ohadcn/README.md

## README.md

      
    Raw
  

              README.md
            
          
    nginx config template and include files

to use this:


put the files in /etc/nginx/ ¹.


duplicate nginx-site-template into /etc/nginx/sites-enabled to every site you want to serv.²


depending on your php version, edit php_srv fastcgi_pass location.


¹ for Bitnami OS images, use /opt/bitnami/nginx/conf instead of /etc/nginx
² it's a common practice to put the files in /etc/nginx/sites-available and link them into /etc/nginx/sites-enabled, I ussualy don't do that.

  
## cache_static
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
}

## force_https
if ($scheme != https) {
        return 301 https://$host$request_uri;
}

## hostify_logs
access_log /var/log/nginx/$host.log;

## index_html_redirect
location / {
        try_files $uri $uri/ /index.html;
}

## index_php_redirect
# redirect to index.php instead of returning 404
# must have for many CMS (e,g: wordpress, drupal)
location / {
        try_files $uri $uri/ /index.php?$args;
}

## nginx-site-template
server {
        listen 443 ssl;
        listen 80;
        server_name www.oodi.co.il oodi.co.il;

        # don't use variables like $main_addr, this kills performance.
        # don't let your site be available from many addresses, google don't like it.
        if ($host != www.oodi.co.il) {
                return 301 https://www.oodi.co.il$request_uri;
        }

        # put this one last to avoid multiple redirects
        include force_https;

        ssl_certificate /etc/letsencrypt/live/oodi.co.il/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/oodi.co.il/privkey.pem;

        include ssl_params;
        include hostify_logs;

        # TODO: unite the .onion into one server directive
        # listen 127.0.0.1:80;
        # server_name xxzggveprj3lpmuk.onion;

        root /home/site/html;
        index index.html index.htm index.php;

        location /ws {
                set $pass_port 1234;
                proxy_pass http://127.0.0.1:$pass_port$request_uri;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                include proxy_params;
        }

        location /app {
                set $pass_port 1234;
                proxy_pass http://127.0.0.1:$pass_port$request_uri;
                include proxy_params;
        }

        include php_srv; # for php
        include index_php_redirect; # required for wordpress (and other CMS)
        #include index_html_redirect; # required for react / vue builds
        include cache_static; # better perfomance
}

## php_srv
location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

        # With php-cgi alone:
        # fastcgi_pass 127.0.0.1:9000;

        # With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
}

## proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

## ssl_params
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
	if ($scheme != https) {
	return 301 https://$host$request_uri;
	}
	# redirect to index.php instead of returning 404
	# must have for many CMS (e,g: wordpress, drupal)
	location / {
	try_files $uri $uri/ /index.php?$args;
	}
	server {
	listen 443 ssl;
	listen 80;
	server_name www.oodi.co.il oodi.co.il;

	# don't use variables like $main_addr, this kills performance.
	# don't let your site be available from many addresses, google don't like it.
	if ($host != www.oodi.co.il) {
	return 301 https://www.oodi.co.il$request_uri;
	}

	# put this one last to avoid multiple redirects
	include force_https;

	ssl_certificate /etc/letsencrypt/live/oodi.co.il/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/oodi.co.il/privkey.pem;

	include ssl_params;
	include hostify_logs;

	# TODO: unite the .onion into one server directive
	# listen 127.0.0.1:80;
	# server_name xxzggveprj3lpmuk.onion;

	root /home/site/html;
	index index.html index.htm index.php;

	location /ws {
	set $pass_port 1234;
	proxy_pass http://127.0.0.1:$pass_port$request_uri;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	include proxy_params;
	}

	location /app {
	set $pass_port 1234;
	proxy_pass http://127.0.0.1:$pass_port$request_uri;
	include proxy_params;
	}

	include php_srv; # for php
	include index_php_redirect; # required for wordpress (and other CMS)
	#include index_html_redirect; # required for react / vue builds
	include cache_static; # better perfomance
	}
	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	# With php-cgi alone:
	# fastcgi_pass 127.0.0.1:9000;

	# With php5-fpm:
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	ssl_session_timeout 5m;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;