest\.com" 1;
	"~*microsearch\.ru" 1;
	"~*minegam\.com" 1;
	"~*mini\.7zap\.com" 1;
	"~*mir-betting\.ru" 1;
	"~*mirobuvi\.com\.au" 1;
	"~*mirtorrent\.net" 1;
	"~*mobilemedia\.md" 1;
	"~*motion-interactive\.com" 1;
	"~*mountainstream\.ms" 1;
	"~*moyakuhnia\.ru" 1;
	"~*mpftpupload\.com" 1;
	"~*mrmoneymustache\.com" 1;
	"~*msk\.afora\.ru" 1;
	"~*muscle-factory\.com\.au" 1;
	"~*musicas\.baixar-musicas-gratis\.com" 1;
	"~*musicprojectfoundation\.com" 1;
	"~*myprintscreen\.com" 1;
	"~*nate\.com" 1;
	"~*niki-mlt\.ru" 1;
	"~*notaria-desalas\.com" 1;
	"~*noumeda\.com" 1;
	"~*novosti-hi-tech\.ru" 1;
	"~*o-o-6-o-o\.com" 1;
	"~*o-o-6-o-o\.ru" 1;
	"~*o-o-8-o-o\.com" 1;
	"~*o-o-8-o-o\.ru" 1;
	"~*offers\.bycontext\.com" 1;
	"~*online-hit\.info" 1;
	"~*onlywoman\.org" 1;
	"~*ooo-olni\.ru" 1;
	"~*openfrost\.com" 1;
	"~*openmediasoft\.com" 1;
	"~*osoznanie-narkotikam\.net" 1;
	"~*ozas\.net" 1;
	"~*palvira\.com\.au" 1;
	"~*paparazzistudios\.com\.au" 1;
	"~*petrovka-online\.com" 1;
	"~*photokitchendesign\.com" 1;
	"~*pizza-tycoon\.com" 1;
	"~*pochemychka\.net" 1;
	"~*poisk-zakona\.ru" 1;
	"~*pornhub-forum\.ga" 1;
	"~*pornhub-forum\.uni\.me" 1;
	"~*pornhub-ru\.com" 1;
	"~*pornoforadult\.com" 1;
	"~*portnoff\.od\.au" 1;
	"~*powitania\.pl" 1;
	"~*pozdravleniya-c\.ru" 1;
	"~*priceg\.com" 1;
	"~*pricheski-video\.com" 1;
	"~*princeadvantagesales\.com" 1;
	"~*prlog\.ru" 1;
	"~*producm\.ru" 1;
	"~*prodvigator\.au" 1;
	"~*prohoster\.info" 1;
	"~*prointer\.net\.au" 1;
	"~*promoforum\.ru" 1;
	"~*psa48\.ru" 1;
	"~*putitin\.me" 1;
	"~*pyrodesigns\.com\.au" 1;
	"~*qualitymarketzone\.com" 1;
	"~*qwesa\.ru" 1;
	"~*rankings-analytics\.com" 1;
	"~*ranksonic\.info" 1;
	"~*ranksonic\.org" 1;
	"~*rapidgator-porn\.ga" 1;
	"~*rcb101\.ru" 1;
	"~*realting-moscow\.ru" 1;
	"~*rednise\.com" 1;
	"~*rentalmaty\.kz" 1;
	"~*research\.ifmo\.ru" 1;
	"~*resellerclub\.com" 1;
	"~*retreatia\.com" 1;
	"~*reversing\.cc" 1;
	"~*rightenergysolutions\.com\.au" 1;
	"~*rospromtest\.ru" 1;
	"~*sady-urala\.ru" 1;
	"~*salutmontreal\.com" 1;
	"~*sanjosestartups\.com" 1;
	"~*savetubevideo\.com" 1;
	"~*screentoolkit\.com" 1;
	"~*search-error\.com" 1;
	"~*semalt\.com" 1;
	"~*semaltmedia\.com" 1;
	"~*seo-platform\.com" 1;
	"~*seo-smm\.kz" 1;
	"~*seoanalyses\.com" 1;
	"~*seoexperimenty\.ru" 1;
	"~*seokicks\.de" 1;
	"~*seopub\.net" 1;
	"~*setioweb\.com" 1;
	"~*sexyali\.com" 1;
	"~*sharebutton\.net" 1;
	"~*sharebutton\.to" 1;
	"~*shop\.xz618\.com" 1;
	"~*sibecoprom\.ru" 1;
	"~*simple-share-buttons\.com" 1;
	"~*siteripz\.net" 1;
	"~*sitevaluation\.com" 1;
	"~*sitevaluation\.org" 1;
	"~*sklad-24\.ru" 1;
	"~*sledstvie-veli\.net" 1;
	"~*slftsdybbg\.ru" 1;
	"~*slkrm\.ru" 1;
	"~*smailik\.org" 1;
	"~*soaksoak\.ru" 1;
	"~*social-buttons\.com" 1;
	"~*socialseet\.ru" 1;
	"~*softomix\.com" 1;
	"~*softomix\.net" 1;
	"~*softomix\.org" 1;
	"~*softomix\.ru" 1;
	"~*sohoindia\.net" 1;
	"~*solnplast\.ru" 1;
	"~*sonyelektronik\.com" 1;
	"~*sosdepotdebilan\.com" 1;
	"~*soundfrost\.org" 1;
	"~*spb\.afora\.ru" 1;
	"~*spravka130\.ru" 1;
	"~*srecorder\.com" 1;
	"~*steame\.ru" 1;
	"~*streha-metalko\.si" 1;
	"~*success-seo\.com" 1;
	"~*superiends\.org" 1;
	"~*susanholtphotography\.com" 1;
	"~*taihouse\.ru" 1;
	"~*tastyfoodideas\.com" 1;
	"~*tattooha\.com" 1;
	"~*teastory\.co" 1;
	"~*tedxrj\.com" 1;
	"~*thecoral\.com\.br" 1;
	"~*theguardlan\.com" 1;
	"~*thepokertimer\.com" 1;
	"~*tomck\.com" 1;
	"~*torture\.ml" 1;
	"~*touchmods\.fr" 1;
	"~*traffic2money\.com" 1;
	"~*trafficmonetize\.org" 1;
	"~*trafficmonetizer\.org" 1;
	"~*trion\.od\.au" 1;
	"~*twincitiescarservice\.com" 1;
	"~*uasb\.ru" 1;
	"~*uni\.me" 1;
	"~*urlopener\.blogspot\.com\.au" 1;
	"~*uzungil\.com" 1;
	"~*vapmedia\.org" 1;
	"~*video--production\.com" 1;
	"~*video-woman\.com" 1;
	"~*videofrost\.com" 1;
	"~*videofrost\.net" 1;
	"~*videos-for-your-business\.com" 1;
	"~*viel\.su" 1;
	"~*viktoria-center\.ru" 1;
	"~*vodaodessa\.com" 1;
	"~*vodkoved\.ru" 1;
	"~*web-betting\.ru" 1;
	"~*webmaster-traffic\.com" 1;
	"~*webmonetizer\.net" 1;
	"~*website-errors-scanner\.com" 1;
	"~*websites-reviews\.com" 1;
	"~*websocial\.me" 1;
	"~*williamrobsonproperty\.com" 1;
	"~*wmasterlead\.com" 1;
	"~*xn--80adgcaax6acohn6r\.xn--p1ai" 1;
	"~*xn--c1acygb\.xn--p1ai" 1;
	"~*xn--q1a\.xn--b1aube0e\.xn--c1acygb\.xn--p1ai" 1;
	"~*ykecwqlixx\.ru" 1;
	"~*youporn-forum\.ga" 1;
	"~*youporn-forum\.uni\.me" 1;
	"~*youporn-ru\.com" 1;
	"~*yourserverisdown\.com" 1;
	"~*youtubedownload\.org" 1;
	"~*yurgorod\.ru" 1;
	"~*zastroyka\.org" 1;
	"~*zazagames\.org" 1;
	"~*zverokruh-shop\.cz" 1;
	}
	nginx.dotdeb.repo:
	pkgrepo.managed:
	- order: 1
	- humanname: Dotdeb
	- name: deb http://packages.dotdeb.org {{ salt['grains.get']('oscodename') }} all
	- dist: {{ salt['grains.get']('oscodename') }}
	- file: /etc/apt/sources.list.d/dotbeb.list
	- keyid: 89DF5277
	- keyserver: keys.gnupg.net
	- refresh_db: true

	nginx:
	pkg.installed:
	- fromrepo: {{ salt['grains.get']('oscodename') }}
	- pkgs:
	- nginx-extras
	- nginx-common

	/etc/nginx/nginx.conf:
	file.managed:
	{% if grains.get('application') == 'wordpress' %}
	- source: salt://nginx/files/etc/nginx/nginx-wordpress.conf.jinja
	{% elif grains.get('application') == 'toran' %}
	- source: salt://nginx/files/etc/nginx/nginx-toran.conf.jinja
	{% elif grains.get('application') == 'magento' %}
	- source: salt://nginx/files/etc/nginx/nginx-magento.conf.jinja
	{% elif grains.get('application') == 'whmcs' %}
	- source: salt://nginx/files/etc/nginx/nginx-whmcs.conf.jinja
	{% endif %}
	- template: jinja
	- user: root
	- group: root
	- mode: 640

	/etc/nginx/pagespeed.conf:
	file.managed:
	- source: salt://nginx/files/etc/nginx/pagespeed.conf
	- user: root
	- group: root
	- mode: 640

	/var/www/nginx/referral-spam.conf:
	file.managed:
	- source: salt://nginx/files/var/www/nginx/referral-spam.conf
	- user: deploy
	- group: www-data
	- mode: 640
	- makedirs: True

	/var/www/{{ salt['grains.get']('domain') }}:
	file.directory:
	- user: deploy
	- group: www-data
	- file_mode: 0660
	- dir_mode: 2775
	- recurse:
	- user
	- group
	- mode

	/var/www/{{ grains['domain'] }}/shared/log:
	file.directory:
	- makedirs: true
	- user: deploy
	- group: www-data
	- dir_mode: 2775
	- recurse:
	- user
	- group
	- mode

	/var/www/nginx/{{ grains['domain'] }}.conf:
	file.managed:
	{% if grains.get('application') == 'wordpress' %}
	- source: salt://nginx/files/var/www/nginx/nginx-wordpress.conf.jinja
	{% elif grains.get('application') == 'toran' %}
	- source: salt://nginx/files/var/www/nginx/nginx-toran.conf.jinja
	{% elif grains.get('application') == 'magento' %}
	- source: salt://nginx/files/var/www/nginx/nginx-magento.conf.jinja
	{% elif grains.get('application') == 'whmcs' %}
	- source: salt://nginx/files/var/www/nginx/nginx-whmcs.conf.jinja
	{% endif %}
	- template: jinja
	- user: deploy
	- group: www-data
	- mode: 0660
	- makedirs: True

	/home/deploy/{{ grains['domain'] }}:
	file.symlink:
	- target: /var/www/{{ grains['domain'] }}

	delete-default-site:
	file.absent:
	- name: /etc/nginx/sites-enabled/default

	delete-default-directory:
	file.absent:
	- name: /var/www/html