kolinger/misc.conf Secret

## misc.conf
# /etc/nginx/misc.conf

location ~ \.(neon|ini|log|yml)$ {
	deny all;
	access_log off;
}

location ~ /\.ht {
	deny all;
	access_log off;
}

## nginx.conf
# change or add these things in /etc/nginx/nginx.conf

worker_processes 4; # number of CPU cores

http {
	client_max_body_size 128m; # increase size of body for uploads
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # allow only TLS for HTTPS

	# uncomment for gzip comperssion
	gzip on;
	gzip_disable "MSIE [1-6]\.(?!.*SV1)";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 5;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}

## php-fpm pool
# /etc/php5/fpm/pool.d/example.com.conf

[example.com]
listen = /var/lib/php5-fpm/example.com.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

user = example_com # user that is owner (or have write permissions) to root of /var/www/example.com
group = www-data

# processes setup (maximum 20, init 3, max idle 3, min idle 3) so i have always 3 processes per virtualhost and maximum burst to 20
pm = dynamic
pm.max_children = 20
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 3
pm.max_requests = 200

request_terminate_timeout = 90 # set same as max_execution_time (in php.ini)

chdir = /

php_admin_value[open_basedir] = /var/www/example.com
php_admin_value[session.save_path] = /var/www/example.com/tmp
php_admin_value[upload_tmp_dir] = /var/www/example.com/tmp
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -fwebmaster@example.com"

## virtualhost
# /etc/nginx/sites-available/example.com
# ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/100-example.com

server {
	listen 80;
	listen [::]:80;

	server_name example.com www.example.com;

	root /var/www/example.com/www;
	index index.html index.php;

	include /etc/nginx/misc.conf;

	access_log /var/www/example.com/log/nginx-access.log;
	error_log /var/www/example.com/log/nginx-error.log;

	location / {
		try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
		try_files $uri =404;

		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		fastcgi_pass unix:/var/lib/php5-fpm/example.com.sock;
		include fastcgi_params;
	}
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;

	ssl on;
	ssl_certificate /var/www/example.com/crt/example.com.crt;
	ssl_certificate_key /var/www/example.com/crt/example.com.key;

	server_name example.com www.example.com;

	root /var/www/example.com/www;
	index index.html index.php;

	include /etc/nginx/misc.conf;

	access_log /var/www/example.com/log/nginx-access.log;
	error_log /var/www/example.com/log/nginx-error.log;

	location / {
		try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
		try_files $uri =404;

		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		fastcgi_pass unix:/var/lib/php5-fpm/example.com.sock;
		include fastcgi_params;
	}
}
	# /etc/nginx/misc.conf

	location ~ \.(neon\|ini\|log\|yml)$ {
	deny all;
	access_log off;
	}

	location ~ /\.ht {
	deny all;
	access_log off;
	}
	# change or add these things in /etc/nginx/nginx.conf

	worker_processes 4; # number of CPU cores

	http {
	client_max_body_size 128m; # increase size of body for uploads
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # allow only TLS for HTTPS

	# uncomment for gzip comperssion
	gzip on;
	gzip_disable "MSIE [1-6]\.(?!.*SV1)";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 5;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
	}
	# /etc/php5/fpm/pool.d/example.com.conf

	[example.com]
	listen = /var/lib/php5-fpm/example.com.sock
	listen.owner = www-data
	listen.group = www-data
	listen.mode = 0660

	user = example_com # user that is owner (or have write permissions) to root of /var/www/example.com
	group = www-data

	# processes setup (maximum 20, init 3, max idle 3, min idle 3) so i have always 3 processes per virtualhost and maximum burst to 20
	pm = dynamic
	pm.max_children = 20
	pm.start_servers = 3
	pm.min_spare_servers = 3
	pm.max_spare_servers = 3
	pm.max_requests = 200

	request_terminate_timeout = 90 # set same as max_execution_time (in php.ini)

	chdir = /

	php_admin_value[open_basedir] = /var/www/example.com
	php_admin_value[session.save_path] = /var/www/example.com/tmp
	php_admin_value[upload_tmp_dir] = /var/www/example.com/tmp
	php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -fwebmaster@example.com"
	# /etc/nginx/sites-available/example.com
	# ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/100-example.com

	server {
	listen 80;
	listen [::]:80;

	server_name example.com www.example.com;

	root /var/www/example.com/www;
	index index.html index.php;

	include /etc/nginx/misc.conf;

	access_log /var/www/example.com/log/nginx-access.log;
	error_log /var/www/example.com/log/nginx-error.log;

	location / {
	try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	try_files $uri =404;

	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
	fastcgi_pass unix:/var/lib/php5-fpm/example.com.sock;
	include fastcgi_params;
	}
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;

	ssl on;
	ssl_certificate /var/www/example.com/crt/example.com.crt;
	ssl_certificate_key /var/www/example.com/crt/example.com.key;

	server_name example.com www.example.com;

	root /var/www/example.com/www;
	index index.html index.php;

	include /etc/nginx/misc.conf;

	access_log /var/www/example.com/log/nginx-access.log;
	error_log /var/www/example.com/log/nginx-error.log;

	location / {
	try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	try_files $uri =404;

	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
	fastcgi_pass unix:/var/lib/php5-fpm/example.com.sock;
	include fastcgi_params;
	}
	}