Skip to content

Instantly share code, notes, and snippets.

@hackzilla

hackzilla/nginx configuration.md

Last active October 16, 2016 12:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hackzilla/6988379 to your computer and use it in GitHub Desktop.
Save hackzilla/6988379 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx configuration - inspired from https://gist.github.com/ogrrd/5824274
Raw
nginx configuration.md

Create nginx conf for regular PHP sites

Create/Modify /etc/nginx/conf.d/php-fpm.conf

upstream php {
    #this should match value of "listen" directive in php-fpm pool
	server unix:/var/run/php5-fpm.sock;
#	server 127.0.0.1:9000;
}
mkdir /etc/nginx/common

Create/Modify /etc/nginx/common/common

include /etc/nginx/common/hidden;

location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

Create/Modify /etc/nginx/common/hidden

location ~ /\. {
    deny all;
}

Create/Modify /etc/nginx/common/php

include /etc/nginx/common/common;

location ~ \.php$ {
    fastcgi_pass   php;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 4k;
    fastcgi_buffers 256 4k;
    fastcgi_max_temp_file_size 0;
    include        fastcgi_params;
}

Make core config for Symfony2 sites

Create/Modify /usr/local/etc/nginx/common/symfony2

include /etc/nginx/common/common;

location /app_dev.php {
    try_files $uri /app_dev.php/$args;
}

location / {
    try_files $uri @rewriteapp;
}

location @rewriteapp {
    rewrite ^(.*)$ /app.php/$1 last;
}

location ~ ^/(app|app_dev|config)\.php(/|$) {
    fastcgi_pass   php;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param HTTPS off;
    fastcgi_buffer_size 4k;
    fastcgi_buffers 256 4k;
    fastcgi_max_temp_file_size 0;
}

Make core config for Kohana2 sites

Create/Modify /usr/local/etc/nginx/common/kohana

include /etc/nginx/common/common;

# ROUTING TO KOHANA IF REQUIRED
location / {
	try_files $uri $uri/ @kohana;
}

# FOR PHP FILES
location ~* \.php$ {
	# PHP FILES MIGHT BE TO HANDLED BY KOHANA
	try_files $uri $uri/ @kohana;

	fastcgi_pass   php;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
}


# HANDLES THE REWRITTEN URLS TO KOHANA CONTROLLER
location @kohana
{
	fastcgi_pass   php;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}

Make core config for wordpress sites

Create/Modify /usr/local/etc/nginx/common/wordpress for wordpress sites

include /etc/nginx/common/common;

# WordPress single blog rules.
# Designed to be included in any server {} block.

# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
    try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
}

# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;

# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
	# Zero-day exploit defense.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
	# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
	try_files $uri =404;

	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	include fastcgi_params;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#	fastcgi_intercept_errors on;
	fastcgi_pass php;
}

You can make an equivalent files for sites, call them *_dev

Create skeleton for local dev sites

Create /etc/nginx/sites-available/mysite.dev

server {
    listen       80;
    #listen   [::]:80 default ipv6only=on; ## listen for ipv6
    
    server_name  mysite.dev;
    root /Users/og/Sites/mysite.dev;

    index index.php index.html index.htm;

    access_log /usr/local/var/log/nginx/mysite.access.log;
    error_log  /usr/local/var/log/nginx/mysite.error.log;

    include /etc/nginx/common/php; # or /etc/nginx/common/symfony2 or /etc/nginx/common/wordpress
}

Copy this file to myproject.dev (or whatever) and change every instance of "mysite" with "mygreatproject"

Enable new site

$ cd /etc/nginx/sites-enabled
$ ln -s ../sites-available/mygreatproject.dev

Fix some things in php.ini

$ pico /etc/php5/fpm/php.ini

Fix the timezone

Locate and update the date.timezone variable as per best practice

date.timezone = "UTC";

Restart all the things!

$ service nginx reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment