markjaquith/nginx.conf

## nginx.conf
upstream phpfpm {
	server unix:/var/run/php5-fpm.sock;
}

upstream hhvm {
	server unix:/var/run/hhvm/hhvm.sock;
}

# SSL
ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers               ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_buffer_size           8k;
spdy_headers_comp         6;

fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache_fpm:30m max_size=1000m;

## nginx.erb
server {
	listen 80;
	<% if @use_ssl %>
	listen 443 ssl spdy;
	ssl_certificate ssl/<%= @domain %>/server.crt;
	ssl_certificate_key ssl/<%= @domain %>/server.key;
	<% end %>
	server_name <%= @domain %><% if @also_www %> www.<%= @domain %><% end %>;
	access_log  /var/log/nginx/access.log main;

	root /srv/www/<%= @path %>;
	index index.html index.htm index.php;

	include sites-available/custom/<%= @domain %>;

	location ~ \.(jpe?g|gif|png|css|bmp|js|ico)$ {
		expires 30d;
	}

	location / {
		try_files $uri $uri/ /index.php$is_args$args;
	}

	# redirect server error pages to the static page /50x.html
	#
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root /var/www/nginx-default;
	}

	location ~ /\.ht[a-z]+$ {
		deny all;
	}

	location ~ \.php$ {
		# Set some proxy cache stuff
		fastcgi_cache microcache_fpm;
		fastcgi_cache_key $scheme$host$request_method$request_uri;
		fastcgi_cache_valid 200 5s;
		fastcgi_cache_use_stale updating;
		fastcgi_max_temp_file_size 1M;
		fastcgi_cache_min_uses 3; # Hit a URL 3 times before caching it

		set $no_cache_set  0;
		set $no_cache_get  0;

		set $temp_caching_exemption 0;
		if ($request_method !~ ^(GET|HEAD)$) {
			set $temp_caching_exemption 1;
		}

		if ( $temp_caching_exemption = 1 ) {
			add_header Set-Cookie "_mcnc=1; Max-Age=10; Path=/";
		}

		# Bypass cache if no-cache cookie is set
		if ( $http_cookie ~* "_mcnc" ) {
			set $no_cache_set 1;
			set $no_cache_get 1;
		}

		if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
			set $no_cache_set 1;
			set $no_cache_get 1;
		}

		# fastcgi_no_cache means "Do not store this proxy response in the cache"
		fastcgi_no_cache $no_cache_set;
		# fastcgi_cache_bypass means "Do not look in the cache for this request"
		fastcgi_cache_bypass $no_cache_get;


		include        /etc/nginx/fastcgi_params;
		fastcgi_index  index.php;
		try_files      $uri =404;

		<% if @hhvm %>
		fastcgi_keep_conn on;
		fastcgi_pass hhvm;
		<% else %>
		fastcgi_pass phpfpm;
		<% end %>
	}

}
	upstream phpfpm {
	server unix:/var/run/php5-fpm.sock;
	}

	upstream hhvm {
	server unix:/var/run/hhvm/hhvm.sock;
	}

	# SSL
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	ssl_buffer_size 8k;
	spdy_headers_comp 6;

	fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache_fpm:30m max_size=1000m;
	server {
	listen 80;
	<% if @use_ssl %>
	listen 443 ssl spdy;
	ssl_certificate ssl/<%= @domain %>/server.crt;
	ssl_certificate_key ssl/<%= @domain %>/server.key;
	<% end %>
	server_name <%= @domain %><% if @also_www %> www.<%= @domain %><% end %>;
	access_log /var/log/nginx/access.log main;

	root /srv/www/<%= @path %>;
	index index.html index.htm index.php;

	include sites-available/custom/<%= @domain %>;

	location ~ \.(jpe?g\|gif\|png\|css\|bmp\|js\|ico)$ {
	expires 30d;
	}

	location / {
	try_files $uri $uri/ /index.php$is_args$args;
	}

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /var/www/nginx-default;
	}

	location ~ /\.ht[a-z]+$ {
	deny all;
	}

	location ~ \.php$ {
	# Set some proxy cache stuff
	fastcgi_cache microcache_fpm;
	fastcgi_cache_key $scheme$host$request_method$request_uri;
	fastcgi_cache_valid 200 5s;
	fastcgi_cache_use_stale updating;
	fastcgi_max_temp_file_size 1M;
	fastcgi_cache_min_uses 3; # Hit a URL 3 times before caching it

	set $no_cache_set 0;
	set $no_cache_get 0;

	set $temp_caching_exemption 0;
	if ($request_method !~ ^(GET\|HEAD)$) {
	set $temp_caching_exemption 1;
	}

	if ( $temp_caching_exemption = 1 ) {
	add_header Set-Cookie "_mcnc=1; Max-Age=10; Path=/";
	}

	# Bypass cache if no-cache cookie is set
	if ( $http_cookie ~* "_mcnc" ) {
	set $no_cache_set 1;
	set $no_cache_get 1;
	}

	if ( $http_cookie ~* "comment_author_\|wordpress_(?!test_cookie)\|wp-postpass_" ) {
	set $no_cache_set 1;
	set $no_cache_get 1;
	}

	# fastcgi_no_cache means "Do not store this proxy response in the cache"
	fastcgi_no_cache $no_cache_set;
	# fastcgi_cache_bypass means "Do not look in the cache for this request"
	fastcgi_cache_bypass $no_cache_get;


	include /etc/nginx/fastcgi_params;
	fastcgi_index index.php;
	try_files $uri =404;

	<% if @hhvm %>
	fastcgi_keep_conn on;
	fastcgi_pass hhvm;
	<% else %>
	fastcgi_pass phpfpm;
	<% end %>
	}

	}