leobarcellos/cloudflare.conf

## cloudflare.conf
# /etc/nginx/cloudflare.conf

# If using Cloudflare, uncomment the following to get proper originating IPs
#set_real_ip_from   204.93.240.0/24;
#set_real_ip_from   204.93.177.0/24;
#set_real_ip_from   199.27.128.0/21;
#set_real_ip_from 173.245.48.0/20;
#set_real_ip_from 103.22.200.0/22;
#set_real_ip_from 141.101.64.0/18;
#real_ip_header   CF-Connecting-IP;
# end Cloudflare

## default
# /etc/nginx/sites-enabled/default

server {
  listen  8080; ## listen for ipv4
  #listen   [::]:80 default ipv6only=on; ## listen for ipv6

  server_name  _;
  root   /Users/www-data/gunnertechnetwork/current;
  index   index.php;

  access_log  /var/log/nginx/localhost.access.log;

  client_max_body_size 8M;
  client_body_buffer_size 128k;

  keepalive_timeout 10;

  server_name_in_redirect off;
  port_in_redirect off;

  error_page  404  /missing.html;
  error_page   500 502 503 504  /50x.html;

  include /usr/local/etc/nginx/wordpress.conf;
  include /usr/local/etc/nginx/w3totalcache.conf;

}

## default.vcl
backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

acl purge {
    "10.0.1.100";
    "10.0.1.101";
    "10.0.1.102";
    "10.0.1.103";
    "10.0.1.104";
}

sub vcl_recv {
  if (req.request == "PURGE") {
    if (!client.ip ~ purge) {
      error 405 "Not allowed.";
    }
    return(lookup);
  }

  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(gif|jpg|jpeg|swf|flv|mp3|mp4|pdf|ico|png|gz|tgz|bz2)(\?.*|)$") {
      remove req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
      set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
      set req.http.Accept-Encoding = "deflate";
    } else {
      remove req.http.Accept-Encoding;
    }
  }

  if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
    unset req.http.cookie;
    set req.url = regsub(req.url, "\?.*$", "");
  }

  if (req.url ~ "\?(utm_(campaign|medium|source|term)|adParams|client|cx|eid|fbid|feed|ref(id|src)?|v(er|iew))=") {
    set req.url = regsub(req.url, "\?.*$", "");
  }

  if (req.http.cookie) {
    if (req.http.cookie ~ "(wordpress_|wp-settings-)" || req.url ~ "(wp-(login|admin)|login|products)") {
      return(pass);
    } else {
      unset req.http.cookie;
    }
  }
}

sub vcl_fetch {
	if (req.url ~ "wp-(login|admin)" || req.url ~ "products-page" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
		return (hit_for_pass);
	}

  if ( (!(req.url ~ "(wp-(login|admin)|login|products)")) || (req.request == "GET") ) {
    unset beresp.http.set-cookie;
    set beresp.ttl = 1h;
  }

  if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
    set beresp.ttl = 365d;
  }
}

sub vcl_deliver {
   set resp.http.X-Server = "server-01";

   if (obj.hits > 0) {
     set resp.http.X-Cache = "HIT";
   } else {
     set resp.http.X-Cache = "MISS";
   }
}

sub vcl_hit {
  if (req.request == "PURGE") {
    set obj.ttl = 0s;
    error 200 "OK";
  }
}

sub vcl_miss {
  if (req.request == "PURGE") {
    error 404 "Not cached";
  }
}

sub vcl_error {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
<html>
  <head>
    <title>We're sorry. This server is under maintenance</title>
  </head>
  <body>
    <h1>The server is being updated</h1>
    <p>Please check back later.</p>
  </body>
</html>
"};
}

## nginx.conf
user www-data;
worker_processes  4;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /usr/local/etc/nginx/mime.types;
    include       /usr/local/etc/nginx/cloudflare.conf;

    access_log    /var/log/nginx/access.log;

    sendfile        on;
    tcp_nopush      off;

    keepalive_timeout  30;
    tcp_nodelay        on;

    gzip  on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    upstream php {
      server unix:/tmp/php-cgi.socket;
      #server 127.0.0.1:9000;
    }

    include /usr/local/etc/nginx/conf.d/*.conf;
    include /usr/local/etc/nginx/sites-enabled/*;
}

## php-fpm.conf
; Start a new pool named 'www'.
[www]

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
; a specific port;
; 'port'                 - to listen on a TCP socket to all addresses on a
;  specific port;
;  '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
; listen = 127.0.0.1:9000
listen = /tmp/php-cgi.socket

; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1

; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
; listen.allowed_clients = 127.0.0.1

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0666

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;  will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = www-data
; RPM: Keep a group allowed to write in log dir.
group = www-data

; Choose how the process manager will control the number of child processes.
; Possible Values:
;  static  - a fixed number (pm.max_children) of child processes;
;  dynamic - the number of child processes are set dynamically based on the
;  following directives:
;  pm.max_children      - the maximum number of children that can
;  be alive at the same time.
;  pm.start_servers     - the number of children created on startup.
;  pm.min_spare_servers - the minimum number of children in 'idle'
;  state (waiting to process). If the number
;  of 'idle' processes is less than this
;  number then some children will be created.
;  pm.max_spare_servers - the maximum number of children in 'idle'
;  state (waiting to process). If the number
;  of 'idle' processes is greater than this
;  number then some children will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to either 'static' or 'dynamic'
; Note: This value is mandatory.
pm.max_children = 50

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 10

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. By default, the status page shows the following
; information:
;   accepted conn    - the number of request accepted by the pool;
;   pool             - the name of the pool;
;   process manager  - static or dynamic;
;   idle processes   - the number of idle processes;
;   active processes - the number of active processes;
;   total processes  - the number of idle + active processes.
; The values of 'idle processes', 'active processes' and 'total processes' are
; updated each second. The value of 'accepted conn' is updated in real time.
; Example output:
;   accepted conn:   12073
;   pool:             www
;   process manager:  static
;   idle processes:   35
;   active processes: 65
;   total processes:  100
; By default the status page output is formatted as text/plain. Passing either
; 'html' or 'json' as a query string will return the corresponding output
; syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Default Value: no
;catch_workers_output = yes

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'.
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

## varnish
START=yes
NFILES=131072
MEMLOCK=82000
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,250M"

## w3totalcache.conf
# /etc/nginx/w3totalcache.conf

# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

gzip_vary on;
gzip_comp_level 2;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";

location ~ \.(css|js|htc)$ {
  add_header X-Powered-By "W3 Total Cache/0.9.2.4";
}

location ~ \.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
  add_header X-Powered-By "W3 Total Cache/0.9.2.4";
}

location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
    add_header X-Powered-By "W3 Total Cache/0.9.2.4";
}
# END W3TC Browser Cache

# BEGIN W3TC Minify core
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
  set $w3tc_enc .gzip;
}
if (-f $request_filename$w3tc_enc) {
  rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/wp-content/w3tc/min/([a-f0-9]+)\/(.+)\.(include(\-(footer|body))?(-nb)?)\.[0-9]+\.(css|js)$ /wp-content/w3tc/min/index.php?tt=$1&gg=$2&g=$3&t=$7 last;
# END W3TC Minify core

# BEGIN W3TC Minify cache
location ~ /wp-content/w3tc/min.*\.js$ {
  types {}
  default_type application/x-javascript;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
  add_header Vary "Accept-Encoding";
}
location ~ /wp-content/w3tc/min.*\.css$ {
  types {}
  default_type text/css;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
  add_header Vary "Accept-Encoding";
}
location ~ /wp-content/w3tc/min.*js\.gzip$ {
  gzip off;
  types {}
  default_type application/x-javascript;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
  add_header Vary "Accept-Encoding";
  add_header Content-Encoding gzip;
}
location ~ /wp-content/w3tc/min.*css\.gzip$ {
  gzip off;
  types {}
  default_type text/css;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
  add_header Vary "Accept-Encoding";
  add_header Content-Encoding gzip;
}
# END W3TC Minify cache

## wordpress.conf
# /etc/nginx/wordpress.conf

rewrite ^/products-page/(.+)/index\.php /products-page/$1/?ajax=true last;
rewrite ^/products-page/index\.php /products-page/?ajax=true last;
rewrite ^/sitemap\.xml$ /index.php?sitemap=1 last;
rewrite ^/sitemap\.xml\.gz$ /index.php?sitemap=1 last;
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

### HACK TO REWRITE OLD UPLOAD FILES TO CLOUDFRONT CDN TO AVOID 404s ###
if ($http_host !~ "^.+.dev$"){
  set $rule_0 1$rule_0;
}
if ($rule_0 = "1"){
  rewrite ^/wp-content/uploads/(.+) http://dhwlijwe9jil7.cloudfront.net/files/$1 permanent;
}

### REWRITE TO UPLOADS TO CLOUDFRONT ###
if ($uri ~ "^/files/.+$"){
  set $rule_3 1$rule_3;
}
if ($http_host !~ "^.+.dev$"){
  set $rule_3 2$rule_3;
}
if ($http_host !~* "^.+cloudfront.net$"){
  set $rule_3 3$rule_3;
}
if ($rule_3 = "321"){
  rewrite ^/ http://dhwlijwe9jil7.cloudfront.net$uri permanent;
}

### DEFAULT REWRITE TO WP FILES ###
rewrite ^/files/(.+) /wp-includes/ms-files.php?file=$1 last;

### REWRITE TO APEX###
if ($host ~* www\.(.*)) {
  set $host_without_www $1;
  rewrite ^(.*)$ http://$host_without_www$1 permanent;
}

### WORDPRESS LOCATIONS ###

location / {
  try_files $uri $uri/ /index.php?$args @wordpress;
}

location @wordpress {
  rewrite ^.*/files/(.*) /wp-includes/ms-files.php?file=$1;
  if (!-e $request_filename) {
    rewrite ^.+/products-page/(.*)index.php?ajax=true /products-page/$1/?ajax=true last;
    rewrite ^.+/?(/wp-.*) $1 last;
    rewrite ^.+/?(/.*\.php)$ $1 last;
    rewrite ^(.+)$ /index.php?q=$1 last;
  }
}

location ~ \.php$ {
  try_files $uri =404;

  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_param   REMOTE_ADDR  $http_client_ip;
  fastcgi_index   index.php;
  fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
  include /usr/local/etc/nginx/fastcgi_params;
  fastcgi_pass php;
}

location ~ /\. { access_log off; log_not_found off; deny all; }

# Prevent access to any files starting with a $ (usually temp files)
location ~ ~$ { access_log off; log_not_found off; deny all; }

# Do not log access to robots.txt, to keep the logs cleaner
location = /robots.txt { allow all; access_log off; log_not_found off; }

# Do not log access to the favicon, to keep the logs cleaner
location = /favicon.ico { access_log off; log_not_found off; }

location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
location ~* wp-config.php { deny all; }
location ^~ /config/ { deny all; }
	# /etc/nginx/cloudflare.conf

	# If using Cloudflare, uncomment the following to get proper originating IPs
	#set_real_ip_from 204.93.240.0/24;
	#set_real_ip_from 204.93.177.0/24;
	#set_real_ip_from 199.27.128.0/21;
	#set_real_ip_from 173.245.48.0/20;
	#set_real_ip_from 103.22.200.0/22;
	#set_real_ip_from 141.101.64.0/18;
	#real_ip_header CF-Connecting-IP;
	# end Cloudflare
	# /etc/nginx/sites-enabled/default

	server {
	listen 8080; ## listen for ipv4
	#listen [::]:80 default ipv6only=on; ## listen for ipv6

	server_name _;
	root /Users/www-data/gunnertechnetwork/current;
	index index.php;

	access_log /var/log/nginx/localhost.access.log;

	client_max_body_size 8M;
	client_body_buffer_size 128k;

	keepalive_timeout 10;

	server_name_in_redirect off;
	port_in_redirect off;

	error_page 404 /missing.html;
	error_page 500 502 503 504 /50x.html;

	include /usr/local/etc/nginx/wordpress.conf;
	include /usr/local/etc/nginx/w3totalcache.conf;

	}
	backend default {
	.host = "127.0.0.1";
	.port = "8080";
	}

	acl purge {
	"10.0.1.100";
	"10.0.1.101";
	"10.0.1.102";
	"10.0.1.103";
	"10.0.1.104";
	}

	sub vcl_recv {
	if (req.request == "PURGE") {
	if (!client.ip ~ purge) {
	error 405 "Not allowed.";
	}
	return(lookup);
	}

	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(gif\|jpg\|jpeg\|swf\|flv\|mp3\|mp4\|pdf\|ico\|png\|gz\|tgz\|bz2)(\?.*\|)$") {
	remove req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	remove req.http.Accept-Encoding;
	}
	}

	if (req.url ~ "\.(gif\|jpg\|jpeg\|swf\|css\|js\|flv\|mp3\|mp4\|pdf\|ico\|png)(\?.*\|)$") {
	unset req.http.cookie;
	set req.url = regsub(req.url, "\?.*$", "");
	}

	if (req.url ~ "\?(utm_(campaign\|medium\|source\|term)\|adParams\|client\|cx\|eid\|fbid\|feed\|ref(id\|src)?\|v(er\|iew))=") {
	set req.url = regsub(req.url, "\?.*$", "");
	}

	if (req.http.cookie) {
	if (req.http.cookie ~ "(wordpress_\|wp-settings-)" \|\| req.url ~ "(wp-(login\|admin)\|login\|products)") {
	return(pass);
	} else {
	unset req.http.cookie;
	}
	}
	}

	sub vcl_fetch {
	if (req.url ~ "wp-(login\|admin)" \|\| req.url ~ "products-page" \|\| req.url ~ "preview=true" \|\| req.url ~ "xmlrpc.php") {
	return (hit_for_pass);
	}

	if ( (!(req.url ~ "(wp-(login\|admin)\|login\|products)")) \|\| (req.request == "GET") ) {
	unset beresp.http.set-cookie;
	set beresp.ttl = 1h;
	}

	if (req.url ~ "\.(gif\|jpg\|jpeg\|swf\|css\|js\|flv\|mp3\|mp4\|pdf\|ico\|png)(\?.*\|)$") {
	set beresp.ttl = 365d;
	}
	}

	sub vcl_deliver {
	set resp.http.X-Server = "server-01";

	if (obj.hits > 0) {
	set resp.http.X-Cache = "HIT";
	} else {
	set resp.http.X-Cache = "MISS";
	}
	}

	sub vcl_hit {
	if (req.request == "PURGE") {
	set obj.ttl = 0s;
	error 200 "OK";
	}
	}

	sub vcl_miss {
	if (req.request == "PURGE") {
	error 404 "Not cached";
	}
	}

	sub vcl_error {
	set obj.http.Content-Type = "text/html; charset=utf-8";
	synthetic {"
	<html>
	<head>
	<title>We're sorry. This server is under maintenance</title>
	</head>
	<body>
	<h1>The server is being updated</h1>
	<p>Please check back later.</p>
	</body>
	</html>
	"};
	}
	user www-data;
	worker_processes 4;

	error_log /var/log/nginx/error.log;
	pid /var/run/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	include /usr/local/etc/nginx/mime.types;
	include /usr/local/etc/nginx/cloudflare.conf;

	access_log /var/log/nginx/access.log;

	sendfile on;
	tcp_nopush off;

	keepalive_timeout 30;
	tcp_nodelay on;

	gzip on;
	gzip_disable "MSIE [1-6]\.(?!.*SV1)";

	upstream php {
	server unix:/tmp/php-cgi.socket;
	#server 127.0.0.1:9000;
	}

	include /usr/local/etc/nginx/conf.d/*.conf;
	include /usr/local/etc/nginx/sites-enabled/*;
	}
	; Start a new pool named 'www'.
	[www]

	; The address on which to accept FastCGI requests.
	; Valid syntaxes are:
	; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
	; a specific port;
	; 'port' - to listen on a TCP socket to all addresses on a
	; specific port;
	; '/path/to/unix/socket' - to listen on a unix socket.
	; Note: This value is mandatory.
	; listen = 127.0.0.1:9000
	listen = /tmp/php-cgi.socket

	; Set listen(2) backlog. A value of '-1' means unlimited.
	; Default Value: -1
	;listen.backlog = -1

	; List of ipv4 addresses of FastCGI clients which are allowed to connect.
	; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
	; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
	; must be separated by a comma. If this value is left blank, connections will be
	; accepted from any ip address.
	; Default Value: any
	; listen.allowed_clients = 127.0.0.1

	; Set permissions for unix socket, if one is used. In Linux, read/write
	; permissions must be set in order to allow connections from a web server. Many
	; BSD-derived systems allow connections regardless of permissions.
	; Default Values: user and group are set as the running user
	; mode is set to 0666
	;listen.owner = www-data
	;listen.group = www-data
	;listen.mode = 0666

	; Unix user/group of processes
	; Note: The user is mandatory. If the group is not set, the default user's group
	; will be used.
	; RPM: apache Choosed to be able to access some dir as httpd
	user = www-data
	; RPM: Keep a group allowed to write in log dir.
	group = www-data

	; Choose how the process manager will control the number of child processes.
	; Possible Values:
	; static - a fixed number (pm.max_children) of child processes;
	; dynamic - the number of child processes are set dynamically based on the
	; following directives:
	; pm.max_children - the maximum number of children that can
	; be alive at the same time.
	; pm.start_servers - the number of children created on startup.
	; pm.min_spare_servers - the minimum number of children in 'idle'
	; state (waiting to process). If the number
	; of 'idle' processes is less than this
	; number then some children will be created.
	; pm.max_spare_servers - the maximum number of children in 'idle'
	; state (waiting to process). If the number
	; of 'idle' processes is greater than this
	; number then some children will be killed.
	; Note: This value is mandatory.
	pm = dynamic

	; The number of child processes to be created when pm is set to 'static' and the
	; maximum number of child processes to be created when pm is set to 'dynamic'.
	; This value sets the limit on the number of simultaneous requests that will be
	; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
	; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
	; CGI.
	; Note: Used when pm is set to either 'static' or 'dynamic'
	; Note: This value is mandatory.
	pm.max_children = 50

	; The number of child processes created on startup.
	; Note: Used only when pm is set to 'dynamic'
	; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
	pm.start_servers = 10

	; The desired minimum number of idle server processes.
	; Note: Used only when pm is set to 'dynamic'
	; Note: Mandatory when pm is set to 'dynamic'
	pm.min_spare_servers = 5

	; The desired maximum number of idle server processes.
	; Note: Used only when pm is set to 'dynamic'
	; Note: Mandatory when pm is set to 'dynamic'
	pm.max_spare_servers = 35

	; The number of requests each child process should execute before respawning.
	; This can be useful to work around memory leaks in 3rd party libraries. For
	; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
	; Default Value: 0
	pm.max_requests = 500

	; The URI to view the FPM status page. If this value is not set, no URI will be
	; recognized as a status page. By default, the status page shows the following
	; information:
	; accepted conn - the number of request accepted by the pool;
	; pool - the name of the pool;
	; process manager - static or dynamic;
	; idle processes - the number of idle processes;
	; active processes - the number of active processes;
	; total processes - the number of idle + active processes.
	; The values of 'idle processes', 'active processes' and 'total processes' are
	; updated each second. The value of 'accepted conn' is updated in real time.
	; Example output:
	; accepted conn: 12073
	; pool: www
	; process manager: static
	; idle processes: 35
	; active processes: 65
	; total processes: 100
	; By default the status page output is formatted as text/plain. Passing either
	; 'html' or 'json' as a query string will return the corresponding output
	; syntax. Example:
	; http://www.foo.bar/status
	; http://www.foo.bar/status?json
	; http://www.foo.bar/status?html
	; Note: The value must start with a leading slash (/). The value can be
	; anything, but it may not be a good idea to use the .php extension or it
	; may conflict with a real PHP file.
	; Default Value: not set
	;pm.status_path = /status

	; The ping URI to call the monitoring page of FPM. If this value is not set, no
	; URI will be recognized as a ping page. This could be used to test from outside
	; that FPM is alive and responding, or to
	; - create a graph of FPM availability (rrd or such);
	; - remove a server from a group if it is not responding (load balancing);
	; - trigger alerts for the operating team (24/7).
	; Note: The value must start with a leading slash (/). The value can be
	; anything, but it may not be a good idea to use the .php extension or it
	; may conflict with a real PHP file.
	; Default Value: not set
	;ping.path = /ping

	; This directive may be used to customize the response of a ping request. The
	; response is formatted as text/plain with a 200 response code.
	; Default Value: pong
	;ping.response = pong

	; The timeout for serving a single request after which the worker process will
	; be killed. This option should be used when the 'max_execution_time' ini option
	; does not stop script execution for some reason. A value of '0' means 'off'.
	; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
	; Default Value: 0
	;request_terminate_timeout = 0

	; The timeout for serving a single request after which a PHP backtrace will be
	; dumped to the 'slowlog' file. A value of '0s' means 'off'.
	; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
	; Default Value: 0
	;request_slowlog_timeout = 0

	; The log file for slow requests
	; Default Value: not set
	; Note: slowlog is mandatory if request_slowlog_timeout is set
	slowlog = /var/log/php-fpm/www-slow.log

	; Set open file descriptor rlimit.
	; Default Value: system defined value
	;rlimit_files = 1024

	; Set max core size rlimit.
	; Possible Values: 'unlimited' or an integer greater or equal to 0
	; Default Value: system defined value
	;rlimit_core = 0

	; Chroot to this directory at the start. This value must be defined as an
	; absolute path. When this value is not set, chroot is not used.
	; Note: chrooting is a great security feature and should be used whenever
	; possible. However, all PHP paths will be relative to the chroot
	; (error_log, sessions.save_path, ...).
	; Default Value: not set
	;chroot =

	; Chdir to this directory at the start. This value must be an absolute path.
	; Default Value: current directory or / when chroot
	;chdir = /var/www

	; Redirect worker stdout and stderr into main error log. If not set, stdout and
	; stderr will be redirected to /dev/null according to FastCGI specs.
	; Default Value: no
	;catch_workers_output = yes

	; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
	; the current environment.
	; Default Value: clean env
	;env[HOSTNAME] = $HOSTNAME
	;env[PATH] = /usr/local/bin:/usr/bin:/bin
	;env[TMP] = /tmp
	;env[TMPDIR] = /tmp
	;env[TEMP] = /tmp

	; Additional php.ini defines, specific to this pool of workers. These settings
	; overwrite the values previously defined in the php.ini. The directives are the
	; same as the PHP SAPI:
	; php_value/php_flag - you can set classic ini defines which can
	; be overwritten from PHP call 'ini_set'.
	; php_admin_value/php_admin_flag - these directives won't be overwritten by
	; PHP call 'ini_set'
	; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

	; Defining 'extension' will load the corresponding shared extension from
	; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
	; overwrite previously defined php.ini values, but will append the new value
	; instead.

	; Default Value: nothing is defined by default except the values in php.ini and
	; specified at startup with the -d argument
	;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
	;php_flag[display_errors] = off
	php_admin_value[error_log] = /var/log/php-fpm/www-error.log
	php_admin_flag[log_errors] = on
	;php_admin_value[memory_limit] = 32M
	START=yes
	NFILES=131072
	MEMLOCK=82000
	DAEMON_OPTS="-a :80 \
	-T localhost:6082 \
	-f /etc/varnish/default.vcl \
	-S /etc/varnish/secret \
	-s malloc,250M"
	# /etc/nginx/w3totalcache.conf

	# BEGIN W3TC Browser Cache
	gzip on;
	gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

	gzip_vary on;
	gzip_comp_level 2;
	gzip_proxied any;
	gzip_buffers 16 8k;
	gzip_disable "MSIE [1-6].(?!.*SV1)";

	location ~ \.(css\|js\|htc)$ {
	add_header X-Powered-By "W3 Total Cache/0.9.2.4";
	}

	location ~ \.(html\|htm\|rtf\|rtx\|svg\|svgz\|txt\|xsd\|xsl\|xml)$ {
	add_header X-Powered-By "W3 Total Cache/0.9.2.4";
	}

	location ~ \.(asf\|asx\|wax\|wmv\|wmx\|avi\|bmp\|class\|divx\|doc\|docx\|eot\|exe\|gif\|gz\|gzip\|ico\|jpg\|jpeg\|jpe\|mdb\|mid\|midi\|mov\|qt\|mp3\|m4a\|mp4\|m4v\|mpeg\|mpg\|mpe\|mpp\|otf\|odb\|odc\|odf\|odg\|odp\|ods\|odt\|ogg\|pdf\|png\|pot\|pps\|ppt\|pptx\|ra\|ram\|svg\|svgz\|swf\|tar\|tif\|tiff\|ttf\|ttc\|wav\|wma\|wri\|xla\|xls\|xlsx\|xlt\|xlw\|zip)$ {
	add_header X-Powered-By "W3 Total Cache/0.9.2.4";
	}
	# END W3TC Browser Cache

	# BEGIN W3TC Minify core
	set $w3tc_enc "";
	if ($http_accept_encoding ~ gzip) {
	set $w3tc_enc .gzip;
	}
	if (-f $request_filename$w3tc_enc) {
	rewrite (.*) $1$w3tc_enc break;
	}
	rewrite ^/wp-content/w3tc/min/([a-f0-9]+)\/(.+)\.(include(\-(footer\|body))?(-nb)?)\.[0-9]+\.(css\|js)$ /wp-content/w3tc/min/index.php?tt=$1&gg=$2&g=$3&t=$7 last;
	# END W3TC Minify core

	# BEGIN W3TC Minify cache
	location ~ /wp-content/w3tc/min.*\.js$ {
	types {}
	default_type application/x-javascript;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
	add_header Vary "Accept-Encoding";
	}
	location ~ /wp-content/w3tc/min.*\.css$ {
	types {}
	default_type text/css;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
	add_header Vary "Accept-Encoding";
	}
	location ~ /wp-content/w3tc/min.*js\.gzip$ {
	gzip off;
	types {}
	default_type application/x-javascript;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
	add_header Vary "Accept-Encoding";
	add_header Content-Encoding gzip;
	}
	location ~ /wp-content/w3tc/min.*css\.gzip$ {
	gzip off;
	types {}
	default_type text/css;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
	add_header Vary "Accept-Encoding";
	add_header Content-Encoding gzip;
	}
	# END W3TC Minify cache
	# /etc/nginx/wordpress.conf

	rewrite ^/products-page/(.+)/index\.php /products-page/$1/?ajax=true last;
	rewrite ^/products-page/index\.php /products-page/?ajax=true last;
	rewrite ^/sitemap\.xml$ /index.php?sitemap=1 last;
	rewrite ^/sitemap\.xml\.gz$ /index.php?sitemap=1 last;
	rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

	### HACK TO REWRITE OLD UPLOAD FILES TO CLOUDFRONT CDN TO AVOID 404s ###
	if ($http_host !~ "^.+.dev$"){
	set $rule_0 1$rule_0;
	}
	if ($rule_0 = "1"){
	rewrite ^/wp-content/uploads/(.+) http://dhwlijwe9jil7.cloudfront.net/files/$1 permanent;
	}

	### REWRITE TO UPLOADS TO CLOUDFRONT ###
	if ($uri ~ "^/files/.+$"){
	set $rule_3 1$rule_3;
	}
	if ($http_host !~ "^.+.dev$"){
	set $rule_3 2$rule_3;
	}
	if ($http_host !~* "^.+cloudfront.net$"){
	set $rule_3 3$rule_3;
	}
	if ($rule_3 = "321"){
	rewrite ^/ http://dhwlijwe9jil7.cloudfront.net$uri permanent;
	}

	### DEFAULT REWRITE TO WP FILES ###
	rewrite ^/files/(.+) /wp-includes/ms-files.php?file=$1 last;

	### REWRITE TO APEX###
	if ($host ~* www\.(.*)) {
	set $host_without_www $1;
	rewrite ^(.*)$ http://$host_without_www$1 permanent;
	}

	### WORDPRESS LOCATIONS ###

	location / {
	try_files $uri $uri/ /index.php?$args @wordpress;
	}

	location @wordpress {
	rewrite ^./files/(.) /wp-includes/ms-files.php?file=$1;
	if (!-e $request_filename) {
	rewrite ^.+/products-page/(.*)index.php?ajax=true /products-page/$1/?ajax=true last;
	rewrite ^.+/?(/wp-.*) $1 last;
	rewrite ^.+/?(/.*\.php)$ $1 last;
	rewrite ^(.+)$ /index.php?q=$1 last;
	}
	}

	location ~ \.php$ {
	try_files $uri =404;

	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_param REMOTE_ADDR $http_client_ip;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include /usr/local/etc/nginx/fastcgi_params;
	fastcgi_pass php;
	}

	location ~ /\. { access_log off; log_not_found off; deny all; }

	# Prevent access to any files starting with a $ (usually temp files)
	location ~ ~$ { access_log off; log_not_found off; deny all; }

	# Do not log access to robots.txt, to keep the logs cleaner
	location = /robots.txt { allow all; access_log off; log_not_found off; }

	# Do not log access to the favicon, to keep the logs cleaner
	location = /favicon.ico { access_log off; log_not_found off; }

	location ~* wp-admin/includes { deny all; }
	location ~* wp-includes/theme-compat/ { deny all; }
	location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
	location ~* wp-config.php { deny all; }
	location ^~ /config/ { deny all; }