Skip to content

Instantly share code, notes, and snippets.

@popstas

popstas/git.home.popstas.ru.conf

Last active May 20, 2018 22:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save popstas/b91836340ba24bfaf7af5772df029062 to your computer and use it in GitHub Desktop.
Save popstas/b91836340ba24bfaf7af5772df029062 to your computer and use it in GitHub Desktop.
Download ZIP
nginx-site configs
Raw
git.home.popstas.ru.conf
server {
listen 443 ssl http2;
server_name git.home.popstas.ru;
access_log off;
ssl_certificate /etc/letsencrypt/live/git.home.popstas.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.home.popstas.ru/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://localhost:10080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /.well-known {
root /usr/share/nginx/html;
allow all;
}
}
Raw
popstas.ru.conf
server {
# Redirect to main domain
listen 443 ssl http2;
server_name www.popstas.ru ;
ssl_certificate /home/popstas/certs/popstas.ru.fullchain;
ssl_certificate_key /home/popstas/certs/popstas.ru.key;
return 301 https://popstas.ru$request_uri;
}
server {
# Redirect to main domain
listen 80;
server_name popstas.ru www.popstas.ru ;
return 301 https://popstas.ru$request_uri;
}
server {
listen 443 ssl http2;
server_name popstas.ru ;
root /home/popstas/www/popstas.ru;
index index.php index.html;
ssl_certificate /home/popstas/certs/popstas.ru.fullchain;
ssl_certificate_key /home/popstas/certs/popstas.ru.key;
add_header Strict-Transport-Security "max-age=15768000"; # HSTS
# site_nginx_engine_server
location / {
# site_nginx_location_static_files
# Static files location
location ~* ^.+\.(?:jpg|jpeg|gif|png|ico|css|less|zip|tgz|gz|rar|bz2|doc|docx|xls|xlsx|ppt|ppts|pptsx|exe|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|woff|woff2|eot|ttf|cur|svg)$
{
access_log off;
log_not_found off;
expires 30d;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
#try_files $uri /404.html @fallback;
}
## PDFs and powerpoint files handling.
location ~* ^.+\.(?:pdf|pptx?)$ {
expires 30d;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
}
# site_nginx_location_php
# need for urls such /index.php
location ~* ^.+\.php$ {
proxy_pass http://apache;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# for pass Basic auth from nginx to php-fpm for bitrix
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header Authorization $http_authorization;
}
# site_nginx_custom_root_location
try_files $uri @rewrite;
}
# site_nginx_location_rewrite
location @rewrite {
access_log /var/log/nginx/access.log combined_host;
access_log /var/log/nginx/drupal_cache_hit.log drupal_cache_hit;
proxy_pass http://apache;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# for pass Basic auth from nginx to php-fpm for bitrix
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header Authorization $http_authorization;
}
# end of @rewrite
# site_nginx_location_default
location = /clientstat {
return 200;
access_log /var/log/nginx/clientstat.access.log combined_host;
}
## see more settings for mp3, ogg, mp4, flv at https://github.com/perusio/drupal-with-nginx
## Replicate the Apache <FilesMatch> directive of Drupal standard
## .htaccess. Disable access to any code files. Return a 404 to curtail
## information disclosure. Hide also the text files.
location ~* ^(?:.+\.(?:htaccess|make|txt|md|engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
return 404;
}
location /\.git {
deny all;
}
location /backup {
deny all;
}
location /build {
deny all;
}
location /logs {
deny all;
}
location /patches {
deny all;
}
location /tmp {
deny all;
}
location /modified.txt {
deny all;
}
location ~ /site_tests.json {
return 404;
}
## Disable access logs for robots.txt.
location = /robots.txt {
access_log off;
}
## RSS feed support.
location = /rss.xml {
try_files $uri @rewrite;
}
## XML Sitemap support.
location = /sitemap.xml {
try_files $uri @rewrite;
}
## xmlrpc support.
location = /xmlrpc.php {
proxy_pass http://apache;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
## Support for favicon. Return a 204 (No Content) if the favicon
## doesn't exist.
location = /favicon.ico {
access_log off;
try_files /favicon.ico =204;
}
location = /404.html {
internal;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment