Last active
August 27, 2020 03:33
-
-
Save exodus4d/791f2742e6b2ee5ef481 to your computer and use it in GitHub Desktop.
pathfinder.conf for Pathfinder (Nginx v1.11.8)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # www to non-www redirect -- duplicate content is BAD: | |
| # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L362 | |
| # Choose between www and non-www, listen on the *wrong* one and redirect to | |
| # the right one -- http://wiki.nginx.org/Pitfalls#Server_Name | |
| # rewrite to HTTPS | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name www.pathfinder-w.space; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| # rewrite HTTPS to www.HTTPS | |
| server{ | |
| listen 80; | |
| listen [::]:80; | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name pathfinder-w.space; | |
| # SSL ======================================================================================================================= | |
| # Certificate path | |
| ssl_certificate /var/www/pathfinder-w.space/ssl/www.pathfinder-w.space.chained.crt; | |
| ssl_certificate_key /var/www/pathfinder-w.space/ssl/pathfinder-w.space.key; | |
| return 301 https://www.$server_name$request_uri; | |
| } | |
| # listen to HTTP:/www.dev.pathfinder-w.space | |
| server { | |
| listen [::]:443 ssl http2; | |
| listen 443 ssl http2 backlog=16384 reuseport; | |
| # The host name to respond | |
| server_name www.pathfinder-w.space; | |
| # Path to static files | |
| root /var/www/pathfinder-w.space/public_html; | |
| # index index.php index.html index.htm; | |
| # Specify a charset | |
| charset utf-8; | |
| # SSL ======================================================================================================================= | |
| # Certificate root | |
| ssl_certificate /var/www/pathfinder-w.space/ssl/www.pathfinder-w.space.chained.crt; | |
| ssl_certificate_key /var/www/pathfinder-w.space/ssl/pathfinder-w.space.key; | |
| # Include the basic SSL h5bp config set | |
| include h5bp/directive-only/ssl.conf; | |
| # Logging =================================================================================================================== | |
| access_log /var/www/pathfinder-w.space/public_html/logs/nginx_access.log main_ext if=$log_production; | |
| error_log /var/www/pathfinder-w.space/public_html/logs/nginx_error.log warn; | |
| location / { | |
| # auth_basic "Admin Login"; | |
| # auth_basic_user_file /etc/nginx/admin_pass; | |
| index index.php; | |
| try_files $uri $uri/ /index.php?$query_string; | |
| } | |
| # Protct /setup with password | |
| location /setup { | |
| auth_basic "Setup Login"; | |
| auth_basic_user_file /etc/nginx/.setup_pass; | |
| try_files $uri $uri/ /index.php?$query_string; | |
| } | |
| # PHP socket configuration | |
| location ~ \.php$ { | |
| try_files $uri =404; | |
| fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| # CGI caching | |
| #fastcgi_cache MYAPP; | |
| #fastcgi_cache_valid 200 60m; | |
| include fastcgi_params; | |
| } | |
| # static sources | |
| location /public/ { | |
| sendfile on; | |
| tcp_nopush on; | |
| tcp_nodelay on; | |
| keepalive_timeout 10s; | |
| sendfile_max_chunk 512k; | |
| } | |
| # WebSocket ReverseProxy setup [optional] | |
| location /ws/map/update { | |
| proxy_pass http://ws_prod_map_update; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $connection_upgrade; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Host $host; | |
| proxy_set_header X-Forwarded-Port $server_port; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_read_timeout 8h; | |
| proxy_send_timeout 5s; | |
| proxy_connect_timeout 3s; | |
| proxy_buffering off; | |
| } | |
| # Include the basic h5bp config set | |
| include h5bp/basic.conf; | |
| } |
This seems like it should be updated... Some weird stuff going on with the www and non-www blocks. Seems like this could be condensed and optimized a bit.
I download h5bp from github. but the directory is missing. Its must set it or not?
Include the basic SSL h5bp config set
include h5bp/directive-only/ssl.conf;
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you should add something like:
location ^~ /app {
deny all;
return 404;
}
otherwise the world can see your config as there are .ini files and not .php.