-
-
Save jinnko/9175271 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [example.org] | |
| listen = /srv/vhtdocs/example.org/log/.php-fpm.sock | |
| listen.owner = example_org | |
| listen.group = www-data | |
| listen.mode = 0660 | |
| user = example_org | |
| group = example_org | |
| pm = dynamic | |
| pm.max_children = 10 | |
| pm.start_servers = 1 | |
| pm.min_spare_servers = 1 | |
| pm.max_spare_servers = 2 | |
| pm.max_requests = 500 | |
| pm.status_path = /fpmstatus | |
| ping.path = /fpmping | |
| request_terminate_timeout = 60 | |
| request_slowlog_timeout = 45 | |
| slowlog = /srv/vhtdocs/example.org/log/php-fpm.log.slow | |
| chdir = /srv/vhtdocs/example.org/wordpress | |
| catch_workers_output = yes | |
| env[HOSTNAME] = $HOSTNAME | |
| env[PATH] = /usr/local/bin:/usr/bin:/bin | |
| env[TMP] = /srv/vhtdocs/example.org/tmp | |
| env[TMPDIR] = /srv/vhtdocs/example.org/tmp | |
| env[TEMP] = /srv/vhtdocs/example.org/tmp | |
| env[OSTYPE] = $OSTYPE | |
| env[MACHTYPE] = $MACHTYPE | |
| env[MALLOC_CHECK_] = 2 | |
| ; | |
| ; Set PHP ini values for this FPM instance | |
| ; | |
| php_admin_value[date.timezone] = UTC | |
| php_admin_value[session.name] = SESSID | |
| php_admin_value[session.save_path] = /srv/vhtdocs/example.org/tmp/session | |
| php_admin_value[max_execution_time] = 300 | |
| ; IMPORTANT! Ushahidi doesn't work with the E_STRICT error_reporting level | |
| php_admin_value[error_reporting] = 1014 | |
| php_admin_flag[display_errors] = on | |
| php_admin_value[error_log] = /srv/vhtdocs/example.org/log/php-errors.log | |
| php_admin_flag[log_errors] = on | |
| php_admin_flag[fastcgi.logging] = on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fastcgi_param QUERY_STRING $query_string; | |
| fastcgi_param REQUEST_METHOD $request_method; | |
| fastcgi_param CONTENT_TYPE $content_type; | |
| fastcgi_param CONTENT_LENGTH $content_length; | |
| fastcgi_param SCRIPT_FILENAME $request_filename; | |
| fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
| fastcgi_param REQUEST_URI $request_uri; | |
| fastcgi_param DOCUMENT_URI $document_uri; | |
| fastcgi_param DOCUMENT_ROOT $document_root; | |
| fastcgi_param SERVER_PROTOCOL $server_protocol; | |
| fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |
| fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; | |
| fastcgi_param REMOTE_ADDR $remote_addr; | |
| fastcgi_param REMOTE_PORT $remote_port; | |
| fastcgi_param SERVER_ADDR $server_addr; | |
| fastcgi_param SERVER_PORT $server_port; | |
| fastcgi_param SERVER_NAME $server_name; | |
| fastcgi_param HTTPS $https; | |
| # PHP only, required if PHP was built with --enable-force-cgi-redirect | |
| fastcgi_param REDIRECT_STATUS 200; | |
| fastcgi_connect_timeout 60; | |
| fastcgi_send_timeout 180; | |
| fastcgi_read_timeout 300; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_buffers 4 256k; | |
| fastcgi_busy_buffers_size 256k; | |
| fastcgi_temp_file_write_size 256k; | |
| fastcgi_intercept_errors on; | |
| fastcgi_index index.php; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name ushahidi.example.org www.ushahidi.example.org; | |
| root /var/www/ushahidi.example.org; | |
| index index.html; | |
| proxy_intercept_errors on; | |
| # Ensure all requests go via the /index.php script | |
| location / { | |
| index index.php; | |
| try_files $uri $uri/ /index.php$uri?$args; | |
| } | |
| # Send rewritten requests to the PHP-FPM engine with all the necessary parameters | |
| location ^~ /index.php { | |
| allow all; | |
| fastcgi_split_path_info ^(.*\.php)(.*)$; | |
| include fastcgi_params-php.conf; | |
| fastcgi_pass unix:/srv/vhtdocs/example.org/log/.php-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param PATH_INFO $fastcgi_path_info; | |
| break; | |
| } | |
| # Allow access to the installer only from the admin IP address. | |
| location ~* ^/installer/.*\.php$ { | |
| allow ADMIN_ADDRESS; # SET THIS ADMIN_ADDRESS TO YOUR OWN IP ADDRESS | |
| fastcgi_split_path_info ^(.*\.php)(.*)$; | |
| include /etc/nginx/fastcgi_params; | |
| fastcgi_pass unix:/srv/vhtdocs/example.org/log/.php-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param PATH_INFO $fastcgi_path_info; | |
| } | |
| # Deny access to other php scripts. | |
| location ~* \.php$ { | |
| deny all; | |
| break; | |
| } | |
| # Deny access to private files. | |
| location ~* ^/(application|system|sql|tests|readme.html|license.txt).* { | |
| deny all; | |
| break; | |
| } | |
| # Deny /modules access. | |
| location ^~ /modules { | |
| allow 127.0.0.1; | |
| deny all; | |
| break; | |
| } | |
| # Sanatize /plugin requests. | |
| location /plugins { | |
| log_not_found off; | |
| try_files $uri =404; | |
| expires max; | |
| break; | |
| } | |
| # Sanatize /media requests. | |
| location /media { | |
| log_not_found off; | |
| try_files $uri =404; | |
| expires max; | |
| break; | |
| } | |
| # Sanatize /img requests. | |
| location /img/ { | |
| rewrite ^ /media/$request_uri permanent; | |
| break; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment