Skip to content

Instantly share code, notes, and snippets.

@petemcw petemcw/assets.nginxconf
Last active Jul 1, 2019

What would you like to do?
Drupal-specific Nginx Configuration
# FILE: /etc/nginx/conf.d/assets.conf
# Directives to send expires headers and turn off 404 error logging for Static assets
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
access_log off;
log_not_found off;
expires max;
add_header Cache-Control public;
# FILE: /etc/nginx/sites-enabled/default.conf
server {
# Server settings
listen 80;
# Logging
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
# Configuration
include /etc/nginx/conf.d/drop.conf;
include /etc/nginx/conf.d/php.conf;
include /etc/nginx/conf.d/assets.conf;
include /etc/nginx/conf.d/drupal.conf;
# Environment
root /var/www/;
index index.php index.html index.htm;
# FILE: /etc/nginx/conf.d/drop.conf
# Do not log attempts for common files
location ~ ^/(favicon.ico|robots.txt) {
access_log off;
log_not_found off;
# Deny access to hidden files
location /. {
access_log off;
log_not_found off;
return 404;
# Deny obviously bad requests
location ~ \.(aspx|asp|jsp|cgi)$ {
return 410;
# FILE: /etc/nginx/conf.d/drupal.conf
# Deny access to files the public doesn't need
location ~* ^.+(\.(txt|log|engine|inc|info|install|make|module|profile|test|po|sh|sql|theme|tpl(\.php)?|xtmpl))$ {
# Deny access to other PHP files
location ~ \..*/.*\.php {
# Deny access to private and backups
location ~* ^/sites/.*/(private|files/backup_migrate)/ {
access_log off;
return 404;
# Attempt to serve the request by trying direct file, directory, Drupal Controller
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
expires max;
# Check:
location ~* (install|update|apc|info)\.php$ {
# do not cache dynamic content
expires off;
# php5 specific configuration options
include /etc/nginx/fastcgi.conf;
# Below locations are for image cache
location ~* files/styles {
access_log off;
log_not_found off;
expires max;
try_files $uri @image_rewrite;
location @image_rewrite {
rewrite ^/(.*)$ /index.php?q=$1 last;
# FILE: /etc/nginx/fastcgi.conf
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https if_not_empty;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 4k;
fastcgi_buffers 512 4k;
fastcgi_busy_buffers_size 8k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors off;
fastcgi_ignore_client_abort off;
fastcgi_pass_header *;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
# FILE: /etc/nginx/nginx.conf
user nginx nginx;
worker_processes 2;
pid /var/run/nginx/;
events {
worker_connections 1024;
accept_mutex off;
http {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# This tells Nginx to ignore the contents of a file it is sending
# and uses the kernel sendfile instead
sendfile on;
# Set this to on if you have sendfile on
# It will prepend the HTTP response headers before
# calling sendfile()
tcp_nopush on;
# This disables the "Nagle buggering algorithm" (Nginx Docs)
# Good for websites that send a lot of small requests that
# don't need a response
tcp_nodelay on;
# timeouts
keepalive_timeout 25;
send_timeout 30;
# general options
charset utf-8;
server_tokens off;
server_name_in_redirect off;
ignore_invalid_headers on;
recursive_error_pages on;
merge_slashes on;
underscores_in_headers on;
limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
types_hash_max_size 2048;
server_names_hash_bucket_size 128;
client_max_body_size 24m;
client_body_buffer_size 128k;
# compression
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_vary on;
gzip_static on;
gzip_min_length 1024;
gzip_buffers 32 8k;
gzip_comp_level 6;
gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
gzip_disable "MSIE [1-6].(?!.*SV1)";
upstream phpfpm {
server unix:/var/run/nginx/phpfpm.sock;
# include active sites
include /etc/nginx/sites-enabled/*;
# FILE: /etc/nginx/conf.d/php.conf
# Pass PHP scripts to PHP-FPM daemon
# Check:
location ~* \.php$ {
# do not cache dynamic content
expires off;
# filter out problem conditions
location ~ \..*/.*\.php$ { return 404; }
# bring in parameters
include /etc/nginx/fastcgi.conf;
# send requests to Upstream
fastcgi_pass phpfpm;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.