cedricwalter/404.html

## 404.html
<!-- to be saved at /usr/share/nginx/html/404.html -->
<html lang="en"><head><meta charset="utf-8">
  <meta name="viewport" content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 404 (Not Found)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}
  </style>
  <link type="text/css" rel="stylesheet" href="chrome-extension://cpngackimfmofbokmjmljamhdncknpmg/style.css"><script type="text/javascript" charset="utf-8" src="chrome-extension://cpngackimfmofbokmjmljamhdncknpmg/page_context.js"></script></head><body screen_capture_injected="true">

<!--
<a href="//www.google.com/">

<img src="//www.google.com/images/errors/logo_sm.gif" alt="Google"></a>
-->

  <p><b>404.</b> <ins>That.s an error.</ins>

<h2>The page you were looking for appears to
have been moved, deleted or does not exist.</h2>


  </p><p>The requested URL <code>/wfwefwefwef</code> was not found on this server.  <ins>That.s all we know.</ins>
</p>

<p>
<a href="http://www.waltercedric.com/contact.html" target="new">Please contact us to report a problem.</a>
</p>

<script type="text/javascript">
  var GOOG_FIXURL_LANG = 'en';
  var GOOG_FIXURL_SITE = 'http://www.waltercedric.com'
</script>
<script type="text/javascript"
  src="http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js">
</script>
<ul>
<li>Try returning to the <a href="http://www.waltercedric.com">home page</a> and finding the page you were looking for.</li>
</ul>

<br />

<h3>Sorry for your inconvenience</h3>

</body></html>

## apc.ini
# dedicated server with 8GB of RAM and php5-fpm
# issue a 'service php5-fpm restart' after changes
extension=apc.so
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 512M
apc.optimization = 0
apc.num_files_hint = 512
apc.user_entries_hint = 1024
apc.ttl = 0
apc.user_ttl = 0
apc.gc_ttl = 600
apc.cache_by_default = 1
apc.filters = "apc\.php$"
apc.slam_defense = 0
apc.use_request_time = 1
apc.mmap_file_mask = /tmp/apc.XXXXXX
;OR apc.mmap_file_mask = /dev/zero
apc.file_update_protection = 2
apc.enable_cli = 0
apc.max_file_size = 2M
apc.stat = 1
apc.write_lock = 1
apc.report_autofilter = 0
apc.include_once_override = 0
apc.rfc1867 = 0
apc.rfc1867_prefix = "upload_"
apc.rfc1867_name = "APC_UPLOAD_PROGRESS"
apc.rfc1867_freq = 0
apc.localcache = 1
apc.localcache.size = 512
apc.coredump_unmap = 0
apc.stat_ctime = 0

## joomla.conf
## Reusable settings for PHP CMS, targetted at joomla
#
# latest version at https://gist.github.com/1620307
# author cedric.walter, www.waltercedric.com
# to be saved in /etc/nginx/conf/joomla.conf

server_name_in_redirect off;

location / {
 expires 1d;
 # Note that nginx does not use .htaccess.
 # This will allow for SEF URL’s
 try_files $uri $uri/ /index.php?$args;
}

#################################################################
# Optimizations                                                 #
#################################################################


#################################################################
# Hardening                                                     #
#################################################################

server_tokens off;
# File uploads
client_max_body_size 10M;
client_body_buffer_size 128k;

# deny running scripts inside writable directories
   location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
  return 403;
  error_page 403 /403_error.html;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
  deny all;
  access_log off;
  log_not_found off;
}

# Only allow these request methods GET|HEAD|POST
# Do not accept DELETE, SEARCH and other methods
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
   return 444;
}

#################################################################
# Error                                                         #
#################################################################
error_page  404              /404.html;
location = /404.html {
  root   /usr/share/nginx/html;
}

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
  root   /usr/share/nginx/html;
}

#################################################################
# Rewrite                                                       #
#################################################################

# Add www to all urls
if ($host ~* ^([a-z0-9\-]+\.(be|fr|nl|de))$) {
  rewrite ^(.*)$ http://www.$host$1 permanent;
}

proxy_cache_key "$host$request_uri$cookie_sessioncookie";

# Pass all .php files onto a php-fpm/php-fcgi server.
# see https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
# see http://cnedelcu.blogspot.com/2010/05/nginx-php-via-fastcgi-important.html
location ~ \.php$ {
   # Zero-day exploit defense.
   # http://forum.nginx.org/read.php?2,88845,page=3
   # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
   # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
   try_files $uri =404;

   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   include fastcgi_params;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   # fastcgi_intercept_errors on;
   #fastcgi_pass php;
   fastcgi_pass   127.0.0.1:9000;
}

## my.cnf
# These are my settings, run with the default mysql settings and then run after 24h tuning-primer.sh
# https://launchpad.net/mysql-tuning-primer
# and follow the recommendations!
#
# latest version at https://gist.github.com/1620307
# author cedric.walter, www.waltercedric.com
# to be saved in /etc/mysql/my.cnf

[client]
port            = 3306
socket          = /var/run/mysqld/mysqld.sock

[mysqld_safe]
socket          = /var/run/mysqld/mysqld.sock
nice            = 0

# * IMPORTANT
#   If you make changes to these settings and your system uses apparmor, you may
#   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
#
[mysqld]
user            = mysql
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
skip-external-locking

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1

key_buffer              = 100M
max_allowed_packet      = 16M
thread_stack            = 192K
thread_cache_size       = 8
myisam-recover          = BACKUP
#max_connections        = 100

table_cache            = 1512
table_definition_cache = 1512
tmp_table_size         = 64M
read_buffer_size       = 32M
#thread_concurrency    = 10

query_cache_limit      = 1M
query_cache_size       = 100M
log_error              = /var/log/mysql/error.log

log_slow_queries       = /var/log/mysql/mysql-slow.log
long_query_time        = 2
#log-queries-not-using-indexes


# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
#       other settings you may need to change.
#server-id             = 1
#log_bin                        = /var/log/mysql/mysql-bin.log
expire_logs_days       = 10
max_binlog_size        = 100M


# * InnoDB
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem

[mysqldump]
quick
quote-names
max_allowed_packet      = 16M

[mysql]

[isamchk]
key_buffer              = 16M

#
# * IMPORTANT: Additional settings that can override those from this file!
#   The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

## nginx.conf
## latest version at https://gist.github.com/1620307
#
# author cedric.walter, www.waltercedric.com
# to be saved in /etc/nginx/nginx.conf

user www-data;

# = to the number of CPU - 1
# you may want to leave one core for the system and its interrupts
# and the other cores for the web server
worker_processes 4;

pid /var/run/nginx.pid;

events {
 # worker_connections : This is the amount of client connections a
 # single child process will handle by themselves at any one time.
 # (default: 1024) Note: Multiply worker_processes times worker_connections
 # for the total amount of connections Nginx will handle. Our example is
 # setup to handle 3*64=192 concurrent connections in total. Clients who
 # connect after the max has been reached will be denied access.
 worker_connections 1024;
 # multi_accept on;
}

http {
  ##
  # Basic Settings
  ##
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  types_hash_max_size 2048;

  ## Hardening ####
  server_tokens off;

  ### (default is 8k or 16k) The directive specifies the client request body buffer size.
  # If the request body is more than the buffer, then the entire request body or some part is written in a temporary file.
  client_body_buffer_size 8K;

  ### Directive sets the headerbuffer size for the request header from client. For the overwhelming
  ### majority of requests a buffer size of 1K is sufficient. Increase this if you have a custom header
  ### or a large cookie sent from the client (e.g., wap client).
  client_header_buffer_size 1k;

  ### Directive assigns the maximum accepted body size of client request, indicated by the line Content-Length
  ### in the header of request. If size is greater the given one, then the client gets the error
  ### "Request Entity Too Large" (413). Increase this when you are getting file uploads via the POST method.
  client_max_body_size 2m;

  ### Directive assigns the maximum number and size of buffers for large headers to read from client request.
  ### By default the size of one buffer is equal to the size of page, depending on platform this either 4K or 8K,
  ### if at the end of working request connection converts to state keep-alive, then these buffers are freed.
  ### 2x1k will accept 2kB data URI. This will also help combat bad bots and DoS attacks.
  large_client_header_buffers 2 1k;

  ### The first parameter assigns the timeout for keep-alive connections with the client.
  ### The server will close connections after this time. The optional second parameter assigns
  ### the time value in the header Keep-Alive: timeout=time of the response. This header can
  ### convince some browsers to close the connection, so that the server does not have to. Without
  ### this parameter, nginx does not send a Keep-Alive header (though this is not what makes a connection "keep-alive").
  keepalive_timeout 300 300;

  ### Directive sets the read timeout for the request body from client.
  ### The timeout is set only if a body is not get in one readstep. If after
  ### this time the client send nothing, nginx returns error "Request time out"
  ### (408). The default is 60.
  client_body_timeout 10;

  ### Directive assigns timeout with reading of the title of the request of client.
  ### The timeout is set only if a header is not get in one readstep. If after this
  ### time the client send nothing, nginx returns error "Request time out" (408).
  client_header_timeout 10;

  ### Directive assigns response timeout to client. Timeout is established not on entire
  ### transfer of answer, but only between two operations of reading, if after this time
  ### client will take nothing, then nginx is shutting down the connection.
  send_timeout 10;

  ### Directive describes the zone, in which the session states are stored i.e. store in slimits. ###
  ### 1m can handle 32000 sessions with 32 bytes/session, set to 5m x 32000 session ###
  limit_zone slimits $binary_remote_addr 5m;

  ### Control maximum number of simultaneous connections for one session i.e. ###
  ### restricts the amount of connections from a single ip address ###
  limit_conn slimits 5;

  ### Solve upstream sent too big header while reading response header from upstream
  ### http://wiki.nginx.org/HttpProxyModule
  # This directive set the buffer size, into which will be read the first part of the response, obtained from the proxied server.
  # Default:	4k|8k
  proxy_buffer_size   128k;
  # This directive sets the number and the size of buffers, into which will be read the answer, obtained from the proxied server.
  # By default, the size of one buffer is equal to the size of page. Depending on platform this is either 4K or 8K.
  proxy_buffers   4 256k;
  proxy_busy_buffers_size   256k;

  fastcgi_buffers 8 16k;
  fastcgi_buffer_size 32k;


  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # Logging Settings
  ##
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  ##
  # Gzip Settings
  ##
  gzip  on;
  gzip_http_version 1.1;
  gzip_vary on;
  gzip_comp_level 6;
  gzip_proxied any;
  gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
  gzip_buffers 16 8k;
  gzip_disable "MSIE [1-6]\.(?!.*SV1)";


 #################################################################
 # Caching                                                       #
 #################################################################
 location ~* \.(ico|pdf|flv)$ {
  access_log off;
  expires 1y;
 }
 location = /robots.txt {
  allow all;
  log_not_found off;
  access_log off;
 }

 ##
 # http://code.google.com/speed/page-speed/docs/caching.html#LeverageBrowserCaching
 ##
 location ~* \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
  access_log off;
  expires 1y;
  add_header Pragma public;
  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
 }


  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#         listen     localhost:110;
#         protocol   pop3;
#         proxy      on;
#       }
#
#       server {
#         listen     localhost:143;
#         protocol   imap;
#         proxy      on;
#       }
#}

## php5-fpm.conf
## latest version at https://gist.github.com/1620307
#
# author cedric.walter, www.waltercedric.com
# to be saved in /etc/php5/fpm/php5-fpm.conf

# 512MB of ram will offer you a maximum of 30 children and a minimum of 5.
# 2048MB of ram will offer you a maximum of 60 children and a minimum of 20.
# But be warned that these may not apply for the content you are processing with PHP.  Image manipulation will require a far larger amount of ram and should be limited to less threads.

pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to either 'static' or 'dynamic'
; Note: This value is mandatory.
pm.max_children = 120

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 30

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 30

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 60

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

## www.example.com
server {
  ### The port number (80 for http)
  listen     80;

  ### The domain name
  server_name  example.com www.example.com;

  ### The public root folder of the site
  root   /var/www/vhosts/example.com/httpdocs;

  ### The default index file.
  index  index.php;

  ### Where to write the site access log
  access_log  /var/www/vhosts/example.com/logs/example.log;

  # Stop deep linking or hot linking
  # apply this rule on any location that’s an image using Regexp
  # block empty blocked or whiteliste referers
  # test proper operation using http://altlab.com/hotlinkchecker.php
  location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
  valid_referers none blocked example.com www.example.com ~\.google\. ~\.yahoo\. ~\.bing\. ~\.facebook\. ~\.fbcdn\.;
  if ($invalid_referer) {
    # return 403;
    rewrite ^/images/(.*)\.(gif|jpg|jpeg|png)$ http://www.example.com/stop.jpg last;
   }
  }

  ### Password Protect /administrator area
  location ~ /administrator/.*) {
   auth_basic  "Restricted";
   auth_basic_user_file   /var/www/vhosts/example.com/httpdocs/passwd;
  }

  include /etc/nginx/conf/joomla.conf;
}
	<!-- to be saved at /usr/share/nginx/html/404.html -->
	<html lang="en"><head><meta charset="utf-8">
	<meta name="viewport" content="initial-scale=1, minimum-scale=1, width=device-width">
	<title>Error 404 (Not Found)!!1</title>
	<style>
	{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}
	</style>
	<link type="text/css" rel="stylesheet" href="chrome-extension://cpngackimfmofbokmjmljamhdncknpmg/style.css"><script type="text/javascript" charset="utf-8" src="chrome-extension://cpngackimfmofbokmjmljamhdncknpmg/page_context.js"></script></head><body screen_capture_injected="true">

	<!--
	<a href="//www.google.com/">

	<img src="//www.google.com/images/errors/logo_sm.gif" alt="Google"></a>
	-->

	<p><b>404.</b> <ins>That.s an error.</ins>

	<h2>The page you were looking for appears to
	have been moved, deleted or does not exist.</h2>


	</p><p>The requested URL <code>/wfwefwefwef</code> was not found on this server. <ins>That.s all we know.</ins>
	</p>

	<p>
	<a href="http://www.waltercedric.com/contact.html" target="new">Please contact us to report a problem.</a>
	</p>

	<script type="text/javascript">
	var GOOG_FIXURL_LANG = 'en';
	var GOOG_FIXURL_SITE = 'http://www.waltercedric.com'
	</script>
	<script type="text/javascript"
	src="http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js">
	</script>
	<ul>
	<li>Try returning to the <a href="http://www.waltercedric.com">home page</a> and finding the page you were looking for.</li>
	</ul>

	<br />

	<h3>Sorry for your inconvenience</h3>

	</body></html>
	# dedicated server with 8GB of RAM and php5-fpm
	# issue a 'service php5-fpm restart' after changes
	extension=apc.so
	apc.enabled = 1
	apc.shm_segments = 1
	apc.shm_size = 512M
	apc.optimization = 0
	apc.num_files_hint = 512
	apc.user_entries_hint = 1024
	apc.ttl = 0
	apc.user_ttl = 0
	apc.gc_ttl = 600
	apc.cache_by_default = 1
	apc.filters = "apc\.php$"
	apc.slam_defense = 0
	apc.use_request_time = 1
	apc.mmap_file_mask = /tmp/apc.XXXXXX
	;OR apc.mmap_file_mask = /dev/zero
	apc.file_update_protection = 2
	apc.enable_cli = 0
	apc.max_file_size = 2M
	apc.stat = 1
	apc.write_lock = 1
	apc.report_autofilter = 0
	apc.include_once_override = 0
	apc.rfc1867 = 0
	apc.rfc1867_prefix = "upload_"
	apc.rfc1867_name = "APC_UPLOAD_PROGRESS"
	apc.rfc1867_freq = 0
	apc.localcache = 1
	apc.localcache.size = 512
	apc.coredump_unmap = 0
	apc.stat_ctime = 0
	## Reusable settings for PHP CMS, targetted at joomla
	#
	# latest version at https://gist.github.com/1620307
	# author cedric.walter, www.waltercedric.com
	# to be saved in /etc/nginx/conf/joomla.conf

	server_name_in_redirect off;

	location / {
	expires 1d;
	# Note that nginx does not use .htaccess.
	# This will allow for SEF URL’s
	try_files $uri $uri/ /index.php?$args;
	}

	#################################################################
	# Optimizations #
	#################################################################


	#################################################################
	# Hardening #
	#################################################################

	server_tokens off;
	# File uploads
	client_max_body_size 10M;
	client_body_buffer_size 128k;

	# deny running scripts inside writable directories
	location ~* /(images\|cache\|media\|logs\|tmp)/.*\.(php\|pl\|py\|jsp\|asp\|sh\|cgi)$ {
	return 403;
	error_page 403 /403_error.html;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	# Only allow these request methods GET\|HEAD\|POST
	# Do not accept DELETE, SEARCH and other methods
	if ($request_method !~ ^(GET\|HEAD\|POST)$ ) {
	return 444;
	}

	#################################################################
	# Error #
	#################################################################
	error_page 404 /404.html;
	location = /404.html {
	root /usr/share/nginx/html;
	}

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	#################################################################
	# Rewrite #
	#################################################################

	# Add www to all urls
	if ($host ~* ^([a-z0-9\-]+\.(be\|fr\|nl\|de))$) {
	rewrite ^(.*)$ http://www.$host$1 permanent;
	}

	proxy_cache_key "$host$request_uri$cookie_sessioncookie";

	# Pass all .php files onto a php-fpm/php-fcgi server.
	# see https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
	# see http://cnedelcu.blogspot.com/2010/05/nginx-php-via-fastcgi-important.html
	location ~ \.php$ {
	# Zero-day exploit defense.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
	# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
	try_files $uri =404;

	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include fastcgi_params;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	# fastcgi_intercept_errors on;
	#fastcgi_pass php;
	fastcgi_pass 127.0.0.1:9000;
	}
	# These are my settings, run with the default mysql settings and then run after 24h tuning-primer.sh
	# https://launchpad.net/mysql-tuning-primer
	# and follow the recommendations!
	#
	# latest version at https://gist.github.com/1620307
	# author cedric.walter, www.waltercedric.com
	# to be saved in /etc/mysql/my.cnf

	[client]
	port = 3306
	socket = /var/run/mysqld/mysqld.sock

	[mysqld_safe]
	socket = /var/run/mysqld/mysqld.sock
	nice = 0

	# * IMPORTANT
	# If you make changes to these settings and your system uses apparmor, you may
	# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
	#
	[mysqld]
	user = mysql
	socket = /var/run/mysqld/mysqld.sock
	port = 3306
	basedir = /usr
	datadir = /var/lib/mysql
	tmpdir = /tmp
	skip-external-locking

	# Instead of skip-networking the default is now to listen only on
	# localhost which is more compatible and is not less secure.
	#bind-address = 127.0.0.1

	key_buffer = 100M
	max_allowed_packet = 16M
	thread_stack = 192K
	thread_cache_size = 8
	myisam-recover = BACKUP
	#max_connections = 100

	table_cache = 1512
	table_definition_cache = 1512
	tmp_table_size = 64M
	read_buffer_size = 32M
	#thread_concurrency = 10

	query_cache_limit = 1M
	query_cache_size = 100M
	log_error = /var/log/mysql/error.log

	log_slow_queries = /var/log/mysql/mysql-slow.log
	long_query_time = 2
	#log-queries-not-using-indexes


	# The following can be used as easy to replay backup logs or for replication.
	# note: if you are setting up a replication slave, see README.Debian about
	# other settings you may need to change.
	#server-id = 1
	#log_bin = /var/log/mysql/mysql-bin.log
	expire_logs_days = 10
	max_binlog_size = 100M


	# * InnoDB
	# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
	# Read the manual for more InnoDB related options. There are many!
	#
	# * Security Features
	#
	# Read the manual, too, if you want chroot!
	# chroot = /var/lib/mysql/
	#
	# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
	#
	# ssl-ca=/etc/mysql/cacert.pem
	# ssl-cert=/etc/mysql/server-cert.pem
	# ssl-key=/etc/mysql/server-key.pem

	[mysqldump]
	quick
	quote-names
	max_allowed_packet = 16M

	[mysql]

	[isamchk]
	key_buffer = 16M

	#
	# * IMPORTANT: Additional settings that can override those from this file!
	# The files must end with '.cnf', otherwise they'll be ignored.
	#
	!includedir /etc/mysql/conf.d/
	## latest version at https://gist.github.com/1620307
	#
	# author cedric.walter, www.waltercedric.com
	# to be saved in /etc/nginx/nginx.conf

	user www-data;

	# = to the number of CPU - 1
	# you may want to leave one core for the system and its interrupts
	# and the other cores for the web server
	worker_processes 4;

	pid /var/run/nginx.pid;

	events {
	# worker_connections : This is the amount of client connections a
	# single child process will handle by themselves at any one time.
	# (default: 1024) Note: Multiply worker_processes times worker_connections
	# for the total amount of connections Nginx will handle. Our example is
	# setup to handle 3*64=192 concurrent connections in total. Clients who
	# connect after the max has been reached will be denied access.
	worker_connections 1024;
	# multi_accept on;
	}

	http {
	##
	# Basic Settings
	##
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	types_hash_max_size 2048;

	## Hardening ####
	server_tokens off;

	### (default is 8k or 16k) The directive specifies the client request body buffer size.
	# If the request body is more than the buffer, then the entire request body or some part is written in a temporary file.
	client_body_buffer_size 8K;

	### Directive sets the headerbuffer size for the request header from client. For the overwhelming
	### majority of requests a buffer size of 1K is sufficient. Increase this if you have a custom header
	### or a large cookie sent from the client (e.g., wap client).
	client_header_buffer_size 1k;

	### Directive assigns the maximum accepted body size of client request, indicated by the line Content-Length
	### in the header of request. If size is greater the given one, then the client gets the error
	### "Request Entity Too Large" (413). Increase this when you are getting file uploads via the POST method.
	client_max_body_size 2m;

	### Directive assigns the maximum number and size of buffers for large headers to read from client request.
	### By default the size of one buffer is equal to the size of page, depending on platform this either 4K or 8K,
	### if at the end of working request connection converts to state keep-alive, then these buffers are freed.
	### 2x1k will accept 2kB data URI. This will also help combat bad bots and DoS attacks.
	large_client_header_buffers 2 1k;

	### The first parameter assigns the timeout for keep-alive connections with the client.
	### The server will close connections after this time. The optional second parameter assigns
	### the time value in the header Keep-Alive: timeout=time of the response. This header can
	### convince some browsers to close the connection, so that the server does not have to. Without
	### this parameter, nginx does not send a Keep-Alive header (though this is not what makes a connection "keep-alive").
	keepalive_timeout 300 300;

	### Directive sets the read timeout for the request body from client.
	### The timeout is set only if a body is not get in one readstep. If after
	### this time the client send nothing, nginx returns error "Request time out"
	### (408). The default is 60.
	client_body_timeout 10;

	### Directive assigns timeout with reading of the title of the request of client.
	### The timeout is set only if a header is not get in one readstep. If after this
	### time the client send nothing, nginx returns error "Request time out" (408).
	client_header_timeout 10;

	### Directive assigns response timeout to client. Timeout is established not on entire
	### transfer of answer, but only between two operations of reading, if after this time
	### client will take nothing, then nginx is shutting down the connection.
	send_timeout 10;

	### Directive describes the zone, in which the session states are stored i.e. store in slimits. ###
	### 1m can handle 32000 sessions with 32 bytes/session, set to 5m x 32000 session ###
	limit_zone slimits $binary_remote_addr 5m;

	### Control maximum number of simultaneous connections for one session i.e. ###
	### restricts the amount of connections from a single ip address ###
	limit_conn slimits 5;

	### Solve upstream sent too big header while reading response header from upstream
	### http://wiki.nginx.org/HttpProxyModule
	# This directive set the buffer size, into which will be read the first part of the response, obtained from the proxied server.
	# Default: 4k\|8k
	proxy_buffer_size 128k;
	# This directive sets the number and the size of buffers, into which will be read the answer, obtained from the proxied server.
	# By default, the size of one buffer is equal to the size of page. Depending on platform this is either 4K or 8K.
	proxy_buffers 4 256k;
	proxy_busy_buffers_size 256k;

	fastcgi_buffers 8 16k;
	fastcgi_buffer_size 32k;


	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##
	gzip on;
	gzip_http_version 1.1;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_proxied any;
	gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
	gzip_buffers 16 8k;
	gzip_disable "MSIE [1-6]\.(?!.*SV1)";


	#################################################################
	# Caching #
	#################################################################
	location ~* \.(ico\|pdf\|flv)$ {
	access_log off;
	expires 1y;
	}
	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	##
	# http://code.google.com/speed/page-speed/docs/caching.html#LeverageBrowserCaching
	##
	location ~* \.(jpg\|jpeg\|gif\|png\|ico\|css\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|pdf\|ppt\|txt\|tar\|mid\|midi\|wav\|bmp\|rtf\|js)$ {
	access_log off;
	expires 1y;
	add_header Pragma public;
	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
	}


	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	}


	#mail {
	# # See sample authentication script at:
	# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
	#
	# # auth_http localhost/auth.php;
	# # pop3_capabilities "TOP" "USER";
	# # imap_capabilities "IMAP4rev1" "UIDPLUS";
	#
	# server {
	# listen localhost:110;
	# protocol pop3;
	# proxy on;
	# }
	#
	# server {
	# listen localhost:143;
	# protocol imap;
	# proxy on;
	# }
	#}
	## latest version at https://gist.github.com/1620307
	#
	# author cedric.walter, www.waltercedric.com
	# to be saved in /etc/php5/fpm/php5-fpm.conf

	# 512MB of ram will offer you a maximum of 30 children and a minimum of 5.
	# 2048MB of ram will offer you a maximum of 60 children and a minimum of 20.
	# But be warned that these may not apply for the content you are processing with PHP. Image manipulation will require a far larger amount of ram and should be limited to less threads.

	pm = dynamic

	; The number of child processes to be created when pm is set to 'static' and the
	; maximum number of child processes to be created when pm is set to 'dynamic'.
	; This value sets the limit on the number of simultaneous requests that will be
	; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
	; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
	; CGI.
	; Note: Used when pm is set to either 'static' or 'dynamic'
	; Note: This value is mandatory.
	pm.max_children = 120

	; The number of child processes created on startup.
	; Note: Used only when pm is set to 'dynamic'
	; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
	pm.start_servers = 30

	; The desired minimum number of idle server processes.
	; Note: Used only when pm is set to 'dynamic'
	; Note: Mandatory when pm is set to 'dynamic'
	pm.min_spare_servers = 30

	; The desired maximum number of idle server processes.
	; Note: Used only when pm is set to 'dynamic'
	; Note: Mandatory when pm is set to 'dynamic'
	pm.max_spare_servers = 60

	; The number of requests each child process should execute before respawning.
	; This can be useful to work around memory leaks in 3rd party libraries. For
	; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
	; Default Value: 0
	;pm.max_requests = 500
	server {
	### The port number (80 for http)
	listen 80;

	### The domain name
	server_name example.com www.example.com;

	### The public root folder of the site
	root /var/www/vhosts/example.com/httpdocs;

	### The default index file.
	index index.php;

	### Where to write the site access log
	access_log /var/www/vhosts/example.com/logs/example.log;

	# Stop deep linking or hot linking
	# apply this rule on any location that’s an image using Regexp
	# block empty blocked or whiteliste referers
	# test proper operation using http://altlab.com/hotlinkchecker.php
	location ~* \.(png\|gif\|jpg\|jpeg\|swf\|ico)(\?[0-9]+)?$ {
	valid_referers none blocked example.com www.example.com ~\.google\. ~\.yahoo\. ~\.bing\. ~\.facebook\. ~\.fbcdn\.;
	if ($invalid_referer) {
	# return 403;
	rewrite ^/images/(.*)\.(gif\|jpg\|jpeg\|png)$ http://www.example.com/stop.jpg last;
	}
	}

	### Password Protect /administrator area
	location ~ /administrator/.*) {
	auth_basic "Restricted";
	auth_basic_user_file /var/www/vhosts/example.com/httpdocs/passwd;
	}

	include /etc/nginx/conf/joomla.conf;
	}