Skip to content

Instantly share code, notes, and snippets.

@jalcine
Last active June 6, 2020 21:48
Show Gist options
  • Save jalcine/43236c22b38b1f77d203601da56b3634 to your computer and use it in GitHub Desktop.
Save jalcine/43236c22b38b1f77d203601da56b3634 to your computer and use it in GitHub Desktop.
microformat2 nginx configuration.
# vim: set ft=nginx :
# Enable compression.
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types image/* text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
daemon on;
user www-data;
pid /var/run/nginx.pid;
worker_processes auto;
events {
worker_connections 1024;
}
http {
# Don't tell people what version of nginx I'm using.
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
upstream php {
server unix:/var/run/php/php7.3-fpm.sock;
}
index index.php index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
error_log /var/log/nginx/error.log info;
access_log /var/log/nginx/access.log combined;
server_name _;
root /var/www;
port_in_redirect off;
client_max_body_size 5m;
client_body_timeout 60;
# listen 443 ssl http2;
# ssl_certificate /etc/letsencrypt/live/microformats.org/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/microformats.org/privkey.pem; # managed by Certbot
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# }
# include /etc/letsencrypt/options-ssl-nginx.conf;
location ~* \.(?:css|js|woff|svg|gif|jpeg|png|otf|ico|ttf)$ {
access_log off;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
try_files $uri $uri$is_args$args =404;
}
# MediaWiki {{{
# The root URL for it is $SERVER_HOST/wiki
location /wiki {
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/wiki/(.*)$ /wiki/index.php?title=$1&$args;
}
location ^~ /maintenance/ {
return 403;
}
location ~ /wiki/(.*)\.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* /wiki/\.(js|css|png|jpg|jpeg|gif|ico)$ {
try_files $uri /index.php;
expires max;
log_not_found off;
}
location = /wiki/_.gif {
expires max;
empty_gif;
}
location ^~ /wiki/cache/ {
deny all;
}
location /wiki/dumps {
root /var/www/wiki/local;
autoindex on;
}
# }}}
# Wordpress {{{
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri /index.php?$args;
}
location ~* \.php$ {
root /var/www/blog;
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_pass php;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# }}}
# Munin {{{
# The root URL for it is $SERVER_HOST/munin
# }}}
add_header Referrer-Policy "no-referrer-when-downgrade" always;
}
include /etc/nginx/conf.d/*.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment