secret
Created

  • Download Gist
default
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
server {
listen 80 default_server;
server_name _;
root /var/www/__default__;
index index.php index.html;
 
access_log /var/log/nginx/default-access.log;
error_log /var/log/nginx/default-error.log;
 
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
 
location / {
try_files $uri $uri/ /index.php?$args;
}
 
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
 
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)([^?]*).*$;
fastcgi_pass unix:/var/run/www-fpm.socket;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
}
example.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
server {
listen 80;
include sites-available/example.com.inc;
}
 
server {
listen 443;
 
ssl on;
ssl_certificate /usr/local/cert/example.com/example.com.pem;
ssl_certificate_key /usr/local/cert/example.com/example.com.key;
include sites-available/example.com.inc;
}
example.com.inc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
server_name example.com www.example.com;
root /var/www/example.com;
 
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log;
 
if ($http_host != "www.example.com") {
rewrite ^ http://www.example.com$request_uri permanent;
}
 
index index.php index.html;
 
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
}
 
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
 
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)((\?\d\d\d\d\d\d\d\d\d\d)|(\?s=\d\d\d\d\d\d\d\d\d\d))$ {
expires max;
log_not_found off;
}
location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)(\?v\d\d?\.\d\d?\.\d\d?)$ {
expires max;
log_not_found off;
}
location ~* ^(/typo3/sysext|/typo3conf/ext).*\.(cur|ico|gif|png|jpe?g|css|js|swf|woff) {
expires max;
log_not_found off;
}
location = /clear.gif {
empty_gif;
expires max;
}
location ^~ /typo3/gfx {
expires max;
}
location ^~ /typo3temp/compressor {
expires max;
}
location ~* \.(sql|htaccess|htpasswd|tpl|html5|xhtml) {
deny all;
}
location / {
if ($query_string ~ ".+") {
return 405;
}
 
# pass requests from logged-in users to PHP
if ($http_cookie ~ 'nc_staticfilecache|be_typo_user' ) {
return 405;
}
 
# pass POST requests to PHP
if ($request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
 
if ($http_pragma = 'no-cache') {
return 405;
}
 
if ($http_cache_control = 'no-cache') {
return 405;
}
 
error_page 405 = @nocache;
# serve requested content from the cache if available, otherwise pass the request to PHP
try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache;
}
location @nocache {
try_files $uri $uri/ /index.php?$args;
}
location ^~ /typo3temp/tx_ncstaticfilecache {
expires 43200;
charset utf-8;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
include /etc/nginx/php_fpm;
fastcgi_pass unix:/var/run/www-fpm.socket;
}
example2.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
server {
listen 80;
server_name example2.com;
root /var/www/example2.com;
index index.php index.html;
 
access_log /var/log/nginx/example2.com-access.log;
error_log /var/log/nginx/example2.com-error.log;
 
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
 
location / {
try_files $uri $uri/ /index.php?$args;
}
 
location ~ \.php$ {
include fastcgi_params;
include php_fpm;
fastcgi_pass unix:/var/run/example2.com-fpm.socket;
}
}
shop.example.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
server {
listen 80;
include sites-available/shop.example.com.inc;
}
 
server {
listen 443;
 
ssl on;
ssl_certificate /usr/local/cert/shop.example.com/shop.example.com.pem;
ssl_certificate_key /usr/local/cert/shop.example.com/shop.example.com.key;
include sites-available/shop.example.com.inc;
}
shop.example.com.inc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
server_name shop.example.com;
root /var/www/shop.example.com;
 
access_log /var/log/nginx/shop.example.com-access.log;
error_log /var/log/nginx/shop.example.com-error.log;
 
 
location / {
index index.html index.php;
try_files $uri $uri/ @handler;
expires 30d;
}
 
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
 
location /var/export/ { ## Allow admins only to view export folder
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
 
location /. { ## Disable .htaccess and other hidden files
deny all;
access_log off;
log_not_found off;
}
 
location @handler {
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
 
 
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
include /etc/nginx/php_fpm;
fastcgi_pass unix:/var/run/www-fpm.socket;
}

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.