hieptuanle/4handy-work

## 4handy-work
server {
  listen 443 ssl http2;
  server_name local.4-handy.com;
  root /Users/hieple/Code/4handy-work-2/public;
  # security
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_ecdh_curve secp384r1;
    ssl_certificate /usr/local/etc/nginx/ssl/localwork.pem;
    ssl_certificate_key /usr/local/etc/nginx/ssl/localwork.key;

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$ {
      gzip_vary on;
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
      add_header X-Test "hiep";
   }
   location /dist/ {
        try_files $uri $uri/ =404;
    }
    location / {
                proxy_pass http://localhost:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
		proxy_set_header Connection keep-alive;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_read_timeout 150s;
   }
}

server {
    listen 80;
    server_name local.4-handy.com;
    return 301 https://$server_name$request_uri;
}

## abby
server {
    # Server settings
    listen 80;
    listen 443 ssl;
    server_name local.abby.vn;

    # Project location
    root /Users/hieple/Code/abby;
    index index.html index.htm index.php;
    # security
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_ecdh_curve secp384r1;
    ssl_certificate /usr/local/etc/nginx/ssl/localhost.pem;
    ssl_certificate_key /usr/local/etc/nginx/ssl/localhost.key;

    # Logging
    access_log off;
    error_log /usr/local/var/log/nginx/error.log warn;

    # Routes
    include /usr/local/etc/nginx/conf.d/security.conf;
    include /usr/local/etc/nginx/conf.d/assets.conf;

    # Uncomment the desired platform
    include /usr/local/etc/nginx/conf.d/wordpress.conf;
}

## assets.conf
location = /robots.txt {
    access_log off;
    log_not_found off;
}

location = /favicon.ico {
    access_log off;
    log_not_found off;
}

## fastcgi.conf
# FILE: /usr/local/etc/nginx/conf.d/fastcgi.conf


# Tell upstream who is making the request
proxy_set_header                    Host $host;
proxy_set_header                    X-Real-IP $remote_addr;
proxy_set_header                    X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect                      off;

# Allow to complete long running requests
proxy_read_timeout                  600s;

# Do not cache dynamic content
expires                             off;

# PHP Settings
include                             /usr/local/etc/nginx/fastcgi_params;
fastcgi_connect_timeout             15s;
fastcgi_send_timeout                120s;
fastcgi_read_timeout                120s;

fastcgi_buffer_size                 128k;
fastcgi_buffers                     16 16k;
fastcgi_busy_buffers_size           239k;
fastcgi_temp_file_write_size        256k;
fastcgi_max_temp_file_size          0;

fastcgi_intercept_errors            on;
fastcgi_ignore_client_abort         on;

fastcgi_split_path_info             ^(.+?\.php)(/.+)$;
fastcgi_index                       index.php;
fastcgi_pass_header                 *;

## nginx.conf
# NGINX
# FILE: /usr/local/etc/nginx/nginx.conf


#------------------------------------------------------------------------------#
#  http://nginx.org/en/docs/ngx_core_module.html
#------------------------------------------------------------------------------#
user hieple staff;
worker_processes 2;
pid /usr/local/var/run/nginx/nginx.pid;

#------------------------------------------------------------------------------#
# http://nginx.org/en/docs/ngx_core_module.html#events
#------------------------------------------------------------------------------#
events {
    worker_connections 1024;
    accept_mutex off;
}

#------------------------------------------------------------------------------#
# http://nginx.org/en/docs/http/ngx_http_core_module.html
#------------------------------------------------------------------------------#
http {
    include mime.types;
    access_log /usr/local/var/log/nginx/access.log;
    error_log  /usr/local/var/log/nginx/error.log warn;

    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    charset utf-8;

    # compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_disable "msie6";
    gzip_http_version 1.0;
    gzip_min_length 1100;
    gzip_proxied any;
    gzip_static on;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        text/comma-separated-values
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/xml+rss
        application/atom+xml
        image/svg+xml;
    gzip_vary on;


    # general options
    directio off;
    disable_symlinks off;
    ignore_invalid_headers on;
    merge_slashes on;
    recursive_error_pages on;
    sendfile off;
    server_name_in_redirect off;
    server_tokens off;
    tcp_nodelay on;
    tcp_nopush on;
    underscores_in_headers on;

    # timeouts
    keepalive_timeout 2 2;
    keepalive_requests 200;
    send_timeout 30;
    client_body_timeout 15;
    client_header_timeout 15;
    reset_timedout_connection on;

    # sizes
    client_body_buffer_size 512k;
    client_max_body_size 64m;
    server_names_hash_bucket_size 128;
    types_hash_max_size 2048;

    # detect https
    map $scheme $fastcgi_https {
        default "";
        https on;
    }

    # PHP-FPM
    upstream phpfpm {
        server unix:/usr/local/var/run/php-fpm.sock;
    }

    # include active sites
    include /usr/local/etc/nginx/servers/*;
}

## security.conf
# NGINX
# FILE: /usr/local/etc/nginx/conf.d/security.conf


# Disable all methods besides HEAD, GET, and POST
if ($request_method !~ ^(GET|HEAD|POST)$) {
    return 444;
}

# Do not log attempts for common files
location ~ ^/(favicon.ico|robots.txt) {
    access_log off;
    log_not_found off;
}

# Deny access to hidden files
location /. {
    access_log off;
    log_not_found off;
    return 404;
}

# Deny obviously bad requests
location ~ \.(aspx|asp|jsp|cgi)$ {
    return 410;
}

## wordpress.conf
# NGINX
# FILE: /usr/local/etc/nginx/conf.d/wordpress.conf


# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

# Directives to send expires headers and turn off 404 error logging for Static assets
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
    access_log off;
    log_not_found off;
    expires max;

    # CORS headers; this is wide-open, you want to tight it up a bit
    add_header Cache-Control public;
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods GET,OPTIONS;
    add_header Access-Control-Allow-Headers *;
}

# Attempted to match last if rules below fail.
location / {
    try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Pass PHP scripts to PHP-FPM daemon
# Check: http://wiki.nginx.org/Pitfalls
location ~* \.php$ {
    # filter out problem conditions
    try_files $uri $uri/ =404;

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send requests to upstream
    fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
	server {
	listen 443 ssl http2;
	server_name local.4-handy.com;
	root /Users/hieple/Code/4handy-work-2/public;
	# security
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
	ssl_ecdh_curve secp384r1;
	ssl_certificate /usr/local/etc/nginx/ssl/localwork.pem;
	ssl_certificate_key /usr/local/etc/nginx/ssl/localwork.key;

	location ~* \.(?:jpg\|jpeg\|gif\|png\|ico\|cur\|gz\|svg\|svgz\|mp4\|ogg\|ogv\|webm\|htc\|woff2)$ {
	gzip_vary on;
	expires 1M;
	access_log off;
	add_header Cache-Control "public";
	add_header X-Test "hiep";
	}
	location /dist/ {
	try_files $uri $uri/ =404;
	}
	location / {
	proxy_pass http://localhost:3000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Connection keep-alive;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	proxy_read_timeout 150s;
	}
	}

	server {
	listen 80;
	server_name local.4-handy.com;
	return 301 https://$server_name$request_uri;
	}
	server {
	# Server settings
	listen 80;
	listen 443 ssl;
	server_name local.abby.vn;

	# Project location
	root /Users/hieple/Code/abby;
	index index.html index.htm index.php;
	# security
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
	ssl_ecdh_curve secp384r1;
	ssl_certificate /usr/local/etc/nginx/ssl/localhost.pem;
	ssl_certificate_key /usr/local/etc/nginx/ssl/localhost.key;

	# Logging
	access_log off;
	error_log /usr/local/var/log/nginx/error.log warn;

	# Routes
	include /usr/local/etc/nginx/conf.d/security.conf;
	include /usr/local/etc/nginx/conf.d/assets.conf;

	# Uncomment the desired platform
	include /usr/local/etc/nginx/conf.d/wordpress.conf;
	}
	location = /robots.txt {
	access_log off;
	log_not_found off;
	}

	location = /favicon.ico {
	access_log off;
	log_not_found off;
	}
	# FILE: /usr/local/etc/nginx/conf.d/fastcgi.conf


	# Tell upstream who is making the request
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_redirect off;

	# Allow to complete long running requests
	proxy_read_timeout 600s;

	# Do not cache dynamic content
	expires off;

	# PHP Settings
	include /usr/local/etc/nginx/fastcgi_params;
	fastcgi_connect_timeout 15s;
	fastcgi_send_timeout 120s;
	fastcgi_read_timeout 120s;

	fastcgi_buffer_size 128k;
	fastcgi_buffers 16 16k;
	fastcgi_busy_buffers_size 239k;
	fastcgi_temp_file_write_size 256k;
	fastcgi_max_temp_file_size 0;

	fastcgi_intercept_errors on;
	fastcgi_ignore_client_abort on;

	fastcgi_split_path_info ^(.+?\.php)(/.+)$;
	fastcgi_index index.php;
	fastcgi_pass_header *;
	# NGINX
	# FILE: /usr/local/etc/nginx/nginx.conf


	#------------------------------------------------------------------------------#
	# http://nginx.org/en/docs/ngx_core_module.html
	#------------------------------------------------------------------------------#
	user hieple staff;
	worker_processes 2;
	pid /usr/local/var/run/nginx/nginx.pid;

	#------------------------------------------------------------------------------#
	# http://nginx.org/en/docs/ngx_core_module.html#events
	#------------------------------------------------------------------------------#
	events {
	worker_connections 1024;
	accept_mutex off;
	}

	#------------------------------------------------------------------------------#
	# http://nginx.org/en/docs/http/ngx_http_core_module.html
	#------------------------------------------------------------------------------#
	http {
	include mime.types;
	access_log /usr/local/var/log/nginx/access.log;
	error_log /usr/local/var/log/nginx/error.log warn;

	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] $request '
	'"$status" $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	charset utf-8;

	# compression
	gzip on;
	gzip_buffers 16 8k;
	gzip_comp_level 6;
	gzip_disable "msie6";
	gzip_http_version 1.0;
	gzip_min_length 1100;
	gzip_proxied any;
	gzip_static on;
	gzip_types
	text/plain
	text/css
	text/js
	text/xml
	text/javascript
	text/comma-separated-values
	application/javascript
	application/x-javascript
	application/json
	application/xml
	application/xml+rss
	application/atom+xml
	image/svg+xml;
	gzip_vary on;


	# general options
	directio off;
	disable_symlinks off;
	ignore_invalid_headers on;
	merge_slashes on;
	recursive_error_pages on;
	sendfile off;
	server_name_in_redirect off;
	server_tokens off;
	tcp_nodelay on;
	tcp_nopush on;
	underscores_in_headers on;

	# timeouts
	keepalive_timeout 2 2;
	keepalive_requests 200;
	send_timeout 30;
	client_body_timeout 15;
	client_header_timeout 15;
	reset_timedout_connection on;

	# sizes
	client_body_buffer_size 512k;
	client_max_body_size 64m;
	server_names_hash_bucket_size 128;
	types_hash_max_size 2048;

	# detect https
	map $scheme $fastcgi_https {
	default "";
	https on;
	}

	# PHP-FPM
	upstream phpfpm {
	server unix:/usr/local/var/run/php-fpm.sock;
	}

	# include active sites
	include /usr/local/etc/nginx/servers/*;
	}
	# NGINX
	# FILE: /usr/local/etc/nginx/conf.d/security.conf


	# Disable all methods besides HEAD, GET, and POST
	if ($request_method !~ ^(GET\|HEAD\|POST)$) {
	return 444;
	}

	# Do not log attempts for common files
	location ~ ^/(favicon.ico\|robots.txt) {
	access_log off;
	log_not_found off;
	}

	# Deny access to hidden files
	location /. {
	access_log off;
	log_not_found off;
	return 404;
	}

	# Deny obviously bad requests
	location ~ \.(aspx\|asp\|jsp\|cgi)$ {
	return 410;
	}
	# NGINX
	# FILE: /usr/local/etc/nginx/conf.d/wordpress.conf


	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	# Directives to send expires headers and turn off 404 error logging for Static assets
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpe?g\|gif\|png\|ico\|zip\|pdf\|t?gz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|swf\|bmp\|txt\|rtf\|md)$ {
	access_log off;
	log_not_found off;
	expires max;

	# CORS headers; this is wide-open, you want to tight it up a bit
	add_header Cache-Control public;
	add_header Access-Control-Allow-Origin *;
	add_header Access-Control-Allow-Methods GET,OPTIONS;
	add_header Access-Control-Allow-Headers *;
	}

	# Attempted to match last if rules below fail.
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;

	# Pass PHP scripts to PHP-FPM daemon
	# Check: http://wiki.nginx.org/Pitfalls
	location ~* \.php$ {
	# filter out problem conditions
	try_files $uri $uri/ =404;

	# bring in parameters
	include conf.d/fastcgi.conf;

	# send requests to upstream
	fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
	}