monkyz/gist:3798058

## gistfile1.txt

# Server configuration for example.com
server {
    # Require HTTP authentication.
    #auth_basic            "Restricted";
    #auth_basic_user_file  /home/example/.htpasswd;

    # Limit each user to 20 max connections.
    limit_conn   default  20;

    # Set up ports and server address.
    listen       80;
    listen       443 ssl;
    server_name  .example.com;
    root /home/example/www;

    # Specify certificates used globally.
    ssl_certificate /home/example/certs/example-com.crt;
    ssl_certificate_key /home/example/certs/example-nopass.key;

    # Configure reverse-proxy settings for CloudFlare.
    #set_real_ip_from   204.93.240.0/24;
    #set_real_ip_from   204.93.177.0/24;
    #set_real_ip_from   199.27.128.0/21;
    #set_real_ip_from   173.245.48.0/20;
    #set_real_ip_from   103.22.200.0/22;
    #set_real_ip_from   141.101.64.0/18;
    #set_real_ip_from   108.162.192.0/18;
    #real_ip_header     CF-Connecting-IP;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to text files.
    location ~ \..*/.*\.(txt|log|htaccess)$ {
        deny all;
    }

    # Set a high lifetime on static assets.
    location ~* ^/(sites/|files/|misc/).*\.(js|css|png|jpg|jpeg|gif|ico)(\?[a-zA-Z0-9]+)?$ {
        expires max;
        #log_not_found off;
    }

    # No executing PHP files of any files besides ones in the root (cron.php, xmlrpc.php, etc.)
    location ~ \..*/.*\.php$ {
        return 403;
    }

    # Try checking if the file exists physically before calling index.php (a la mod_rewrite in Apache).
    location / {
        try_files $uri @rewrite;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        include        fastcgi_params;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_intercept_errors on;
        fastcgi_pass_header Set-Cookie;

        fastcgi_cache drupal_cache;     # Define the name of the cache bin.
        fastcgi_cache_valid 200 302 1h; # Store pages and redirects for 1 hour.
        fastcgi_cache_valid 301 1d;     # Store permanent redirects for 1 day.
        fastcgi_cache_valid any 1m;     # Store all other requests (errors) for 1 minute.
        fastcgi_cache_min_uses 1;
        fastcgi_cache_use_stale error timeout invalid_header http_500; # Use stale caches when errors occur.
        fastcgi_cache_key "$scheme$request_method$host$request_uri";

        fastcgi_cache_bypass $logged_in;
        fastcgi_cache_bypass $cookie_NO_CACHE;
    }

    # To override the above rule, match more specifically against the image styles directory.
    location ^~ /files/styles/ {
        try_files $uri @rewrite;
    }

    # Error pages.
    error_page 500 502 504  /50x.html;
    error_page 404 /404.html;
    location ~ /(50x|404).html {
        root  /home/example/error_pages;
    }
}

	# Server configuration for example.com
	server {
	# Require HTTP authentication.
	#auth_basic "Restricted";
	#auth_basic_user_file /home/example/.htpasswd;

	# Limit each user to 20 max connections.
	limit_conn default 20;

	# Set up ports and server address.
	listen 80;
	listen 443 ssl;
	server_name .example.com;
	root /home/example/www;

	# Specify certificates used globally.
	ssl_certificate /home/example/certs/example-com.crt;
	ssl_certificate_key /home/example/certs/example-nopass.key;

	# Configure reverse-proxy settings for CloudFlare.
	#set_real_ip_from 204.93.240.0/24;
	#set_real_ip_from 204.93.177.0/24;
	#set_real_ip_from 199.27.128.0/21;
	#set_real_ip_from 173.245.48.0/20;
	#set_real_ip_from 103.22.200.0/22;
	#set_real_ip_from 141.101.64.0/18;
	#set_real_ip_from 108.162.192.0/18;
	#real_ip_header CF-Connecting-IP;

	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# Deny access to text files.
	location ~ \../.\.(txt\|log\|htaccess)$ {
	deny all;
	}

	# Set a high lifetime on static assets.
	location ~* ^/(sites/\|files/\|misc/).*\.(js\|css\|png\|jpg\|jpeg\|gif\|ico)(\?[a-zA-Z0-9]+)?$ {
	expires max;
	#log_not_found off;
	}

	# No executing PHP files of any files besides ones in the root (cron.php, xmlrpc.php, etc.)
	location ~ \../.\.php$ {
	return 403;
	}

	# Try checking if the file exists physically before calling index.php (a la mod_rewrite in Apache).
	location / {
	try_files $uri @rewrite;
	}

	location @rewrite {
	rewrite ^/(.*)$ /index.php?q=$1;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
	include fastcgi_params;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
	fastcgi_intercept_errors on;
	fastcgi_pass_header Set-Cookie;

	fastcgi_cache drupal_cache; # Define the name of the cache bin.
	fastcgi_cache_valid 200 302 1h; # Store pages and redirects for 1 hour.
	fastcgi_cache_valid 301 1d; # Store permanent redirects for 1 day.
	fastcgi_cache_valid any 1m; # Store all other requests (errors) for 1 minute.
	fastcgi_cache_min_uses 1;
	fastcgi_cache_use_stale error timeout invalid_header http_500; # Use stale caches when errors occur.
	fastcgi_cache_key "$scheme$request_method$host$request_uri";

	fastcgi_cache_bypass $logged_in;
	fastcgi_cache_bypass $cookie_NO_CACHE;
	}

	# To override the above rule, match more specifically against the image styles directory.
	location ^~ /files/styles/ {
	try_files $uri @rewrite;
	}

	# Error pages.
	error_page 500 502 504 /50x.html;
	error_page 404 /404.html;
	location ~ /(50x\|404).html {
	root /home/example/error_pages;
	}
	}