Created
May 16, 2020 00:47
-
-
Save igorlend/4cd8b03b792d24143a48b2df3eeff59f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 172.16.17.172:80; | |
server_name test.ua www.test.ua; | |
location / { | |
rewrite ^(.*) https://test.ua$request_uri; | |
} | |
} | |
server { | |
listen 172.16.17.172:443 ssl http2; | |
server_name test.ua www.test.ua; | |
set $root_path /home/rubin/public_html/test.ua; | |
disable_symlinks if_not_owner from=$root_path; | |
root $root_path; | |
index index.php index.html index.htm; | |
ssl on; | |
ssl_certificate /etc/pki/tls/certs/test.ua.bundle; | |
ssl_certificate_key /etc/pki/tls/private/test.ua.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 60m; | |
# Your admin folder | |
set $admin_dir /adminTEST123456789; | |
# Gzip Settings, convert all types. | |
gzip on; | |
gzip_vary on; | |
gzip_proxied any; | |
# Can be enhance to 5, but it can slow you server | |
# gzip_comp_level 5; | |
# gzip_min_length 256; | |
gzip_types | |
application/atom+xml | |
application/javascript | |
application/json | |
application/ld+json | |
application/manifest+json | |
application/rss+xml | |
application/vnd.geo+json | |
application/vnd.ms-fontobject | |
application/x-font-ttf | |
application/x-web-app-manifest+json | |
application/xhtml+xml | |
application/xml | |
font/opentype | |
image/bmp | |
image/svg+xml | |
image/x-icon | |
text/cache-manifest | |
text/css | |
text/plain | |
text/vcard | |
text/vnd.rim.location.xloc | |
text/vtt | |
text/x-component | |
text/x-cross-domain-policy; | |
# Supposed to be the case but we never know | |
# text/html; | |
gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | |
# Symfony controllers | |
location ~ /(international|_profiler|module|product|feature|attribute|supplier|combination|specific-price|configure)/(.*)$ { | |
try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args; | |
} | |
# Redirect needed to "hide" index.php | |
location / { | |
try_files $uri $uri/ /index.php$uri&$args; | |
# Old image system ? | |
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last; | |
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last; | |
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last; | |
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last; | |
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last; | |
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last; | |
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last; | |
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last; | |
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last; | |
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last; | |
} | |
error_page 404 /index.php?controller=404; | |
# Static assets delivery optimisations | |
add_header Strict-Transport-Security max-age=31536000; | |
# Cloudflare / Max CDN fix | |
location ~* \.(eot|otf|ttf|woff|woff2)$ { | |
add_header Access-Control-Allow-Origin *; | |
} | |
location ~* \.(css|js|docx|zip|pptx|swf|txt|jpg|jpeg|png|gif|swf|webp|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ { | |
expires max; | |
log_not_found off; | |
add_header Pragma public; | |
add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
} | |
# Deny access to .htaccess .DS_Store .htpasswd etc | |
location ~ /\. { | |
deny all; | |
} | |
# PHP 7 FPM part | |
location ~ [^/]\.php(/|$) { | |
fastcgi_index index.php; | |
# Switch if needed | |
include /etc/nginx/fastcgi_params; | |
include fastcgi_params; | |
# include fcgi.conf; | |
# Do not forget to update this part if needed | |
# fastcgi_pass 127.0.0.1:9000; | |
fastcgi_pass unix:/opt/alt/php-fpm73/usr/var/sockets/test.sock; | |
fastcgi_param QUERY_STRING $query_string; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_keep_conn on; | |
fastcgi_read_timeout 30s; | |
fastcgi_send_timeout 30s; | |
# In case of long loading or 502 / 504 errors | |
# fastcgi_buffer_size 256k; | |
# fastcgi_buffers 256 16k; | |
# fastcgi_busy_buffers_size 256k; | |
client_max_body_size 10M; | |
fastcgi_buffers 16 16k; | |
fastcgi_buffer_size 32k; | |
# Temp file tweak | |
fastcgi_max_temp_file_size 0; | |
fastcgi_temp_file_write_size 256k; | |
} | |
# Allow access to robots.txt but disable logging every access | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
# Prevent injection of php files in directories a user can upload stuff | |
location /upload { | |
location ~ \.php$ { deny all; } | |
} | |
location /img { | |
location ~ \.php$ { deny all;} | |
} | |
# Ban access to source code directories | |
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ { | |
deny all; | |
} | |
# Banned file types | |
location ~ \.(htaccess|yml|log|twig|sass|git|tpl)$ { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment