-
-
Save apfelbox/94c74ab9c515ee906e6b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80 default_server; | |
server_name _; | |
root /var/www/__default__; | |
index index.php index.html; | |
access_log /var/log/nginx/default-access.log; | |
error_log /var/log/nginx/default-error.log; | |
location ~ /\. { | |
access_log off; | |
log_not_found off; | |
deny all; | |
} | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
include /etc/nginx/fastcgi_params; | |
fastcgi_index index.php; | |
fastcgi_split_path_info ^(.+\.php)([^?]*).*$; | |
fastcgi_pass unix:/var/run/www-fpm.socket; | |
fastcgi_buffer_size 128k; | |
fastcgi_buffers 4 256k; | |
fastcgi_busy_buffers_size 256k; | |
fastcgi_temp_file_write_size 256k; | |
fastcgi_intercept_errors on; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
include sites-available/example.com.inc; | |
} | |
server { | |
listen 443; | |
ssl on; | |
ssl_certificate /usr/local/cert/example.com/example.com.pem; | |
ssl_certificate_key /usr/local/cert/example.com/example.com.key; | |
include sites-available/example.com.inc; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server_name example.com www.example.com; | |
root /var/www/example.com; | |
access_log /var/log/nginx/example.com-access.log; | |
error_log /var/log/nginx/example.com-error.log; | |
if ($http_host != "www.example.com") { | |
rewrite ^ http://www.example.com$request_uri permanent; | |
} | |
index index.php index.html; | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
expires max; | |
} | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
location ~ /\. { | |
deny all; | |
access_log off; | |
log_not_found off; | |
} | |
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { | |
expires max; | |
log_not_found off; | |
} | |
location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)((\?\d\d\d\d\d\d\d\d\d\d)|(\?s=\d\d\d\d\d\d\d\d\d\d))$ { | |
expires max; | |
log_not_found off; | |
} | |
location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)(\?v\d\d?\.\d\d?\.\d\d?)$ { | |
expires max; | |
log_not_found off; | |
} | |
location ~* ^(/typo3/sysext|/typo3conf/ext).*\.(cur|ico|gif|png|jpe?g|css|js|swf|woff) { | |
expires max; | |
log_not_found off; | |
} | |
location = /clear.gif { | |
empty_gif; | |
expires max; | |
} | |
location ^~ /typo3/gfx { | |
expires max; | |
} | |
location ^~ /typo3temp/compressor { | |
expires max; | |
} | |
location ~* \.(sql|htaccess|htpasswd|tpl|html5|xhtml) { | |
deny all; | |
} | |
location / { | |
if ($query_string ~ ".+") { | |
return 405; | |
} | |
# pass requests from logged-in users to PHP | |
if ($http_cookie ~ 'nc_staticfilecache|be_typo_user' ) { | |
return 405; | |
} | |
# pass POST requests to PHP | |
if ($request_method !~ ^(GET|HEAD)$ ) { | |
return 405; | |
} | |
if ($http_pragma = 'no-cache') { | |
return 405; | |
} | |
if ($http_cache_control = 'no-cache') { | |
return 405; | |
} | |
error_page 405 = @nocache; | |
# serve requested content from the cache if available, otherwise pass the request to PHP | |
try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache; | |
} | |
location @nocache { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ^~ /typo3temp/tx_ncstaticfilecache { | |
expires 43200; | |
charset utf-8; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
include /etc/nginx/fastcgi_params; | |
include /etc/nginx/php_fpm; | |
fastcgi_pass unix:/var/run/www-fpm.socket; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name example2.com; | |
root /var/www/example2.com; | |
index index.php index.html; | |
access_log /var/log/nginx/example2.com-access.log; | |
error_log /var/log/nginx/example2.com-error.log; | |
location ~ /\. { | |
access_log off; | |
log_not_found off; | |
deny all; | |
} | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
include fastcgi_params; | |
include php_fpm; | |
fastcgi_pass unix:/var/run/example2.com-fpm.socket; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
include sites-available/shop.example.com.inc; | |
} | |
server { | |
listen 443; | |
ssl on; | |
ssl_certificate /usr/local/cert/shop.example.com/shop.example.com.pem; | |
ssl_certificate_key /usr/local/cert/shop.example.com/shop.example.com.key; | |
include sites-available/shop.example.com.inc; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server_name shop.example.com; | |
root /var/www/shop.example.com; | |
access_log /var/log/nginx/shop.example.com-access.log; | |
error_log /var/log/nginx/shop.example.com-error.log; | |
location / { | |
index index.html index.php; | |
try_files $uri $uri/ @handler; | |
expires 30d; | |
} | |
## These locations would be hidden by .htaccess normally | |
location ^~ /app/ { deny all; } | |
location ^~ /includes/ { deny all; } | |
location ^~ /lib/ { deny all; } | |
location ^~ /media/downloadable/ { deny all; } | |
location ^~ /pkginfo/ { deny all; } | |
location ^~ /report/config.xml { deny all; } | |
location ^~ /var/ { deny all; } | |
location /var/export/ { ## Allow admins only to view export folder | |
auth_basic "Restricted"; ## Message shown in login window | |
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword | |
autoindex on; | |
} | |
location /. { ## Disable .htaccess and other hidden files | |
deny all; | |
access_log off; | |
log_not_found off; | |
} | |
location @handler { | |
rewrite / /index.php; | |
} | |
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler | |
rewrite ^(.*.php)/ $1 last; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
include /etc/nginx/fastcgi_params; | |
include /etc/nginx/php_fpm; | |
fastcgi_pass unix:/var/run/www-fpm.socket; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment