marcinkieruzel/gist:9c2a00093afe8b5c5ff930fcc8b44a4f

## gistfile1.txt
  GNU nano 2.2.6                                                                                                                                        File: szkoly.superkoderzy.pl

map $http_host $blogid {
 default 0;
  include /var/www/superkoderzytest/wp-content/uploads/nginx-helper/map.conf;
}
server {
        listen 80;
        listen [::]:80;


client_max_body_size 20M;
 server_name szkoly.superkoderzy.pl;
 root /var/www/superkoderzytest;
 access_log /var/log/nginx/superkoderzytest.pl-access.log;
 error_log /var/log/nginx/superkoderzytest.pl-error.log;


 #include conf.d/restrictions.conf;
 ##################################
 # Restrictions ###################


 # Global restrictions configuration file.
 # Designed to be included in any server {} block.</p>
 location = /favicon.ico {
  log_not_found off;
  access_log off;
 }
 location = /robots.txt {
  allow all;
  log_not_found off;
  access_log off;
 }
 # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~ /\\. {
  deny all;
 }
 # Deny access to any files with a .php extension in the uploads directory
 # Works in sub-directory installs and also in multisite network
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~* /(?:uploads|files)/.*\\.php$ {
  deny all;
 }

 include /var/www/superkoderzytest/nginx.conf;

 #include conf.d/wordpress-mu.conf;
 ##################################
 #  Wordpress MU ##################

 # WordPress multisite subdirectory rules.
 # Designed to be included in any server {} block.
 index index.php;
 # This order might seem weird - this is attempted to match last if rules below fail.
 # http://wiki.nginx.org/HttpCoreModule
 location / {
  try_files $uri $uri/ /index.php?$args;
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Credentials' 'false';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

 }
 # Add trailing slash to */wp-admin requests.
 rewrite /wp-admin$ $scheme://$host$uri/ permanent;
 # Pass all .php files onto a php-fpm/php-fcgi server.
 location ~ \.php$ {
  # Zero-day exploit defense.
  # http://forum.nginx.org/read.php?2,88845,page=3
  # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
  # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
  try_files $uri =404;
 # fastcgi_split_path_info ^(.+\.php)(/.+)$;
  #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
 include fastcgi_params;
  fastcgi_index index.php;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 #fastcgi_intercept_errors on;
  fastcgi_pass php5-fpm;
 }
 location ~ ^/files/(.*)$ {
  try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
  # access_log on; log_not_found on; expires max;
 }
 #avoid php readfile()
 location ^~ /blogs.dir {
  internal;
  alias /var/www/superkoderzytest/wp-content/blogs.dir ;
  access_log off; log_not_found off; expires max;
 }
 # Directives to send expires headers and turn off 404 error logging.
 location ~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  access_log off; log_not_found off; expires max;
 }
   if (!-e $request_filename) {
                 rewrite /wp-admin$ $scheme://$host$uri/ permanent;
                 rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
                 rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
         }
}
	GNU nano 2.2.6 File: szkoly.superkoderzy.pl

	map $http_host $blogid {
	default 0;
	include /var/www/superkoderzytest/wp-content/uploads/nginx-helper/map.conf;
	}
	server {
	listen 80;
	listen [::]:80;


	client_max_body_size 20M;
	server_name szkoly.superkoderzy.pl;
	root /var/www/superkoderzytest;
	access_log /var/log/nginx/superkoderzytest.pl-access.log;
	error_log /var/log/nginx/superkoderzytest.pl-error.log;




	#include conf.d/restrictions.conf;
	##################################
	# Restrictions ###################




	# Global restrictions configuration file.
	# Designed to be included in any server {} block.</p>
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}
	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}
	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~ /\\. {
	deny all;
	}
	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\\.php$ {
	deny all;
	}

	include /var/www/superkoderzytest/nginx.conf;

	#include conf.d/wordpress-mu.conf;
	##################################
	# Wordpress MU ##################

	# WordPress multisite subdirectory rules.
	# Designed to be included in any server {} block.
	index index.php;
	# This order might seem weird - this is attempted to match last if rules below fail.
	# http://wiki.nginx.org/HttpCoreModule
	location / {
	try_files $uri $uri/ /index.php?$args;
	add_header 'Access-Control-Allow-Origin' '*' always;
	add_header 'Access-Control-Allow-Credentials' 'false';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

	}
	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;
	# Pass all .php files onto a php-fpm/php-fcgi server.
	location ~ \.php$ {
	# Zero-day exploit defense.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
	# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
	try_files $uri =404;
	# fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	include fastcgi_params;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	#fastcgi_intercept_errors on;
	fastcgi_pass php5-fpm;
	}
	location ~ ^/files/(.*)$ {
	try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
	# access_log on; log_not_found on; expires max;
	}
	#avoid php readfile()
	location ^~ /blogs.dir {
	internal;
	alias /var/www/superkoderzytest/wp-content/blogs.dir ;
	access_log off; log_not_found off; expires max;
	}
	# Directives to send expires headers and turn off 404 error logging.
	location ~* ^.+\.(xml\|ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|css\|rss\|atom\|js\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	access_log off; log_not_found off; expires max;
	}
	if (!-e $request_filename) {
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;
	rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
	rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
	}
	}