craigbutcher/gist:70877d9554f2ca49b173

## gistfile1.nginxconf
#######################
# Your Domain
#######################

upstream ghost_upstream_yourDomain {
    server 127.0.0.1:2323;
    keepalive 64;
}

server {

    listen 80;
    #listen 443 default_server ssl;
    server_name domain.com www.domain.com;

    # Logs
    access_log /home/www/logs/domain-access.log;
    error_log /home/www/logs/domain-error.log info;

    #ssl_certificate /opt/nginx/conf/ssl-unified.crt;
    #ssl_certificate_key /opt/nginx/conf/domain.pem;
    #ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    #ssl_ciphers RC4:HIGH:!MEDIUM:!aNULL:!MD5:!DH:!EDH;
    #ssl_prefer_server_ciphers on;
    #ssl_session_cache shared:SSL:10m;
    #ssl_session_timeout 10m;

    if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE)$ ) { return 444; }
    if ($host != $server_name) {
        return 301 $scheme://$server_name$request_uri;
    }

    location ~* \.(db|hbs|conf)$  { deny all; }
    location ~ /\.ht { deny all; }
    location ~ /\. { deny all; }
    location ~ ~$  { deny all; }

    location ~ ^/(sitemap\.xml|robots\.txt|favicon\.ico)$ {
        root /home/www/domain/public;
        access_log off;
        log_not_found off;
    }

    # Static files served directly by Nginx
    location ~ ^/assets/(img|js|css|fonts)/  {
        root /home/www/domain/content/themes/cakes;
        expires 30d;
        access_log off;
    }

    location ~ ^/(img/|css/|lib/|vendor/|fonts/) {
        root /home/www/domain/core/client/assets;
        expires 30d;
        access_log off;
            }

    location ~ ^/(content/images/) {
        root /home/www/domain;
        expires 30d;
        access_log off;
    }

    location ~ ^/(shared/|built/) {
        root /home/www/domain/core;
        expires 30d;
        access_log off;
    }

    location ~ ^/public/ {
        root /home/www/domain/core/built;
        expires 30d;
        access_log off;
    }

    location / {

        include /usr/local/nginx/conf/ghost.rules;

        proxy_pass http://ghost_upstream_yourDomain;
        proxy_redirect off;
        proxy_read_timeout 180s;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Connection "";
        proxy_pass_header X-CSRF-TOKEN;
        proxy_http_version 1.1;
        proxy_cache one;
        proxy_cache_key "$scheme$host$request_uri";
        proxy_hide_header X-Powered-By;
    }

    location = /RequestDenied { return 500; }

    location = /50x.html { root html; }
    #error_page   404 /404.html;
        error_page   500 502 503 504  /50x.html;

    # deny scripts inside writable directories
    location ~* /(images|cache|media|logs|tmp)/.*.(php|pl|py|jsp|asp|sh|cgi)$ {
        return 403;
        error_page 403 /403_error.html;
    }

}
	#######################
	# Your Domain
	#######################

	upstream ghost_upstream_yourDomain {
	server 127.0.0.1:2323;
	keepalive 64;
	}

	server {

	listen 80;
	#listen 443 default_server ssl;
	server_name domain.com www.domain.com;

	# Logs
	access_log /home/www/logs/domain-access.log;
	error_log /home/www/logs/domain-error.log info;

	#ssl_certificate /opt/nginx/conf/ssl-unified.crt;
	#ssl_certificate_key /opt/nginx/conf/domain.pem;
	#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	#ssl_ciphers RC4:HIGH:!MEDIUM:!aNULL:!MD5:!DH:!EDH;
	#ssl_prefer_server_ciphers on;
	#ssl_session_cache shared:SSL:10m;
	#ssl_session_timeout 10m;

	if ($request_method !~ ^(GET\|HEAD\|POST\|PUT\|DELETE)$ ) { return 444; }
	if ($host != $server_name) {
	return 301 $scheme://$server_name$request_uri;
	}

	location ~* \.(db\|hbs\|conf)$ { deny all; }
	location ~ /\.ht { deny all; }
	location ~ /\. { deny all; }
	location ~ ~$ { deny all; }

	location ~ ^/(sitemap\.xml\|robots\.txt\|favicon\.ico)$ {
	root /home/www/domain/public;
	access_log off;
	log_not_found off;
	}

	# Static files served directly by Nginx
	location ~ ^/assets/(img\|js\|css\|fonts)/ {
	root /home/www/domain/content/themes/cakes;
	expires 30d;
	access_log off;
	}

	location ~ ^/(img/\|css/\|lib/\|vendor/\|fonts/) {
	root /home/www/domain/core/client/assets;
	expires 30d;
	access_log off;
	}

	location ~ ^/(content/images/) {
	root /home/www/domain;
	expires 30d;
	access_log off;
	}

	location ~ ^/(shared/\|built/) {
	root /home/www/domain/core;
	expires 30d;
	access_log off;
	}

	location ~ ^/public/ {
	root /home/www/domain/core/built;
	expires 30d;
	access_log off;
	}

	location / {

	include /usr/local/nginx/conf/ghost.rules;

	proxy_pass http://ghost_upstream_yourDomain;
	proxy_redirect off;
	proxy_read_timeout 180s;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $http_host;
	proxy_set_header X-NginX-Proxy true;
	proxy_set_header Connection "";
	proxy_pass_header X-CSRF-TOKEN;
	proxy_http_version 1.1;
	proxy_cache one;
	proxy_cache_key "$scheme$host$request_uri";
	proxy_hide_header X-Powered-By;
	}

	location = /RequestDenied { return 500; }

	location = /50x.html { root html; }
	#error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;

	# deny scripts inside writable directories
	location ~* /(images\|cache\|media\|logs\|tmp)/.*.(php\|pl\|py\|jsp\|asp\|sh\|cgi)$ {
	return 403;
	error_page 403 /403_error.html;
	}

	}