Created
October 20, 2015 09:06
-
-
Save romiras/9079e8e09cc9e3168e2f to your computer and use it in GitHub Desktop.
Redmine, DokuWiki, ownCloud - powered by NGINX with PHP5-FPM & Passenger
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream php-handler { | |
server 127.0.0.1:9000; | |
# server unix:/var/run/php5-fpm.sock; | |
} | |
server { | |
listen 80; | |
server_name example.com localhost; | |
root /var/www; | |
passenger_enabled on; | |
passenger_ruby /usr/bin/ruby1.9.1; | |
#error_page 404 /404.html; | |
# redirect server error pages to the static page /50x.html | |
# | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
location / { | |
index index.php index.html; | |
} | |
# Redmine | |
location /redmine { | |
alias /var/www-apps/redmine/public; | |
passenger_document_root /var/www-apps/redmine/public; | |
passenger_base_uri /redmine; | |
} | |
# DokuWiki | |
location /doku { | |
index doku.php; | |
try_files $uri $uri/ @dokuwiki; | |
} | |
location ~ /\.ht { | |
deny all; | |
} | |
location ~ /(data/|conf/|bin/|inc/|install.php) { | |
deny all; | |
} | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | |
expires 31536000s; | |
add_header Pragma "public"; | |
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate"; | |
log_not_found off; | |
} | |
location @dokuwiki { | |
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; | |
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; | |
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; | |
rewrite ^/(.*) /doku.php?id=$1&$args last; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass php-handler; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
# ownCloud | |
location /owncloud { | |
# enforce https | |
return 301 https://$host:8443$request_uri; | |
} | |
} | |
server { | |
# listen on port 8443 instead of 443 | |
listen 8443 ssl; | |
server_name example.com localhost; | |
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; #/etc/ssl/nginx/cert.pem; | |
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; #/etc/ssl/nginx/cert.key; | |
# Path to the root of your installation | |
root /var/www/; | |
# set max upload size | |
client_max_body_size 5G; | |
fastcgi_buffers 64 4K; | |
# Disable gzip to avoid the removal of the ETag header | |
gzip off; | |
# Uncomment if your server is build with the ngx_pagespeed module | |
# This module is currently not supported. | |
#pagespeed off; | |
location / { | |
index index.html; | |
} | |
#error_page 404 /404.html; | |
# redirect server error pages to the static page /50x.html | |
# | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
# Subversion | |
location /svn { | |
proxy_pass https://localhost:8443/svn; | |
} | |
# ownCloud blacklist | |
location ~ ^/owncloud/(?:\.htaccess|data|config|db_structure\.xml|README) { | |
deny all; | |
error_page 403 = /owncloud/core/templates/403.php; | |
} | |
location /owncloud/ { | |
error_page 403 = /owncloud/core/templates/403.php; | |
error_page 404 = /owncloud/core/templates/404.php; | |
rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect; | |
rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect; | |
rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect; | |
rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html; | |
# The following 2 rules are only needed with webfinger | |
rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last; | |
rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last; | |
rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect; | |
rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect; | |
try_files $uri $uri/ index.php; | |
} | |
location ~ \.php(?:$|/) { | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
include fastcgi_params; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param PATH_INFO $fastcgi_path_info; | |
fastcgi_param HTTPS on; | |
fastcgi_pass php-handler; | |
fastcgi_intercept_errors on; | |
} | |
# # Optional: set long EXPIRES header on static assets | |
# location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf))$ { | |
# expires 30d; | |
# # Optional: Don't log access to assets | |
# access_log off; | |
# } | |
# Replaced by lines below | |
# Adding the cache control header for JS and CSS files | |
# Make sure it is BELOW the location ~ \.php(?:$|/) { block | |
#location ~* \.(?:css|js)$ { | |
location ~* ^/owncloud(/.+\.(css|js))$ { | |
add_header Cache-Control "public, max-age=7200"; | |
# Add headers to serve security related headers | |
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; | |
add_header X-Content-Type-Options nosniff; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Robots-Tag none; | |
# Optional: Don't log access to assets | |
access_log off; | |
} | |
# Optional: Don't log access to other assets | |
#location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { | |
location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|swf))$ { | |
access_log off; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes 2; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 768; | |
# multi_accept on; | |
} | |
http { | |
## | |
# Basic Settings | |
## | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
# server_tokens off; | |
# server_names_hash_bucket_size 64; | |
# server_name_in_redirect off; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
## | |
# SSL Settings | |
## | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE | |
ssl_prefer_server_ciphers on; | |
## | |
# Logging Settings | |
## | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
## | |
# Gzip Settings | |
## | |
gzip on; | |
gzip_disable "msie6"; | |
# gzip_vary on; | |
# gzip_proxied any; | |
# gzip_comp_level 6; | |
# gzip_buffers 16 8k; | |
# gzip_http_version 1.1; | |
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; | |
## | |
# Phusion Passenger config | |
## | |
# Uncomment it if you installed passenger or passenger-enterprise | |
## | |
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini; | |
passenger_ruby /usr/bin/passenger_free_ruby; | |
## | |
# Virtual Host Configs | |
## | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment