-
-
Save perusio/9033590 to your computer and use it in GitHub Desktop.
# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- | |
### Nginx configuration for Drupal. This configuration makes use of | |
### drush (http:///drupal.org/project/drush) for site maintenance | |
### and like tasks: | |
### | |
### 1. Run the cronjobs. | |
### 2. Run the DB and code updates: drush up or drush upc followed by | |
### drush updb to run any DB updates required by the code upgrades | |
### that were performed. | |
### 3. Disabling of xmlrpc.xml, install.php (needed only for | |
### installing the site) and update.php: all updates are now | |
### handled through drush. | |
## The 'default' location. | |
location $drupal_dir/ { | |
## Drupal 404 from can impact performance. If using a module like | |
## search404 then 404's *have *to be handled by Drupal. Uncomment to | |
## relay the handling of 404's to Drupal. | |
## error_page 404 /index.php; | |
## Using a nested location is the 'correct' way to use regexes. | |
## Regular private file serving (i.e. handled by Drupal). | |
location ^~ $drupal_dir/system/files/ { | |
## Include the specific FastCGI configuration. This is for a | |
## FCGI backend like php-cgi or php-fpm. | |
include apps/drupal/fastcgi_drupal.conf; | |
fastcgi_pass phpcgi; | |
## If proxying to apache comment the two lines above and | |
## uncomment the two lines below. | |
#proxy_pass http://phpapache/index.php?q=$uri; | |
#proxy_set_header Connection ''; | |
## For not signaling a 404 in the error log whenever the | |
## system/files directory is accessed add the line below. | |
## Note that the 404 is the intended behavior. | |
log_not_found off; | |
} | |
## Trying to access private files directly returns a 404. | |
location ^~ $drupal_dir/sites/default/files/private/ { | |
internal; | |
} | |
## Support for the file_force module | |
## http://drupal.org/project/file_force. | |
location ^~ $drupal_dir/system/files_force/ { | |
## Include the specific FastCGI configuration. This is for a | |
## FCGI backend like php-cgi or php-fpm. | |
include apps/drupal/fastcgi_drupal.conf; | |
fastcgi_pass phpcgi; | |
## If proxying to apache comment the two lines above and | |
## uncomment the two lines below. | |
#proxy_pass http://phpapache/index.php?q=$uri; | |
#proxy_set_header Connection ''; | |
## For not signaling a 404 in the error log whenever the | |
## system/files directory is accessed add the line below. | |
## Note that the 404 is the intended behavior. | |
log_not_found off; | |
} | |
## If accessing an image generated by Drupal 6 imagecache, serve it | |
## directly if available, if not relay the request to Drupal to (re)generate | |
## the image. | |
location ~* $drupal_dir/imagecache/ { | |
## Image hotlinking protection. If you want hotlinking | |
## protection for your images uncomment the following line. | |
#include apps/drupal/hotlinking_protection.conf; | |
access_log off; | |
expires 30d; | |
try_files $uri @drupal; | |
} | |
## Drupal 7 generated image handling, i.e., imagecache in core. See: | |
## http://drupal.org/node/371374. | |
location ~* $drupal_dir/files/styles/ { | |
## Image hotlinking protection. If you want hotlinking | |
## protection for your images uncomment the following line. | |
#include apps/drupal/hotlinking_protection.conf; | |
access_log off; | |
expires 30d; | |
try_files $uri @drupal; | |
} | |
## Advanced Aggregation module CSS | |
## support. http://drupal.org/project/advagg. | |
location ^~ $drupal_dir/sites/default/files/advagg_css/ { | |
expires max; | |
add_header ETag ''; | |
add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; | |
add_header Accept-Ranges ''; | |
location ~* $drupal_dir/sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { | |
access_log off; | |
try_files $uri @drupal; | |
} | |
} | |
## Advanced Aggregation module JS | |
## support. http://drupal.org/project/advagg. | |
location ^~ $drupal_dir/sites/default/files/advagg_js/ { | |
expires max; | |
add_header ETag ''; | |
add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; | |
add_header Accept-Ranges ''; | |
location ~* $drupal_dir/sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { | |
access_log off; | |
try_files $uri @drupal; | |
} | |
} | |
## All static files will be served directly. | |
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { | |
access_log off; | |
expires 30d; | |
## No need to bleed constant updates. Send the all shebang in one | |
## fell swoop. | |
tcp_nodelay off; | |
## Set the OS file cache. | |
open_file_cache max=3000 inactive=120s; | |
open_file_cache_valid 45s; | |
open_file_cache_min_uses 2; | |
open_file_cache_errors off; | |
} | |
## PDFs and powerpoint files handling. | |
location ~* ^.+\.(?:pdf|pptx?)$ { | |
expires 30d; | |
## No need to bleed constant updates. Send the all shebang in one | |
## fell swoop. | |
tcp_nodelay off; | |
} | |
## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. | |
location ^~ $drupal_dir/sites/default/files/audio/mp3 { | |
location ~* ^$drupal_dir/sites/default/files/audio/mp3/.*\.mp3$ { | |
directio 4k; # for XFS | |
## If you're using ext3 or similar uncomment the line below and comment the above. | |
#directio 512; # for ext3 or similar (block alignments) | |
tcp_nopush off; | |
aio on; | |
output_buffers 1 2M; | |
} | |
} | |
location ^~ $drupal_dir/sites/default/files/audio/ogg { | |
location ~* ^$drupal_dir/sites/default/files/audio/ogg/.*\.ogg$ { | |
directio 4k; # for XFS | |
## If you're using ext3 or similar uncomment the line below and comment the above. | |
#directio 512; # for ext3 or similar (block alignments) | |
tcp_nopush off; | |
aio on; | |
output_buffers 1 2M; | |
} | |
} | |
## Pseudo streaming of FLV files: | |
## http://wiki.nginx.org/HttpFlvStreamModule. | |
## If pseudo streaming isn't working, try to comment | |
## out in nginx.conf line with: | |
## add_header X-Frame-Options SAMEORIGIN; | |
location ^~ $drupal_dir/sites/default/files/video/flv { | |
location ~* ^/sites/default/files/video/flv/.*\.flv$ { | |
flv; | |
} | |
} | |
## Pseudo streaming of H264/AAC files. This requires an Nginx | |
## version greater or equal to 1.0.7 for the stable branch and | |
## greater or equal to 1.1.3 for the development branch. | |
## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. | |
location ^~ $drupal_dir/sites/default/files/video/mp4 { # videos | |
location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { | |
mp4; | |
mp4_buffer_size 1M; | |
mp4_max_buffer_size 5M; | |
} | |
} | |
location ^~ $drupal_dir/sites/default/files/audio/m4a { # audios | |
location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { | |
mp4; | |
mp4_buffer_size 1M; | |
mp4_max_buffer_size 5M; | |
} | |
} | |
## Advanced Help module makes each module provided README available. | |
location ^~ $drupal_dir/help/ { | |
location ~* ^/help/[^/]*/README\.txt$ { | |
## Include the specific FastCGI configuration. This is for a | |
## FCGI backend like php-cgi or php-fpm. | |
include apps/drupal/fastcgi_drupal.conf; | |
fastcgi_pass phpcgi; | |
## If proxying to apache comment the two lines above and | |
## uncomment the two lines below. | |
#proxy_pass http://phpapache/index.php?q=$uri; | |
#proxy_set_header Connection ''; | |
} | |
} | |
## Replicate the Apache <FilesMatch> directive of Drupal standard | |
## .htaccess. Disable access to any code files. Return a 404 to curtail | |
## information disclosure. Hide also the text files. | |
location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { | |
return 404; | |
} | |
## First we try the URI and relay to the /index.php?q=$uri&$args if not found. | |
try_files $uri @drupal; | |
} | |
########### Security measures ########## | |
## Uncomment the line below if you want to enable basic auth for | |
## access to all /admin URIs. Note that this provides much better | |
## protection if use HTTPS. Since it can easily be eavesdropped if you | |
## use HTTP. | |
#include apps/drupal/admin_basic_auth.conf; | |
## Restrict access to the strictly necessary PHP files. Reducing the | |
## scope for exploits. Handling of PHP code and the Drupal event loop. | |
location @drupal { | |
## Include the FastCGI config. | |
include apps/drupal/fastcgi_drupal.conf; | |
fastcgi_pass phpcgi; | |
## FastCGI microcache. | |
include apps/drupal/microcache_fcgi.conf; | |
## FCGI microcache for authenticated users also. | |
#include apps/drupal/microcache_fcgi_auth.conf; | |
## If proxying to apache comment the two lines above and | |
## uncomment the two lines below. | |
#proxy_pass http://phpapache/index.php?q=$uri; | |
#proxy_set_header Connection ''; | |
## Proxy microcache. | |
#include apps/drupal/microcache_proxy.conf; | |
## Proxy microcache for authenticated users also. | |
#include apps/drupal/microcache_proxy_auth.conf; | |
## Filefield Upload progress | |
## http://drupal.org/project/filefield_nginx_progress support | |
## through the NginxUploadProgress modules. | |
track_uploads uploads 60s; | |
} | |
location @drupal-no-args { | |
## Include the specific FastCGI configuration. This is for a | |
## FCGI backend like php-cgi or php-fpm. | |
include apps/drupal/fastcgi_no_args_drupal.conf; | |
fastcgi_pass phpcgi; | |
## FastCGI microcache. | |
include apps/drupal/microcache_fcgi.conf; | |
## FCGI microcache for authenticated users also. | |
#include apps/drupal/microcache_fcgi_auth.conf; | |
## If proxying to apache comment the two lines above and | |
## uncomment the two lines below. | |
#proxy_pass http://phpapache/index.php?q=$uri; | |
#proxy_set_header Connection ''; | |
## Proxy microcache. | |
#include apps/drupal/microcache_proxy.conf; | |
## Proxy microcache for authenticated users also. | |
#include apps/drupal/microcache_proxy_auth.conf; | |
} | |
## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return | |
## 404 as not to disclose information. | |
location ^~ $drupal_dir/.bzr { | |
return 404; | |
} | |
location ^~ $drupal_dir/.git { | |
return 404; | |
} | |
location ^~ $drupal_dir/.hg { | |
return 404; | |
} | |
location ^~ $drupal_dir/.svn { | |
return 404; | |
} | |
location ^~ $drupal_dir/.cvs { | |
return 404; | |
} | |
## Disallow access to patches directory. | |
location ^~ $drupal_dir/patches { | |
return 404; | |
} | |
## Disallow access to drush backup directory. | |
location ^~ $drupal_dir/backup { | |
return 404; | |
} | |
## Disable access logs for robots.txt. | |
location = $drupal_dir/robots.txt { | |
access_log off; | |
## Add support for the robotstxt module | |
## http://drupal.org/project/robotstxt. | |
try_files $uri @drupal-no-args; | |
} | |
## RSS feed support. | |
location = $drupal_dir/rss.xml { | |
try_files $uri @drupal-no-args; | |
} | |
## XML Sitemap support. | |
location = $drupal_dir/sitemap.xml { | |
try_files $uri @drupal-no-args; | |
} | |
## Support for favicon. Return an 1x1 transparent GIF if it doesn't | |
## exist. | |
location = $drupal_dir/favicon.ico { | |
expires 30d; | |
try_files /favicon.ico @empty; | |
} | |
## Return an in memory 1x1 transparent GIF. | |
location @empty { | |
expires 30d; | |
empty_gif; | |
} | |
## Any other attempt to access PHP files returns a 404. | |
location ~* ^.+\.php$ { | |
return 404; | |
} |
hi perusio I found this file through a drupal thread https://groups.drupal.org/node/315193 and have tried to apply this to my configuration following instructions you gave on that thread
nginx -t returns nginx.conf syntax is ok
but all I am getting is a bunch of 404's
so, I am thinking the problem is perhaps in the folder structure I am using
HTTP server.
Return (no rewrite) server block.
server {
## This is to avoid the spurious if for sub-domain name
## "rewriting".
listen 80; # IPv4
## Replace the IPv6 address by your own address. The address below
## was stolen from the wikipedia page on IPv6.
#listen [::]:80;
server_name www.demo.example.site;
return 301 $scheme://demo.example.site$request_uri;
} # server domain return.
HTTP server.
server {
listen 80; # IPv4
## Replace the IPv6 address by your own address. The address below
## was stolen from the wikipedia page on IPv6.
#listen [::]:80;
server_name demo.example.site;
limit_conn arbeit 32;
## Access and error logs.
access_log /var/log/nginx/demo.example.site_access.log;
error_log /var/log/nginx/demo.example.site_error.log;
## See the blacklist.conf file at the parent dir: /etc/nginx.
## Deny access based on the User-Agent header.
if ($bad_bot) {
return 444;
}
## Deny access based on the Referer header.
if ($bad_referer) {
return 444;
}
## Protection against illegal HTTP methods. Out of the box only HEAD,
## GET and POST are allowed.
if ($not_allowed_method) {
return 405;
}
## Filesystem root of the site and index.
root /usr/share/nginx/html/demo.example.site/mysubfolder;
index index.php;
## Use keep alive connections to the upstream be it
## FastCGI or Apache.
fastcgi_keep_conn on; # keep alive to the FCGI upstream
################################################################
### Generic configuration: for most Drupal 7 sites.
################################################################
include apps/drupal/drupal.conf;
can you see any reason why
The 'default' location.
location $drupal_dir/ {
would not work?
Please help, I've been trying to get my demo site to resolve to demo.example.site/mysubfolder for days now and with default drupal.conf without $drupal_dir it resolves to demo.example.site without any problems but on demo.example.site/mysubfolder I get the drupal's "page not found" 404 and I really need it to resolve to demo.example.site/mysubfolder as I plan to use demo.example.site to showcase some projects so there would be demo.example.site/mysubfolder_2 and demo.example.site/mysubfolder_3 etc...
Please help! I know you're busy and really tried not to bother you with comments here but I've been trying for days, googling for a solution etc but I got nowhere so....
See https://gist.github.com/perusio/9033447 for the
map
directive that creates$drupal_dir
. Replace the originaldrupal.conf
with the above.