Skip to content

Instantly share code, notes, and snippets.

@btray77

btray77/-etc-nginx-conf.d-export.conf

Last active January 18, 2016 17:59
Show Gist options
  • Save btray77/8867aa2fddc1803bfee0 to your computer and use it in GitHub Desktop.
Save btray77/8867aa2fddc1803bfee0 to your computer and use it in GitHub Desktop.
Download ZIP
This is my current nginx configuration for magento 1.9.2.2.
Raw
-etc-nginx-conf.d-export.conf
# configuration file /etc/nginx/conf.d/export.conf:
location ~ /var/export {
satisfy all;
allow 1.2.3.4;
deny all;
auth_basic "Restricted";
auth_basic_user_file .htpasswd;
autoindex off;
}
Raw
-etc-nginx-conf.d-extra_protect.conf
# configuration file /etc/nginx/conf.d/extra_protect.conf:
## Extra protection
location ~ /(dev/tests/|errors/local.xml|cron\.php) { deny all; }
location ~ ^/.*\.(sh|pl|swp|phar|sql|conf|zip|tar|.+gz)$ { return 444; }
location ~ /\.(svn|git|hg|htpasswd|bash|ssh) { return 444; }
location ~* /(lib|media|shell|skin)/.*\.php$ { deny all; }
location ~ /(wishlist|customer|contact|review|catalogsearch|newsletter|(fire|one.+)?checkout)/ {
limit_req zone=goeasy burst=5;
limit_req_status 429;
if ($http_user_agent ~* "Baiduspider|Googlebot|bingbot|Yahoo|YandexBot") { return 410; }
try_files $uri $uri/ @rewrite;
}
## Wordpress files and locations protection
location ~ /wp-config\.php { deny all; }
location ~ /wp-includes/(.*)\.php { deny all; }
location ~ /wp-admin/includes(.*)$ { deny all; }
location ~ /xmlrpc\.php { deny all; }
location ~ /wp-content/uploads/(.*)\.php(.?) { deny all; }
Raw
-etc-nginx-conf.d-headers.conf
# configuration file /etc/nginx/conf.d/headers.conf:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-UA-Compatible 'IE=Edge,chrome=1';
add_header X-Processing-Time $request_time;
Raw
-etc-nginx-conf.d-pagespeed.conf
# configuration file /etc/nginx/conf.d/pagespeed.conf:
pagespeed on;
pagespeed FileCachePath "/var/tmp/ngx_pagespeed_cache";
pagespeed LogDir "/var/log/pagespeed";
#to optimize images use: https://github.com/mikebrittain/Wesley
#pagespeed EnableFilters convert_gif_to_png;
#pagespeed EnableFilters insert_image_dimensions;
#pagespeed EnableFilters lazyload_images;
#pagespeed EnableFilters collapse_whitespace;
#pagespeed EnableFilters remove_comments;
#pagespeed EnableFilters flatten_css_imports;
#pagespeed EnableFilters insert_dns_prefetch;
#pagespeed EnableFilters extend_cache;
#pagespeed EnableFilters canonicalize_javascript_libraries;
pagespeed EnableFilters extend_cache;
pagespeed EnableFilters extend_cache_pdfs;
pagespeed EnableFilters combine_css;
pagespeed EnableFilters combine_javascript;
pagespeed EnableFilters move_css_above_scripts;
pagespeed EnableFilters insert_dns_prefetch;
pagespeed EnableFilters rewrite_images;
pagespeed EnableFilters prioritize_critical_css;
pagespeed EnableFilters rewrite_css;
pagespeed EnableFilters rewrite_style_attributes;
pagespeed EnableFilters convert_meta_tags;
pagespeed EnableFilters lazyload_images;
pagespeed EnableFilters collapse_whitespace;
#pagespeed EnableFilters move_css_to_head;
pagespeed EnableFilters remove_quotes;
pagespeed EnableFilters inline_css;
pagespeed EnableFilters inline_javascript;
pagespeed EnableFilters convert_gif_to_png;
pagespeed EnableFilters insert_image_dimensions;
pagespeed EnableFilters lazyload_images;
pagespeed EnableFilters collapse_whitespace;
pagespeed EnableFilters remove_comments;
pagespeed EnableFilters flatten_css_imports;
#pagespeed EnableFilters defer_javascript;
pagespeed EnableFilters rewrite_javascript;
#pagespeed UseExperimentalJsMinifier on;
pagespeed StatisticsLogging on;
pagespeed RetainComment "esi*";
# magento admin
pagespeed Disallow "*index.php/admin/*";
pagespeed Disallow "*/admin/*";
pagespeed Disallow "*/phpMyAdmin/*";
# configuration file /etc/nginx/conf.d/spider.conf:
# BLACKBOT
if ($http_user_agent ~* "360Spider|aiHitBot|Exabot|AhrefsBot|betaBot|BlackWidow|Bolt|BLEXBot|BUbiNG|CazoodleBot|CPython|CCBot|ChinaClaw|Curious|CRAZYWEBCRAWLER|Custo|Default|DIIbot|DISCo|discobot|eCatch|ecxi|EirGrabber|EmailCollector|EmailSiphon|EmailWolf|ExtractorPro|EyeNetIE|FlashGet|Findxbot|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|Go.*package.*|GrabNet|Grafula|GT::WWW|heritrix|HaosouSpider|HMView|HTTP::Lite|HTTrack|ia_archiver|IDBot|id-search|id-search.org|InterGET|InternetSeer.com|IRLbot|JetCar|larbin|LeechFTP|Lightspeedsystems|litemage_walker|Link|LinksManager.com_bot|Lipperhey|linkwalker|lwp-trivial|Maxthon$|Mail.RU_Bot|MegaIndex.ru|MFC_Tear_Sample|microsoft.url|Microsoft-IIS|Microsoft|Mozilla.*Indy|Mozilla.*NEWT|MJ12bot|MSFrontPage|Navroad|NearSite|NetAnts|NetLyzer.*FastProbe|NetSpider|NetZIP|Nutch|Octopus|PageGrabber|panscient.com|pavuk|PECL::HTTP|PeoplePal|pcBrowser|PHPCrawl|PleaseCrawl|psbot|python-requests|RealDownload|ReGet|RedesScrapy|Rippers|RocketCrawler|SBIder|Scrapy|ScreenerBot|SEOprofiler|SeaMonkey$|SeznamBot|sitecheck.internetseer.com|SiteSnagger|SmartDownload|Snoopy|SputnikBot|Steeler|SuperBot|SuperHTTP|Surfbot|sqlmap|tAkeOut|Teleport|Toata|TwengaBot|Typhoeus|URI::Fetch|User-Agent|voltron|Vagabondo|VoidEYE|webalta|WebAuto|[Ww]eb[Bb]andit|WebCollage|WebCopier|WebFetch|WebLeacher|WebReaper|WebSauger|WebStripper|WebWhacker|WebZIP|Wget|Widow|Wotbox|WWW-Mechanize|WWWOFFLE|zermelo|Zeus|Zeus.*Webster|ZyBorg")
{ return 444; }
Raw
-etc-nginx-fastcgi_params
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
#fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# magento
fastcgi_connect_timeout 65;
fastcgi_send_timeout 7200;
fastcgi_read_timeout 7200;
Raw
-etc-nginx-mime.types
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
Raw
-etc-nginx-nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /var/run/nginx.pid;
events {
worker_connections 2000;
multi_accept on;
use epoll;
}
http {
index index.html index.php;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" ';
log_format error403 '$remote_addr - [$time_local] "$request"';
keepalive_timeout 5;
autoindex off;
server_tokens off;
port_in_redirect off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 64m;
## Flood protection example
limit_req_zone $binary_remote_addr zone=goeasy:25m rate=1r/s;
## Cache open FD
open_file_cache max=10000 inactive=3600s;
open_file_cache_valid 7200s;
open_file_cache_min_uses 2;
## Gzipping is an easy way to reduce page weight
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_types application/javascript application/x-javascript text/javascript text/css;
gzip_buffers 16 8k;
gzip_comp_level 6;
## SSL global settings
#ssl_session_cache shared:SSL:25m;
#ssl_session_timeout 15m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5";
#ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/ssl/certs/dhparams.pem;
#ssl_stapling on;
#resolver 8.8.8.8 8.8.4.4 valid=3600s;
#resolver_timeout 5s;
## Use when Varnish in front
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
## Multi shop code configuration
#include /etc/nginx/conf.d/multishop.conf;
## Map status to exclude from access log
map $status $writelog { 404 0; 410 0; 444 0; default 1; }
## Main domain configuration
include /etc/nginx/sites-enabled/*.conf;
}
Raw
-etc-nginx-sites-enabled-default.conf
# configuration file /etc/nginx/sites-enabled/default.conf:
server {
listen 80;
return 444;
}
#server {
# listen 443 ssl default;
# ssl_certificate /etc/nginx/ssl/WEBSITENAME_com/ssl-bundle.crt;
# ssl_certificate_key /etc/nginx/ssl/WEBSITENAME_com/WEBSITENAME_com.key;
# return 444;
#}
Raw
-etc-nginx-sites-enabled-magento.conf
# configuration file /etc/nginx/sites-enabled/magento.conf:
## Add www
server {
listen 80;
server_name WEBSITENAME.com;
return 301 $scheme://www.WEBSITENAME.com$request_uri;
}
server {
listen 80;
listen 443 http2 ssl;
#ssl on;
#Had issues with nginx sending only partial files
sendfile off;
server_name www.overnightsupplements.com;
root /var/www/html/overnight;
access_log /var/log/nginx/access_www.WEBSITENAME.com.log main if=$writelog;
error_log /var/log/nginx/error_www.WEBSITENAME.com.log error;
## Pagespeed module
include /etc/nginx/conf.d/pagespeed.conf;
## Bots trap
include /etc/nginx/conf.d/spider.conf;
## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/WEBSITENAME_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/WEBSITENAME_com/WEBSITENAME_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
#resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 5s;
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=0;";
location = /js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}
## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;
## Export folder
include /etc/nginx/conf.d/export.conf;
## These locations are protected
location ~ /(app|var|includes|pkginfo)/ {
deny all;
}
## Extra protection and limits
include /etc/nginx/conf.d/extra_protect.conf;
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
add_header Accept-Ranges bytes;
}
location @rewrite {
rewrite / /index.php?$args;
}
## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass 127.0.0.1:$port_switch;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
include fastcgi_params;
}
}
Raw
README.md

This is my current nginx.conf configuration.

Nginx compilation: --add-module=/usr/local/src/ngx_pagespeed-release-1.9.32.10-beta --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment