Skip to content

@apfelbox /default secret

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
server {
listen 80 default_server;
server_name _;
root /var/www/__default__;
index index.php index.html;
access_log /var/log/nginx/default-access.log;
error_log /var/log/nginx/default-error.log;
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)([^?]*).*$;
fastcgi_pass unix:/var/run/www-fpm.socket;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
}
server {
listen 80;
include sites-available/example.com.inc;
}
server {
listen 443;
ssl on;
ssl_certificate /usr/local/cert/example.com/example.com.pem;
ssl_certificate_key /usr/local/cert/example.com/example.com.key;
include sites-available/example.com.inc;
}
server_name example.com www.example.com;
root /var/www/example.com;
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log;
if ($http_host != "www.example.com") {
rewrite ^ http://www.example.com$request_uri permanent;
}
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)((\?\d\d\d\d\d\d\d\d\d\d)|(\?s=\d\d\d\d\d\d\d\d\d\d))$ {
expires max;
log_not_found off;
}
location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)(\?v\d\d?\.\d\d?\.\d\d?)$ {
expires max;
log_not_found off;
}
location ~* ^(/typo3/sysext|/typo3conf/ext).*\.(cur|ico|gif|png|jpe?g|css|js|swf|woff) {
expires max;
log_not_found off;
}
location = /clear.gif {
empty_gif;
expires max;
}
location ^~ /typo3/gfx {
expires max;
}
location ^~ /typo3temp/compressor {
expires max;
}
location ~* \.(sql|htaccess|htpasswd|tpl|html5|xhtml) {
deny all;
}
location / {
if ($query_string ~ ".+") {
return 405;
}
# pass requests from logged-in users to PHP
if ($http_cookie ~ 'nc_staticfilecache|be_typo_user' ) {
return 405;
}
# pass POST requests to PHP
if ($request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_pragma = 'no-cache') {
return 405;
}
if ($http_cache_control = 'no-cache') {
return 405;
}
error_page 405 = @nocache;
# serve requested content from the cache if available, otherwise pass the request to PHP
try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache;
}
location @nocache {
try_files $uri $uri/ /index.php?$args;
}
location ^~ /typo3temp/tx_ncstaticfilecache {
expires 43200;
charset utf-8;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
include /etc/nginx/php_fpm;
fastcgi_pass unix:/var/run/www-fpm.socket;
}
server {
listen 80;
server_name example2.com;
root /var/www/example2.com;
index index.php index.html;
access_log /var/log/nginx/example2.com-access.log;
error_log /var/log/nginx/example2.com-error.log;
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
include php_fpm;
fastcgi_pass unix:/var/run/example2.com-fpm.socket;
}
}
server {
listen 80;
include sites-available/shop.example.com.inc;
}
server {
listen 443;
ssl on;
ssl_certificate /usr/local/cert/shop.example.com/shop.example.com.pem;
ssl_certificate_key /usr/local/cert/shop.example.com/shop.example.com.key;
include sites-available/shop.example.com.inc;
}
server_name shop.example.com;
root /var/www/shop.example.com;
access_log /var/log/nginx/shop.example.com-access.log;
error_log /var/log/nginx/shop.example.com-error.log;
location / {
index index.html index.php;
try_files $uri $uri/ @handler;
expires 30d;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ { ## Allow admins only to view export folder
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
location /. { ## Disable .htaccess and other hidden files
deny all;
access_log off;
log_not_found off;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
include /etc/nginx/php_fpm;
fastcgi_pass unix:/var/run/www-fpm.socket;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.