romiras/my.conf

## my.conf
upstream php-handler {
    server 127.0.0.1:9000;
#    server unix:/var/run/php5-fpm.sock;
}

server {
    listen       80;
    server_name  example.com localhost;

    root   /var/www;

    passenger_enabled on;
    passenger_ruby /usr/bin/ruby1.9.1;

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location / {
        index  index.php index.html;
    }

    # Redmine
    location /redmine {
        alias /var/www-apps/redmine/public;
        passenger_document_root /var/www-apps/redmine/public;
        passenger_base_uri /redmine;
    }

    # DokuWiki
    location /doku {
        index doku.php;
        try_files $uri $uri/ @dokuwiki;
    }

    location ~ /\.ht {
        deny all;
    }
    location ~ /(data/|conf/|bin/|inc/|install.php) {
        deny all;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 31536000s;
        add_header Pragma "public";
        add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
        log_not_found off;
    }

    location @dokuwiki {
        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
        rewrite ^/(.*) /doku.php?id=$1&$args last;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-handler;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # ownCloud
    location /owncloud {
        # enforce https
        return 301 https://$host:8443$request_uri;
    }

}

server {
    # listen on port 8443 instead of 443
    listen 8443 ssl;
    server_name example.com localhost;

    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; #/etc/ssl/nginx/cert.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; #/etc/ssl/nginx/cert.key;

    # Path to the root of your installation
    root /var/www/;

    # set max upload size
    client_max_body_size 5G;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        index  index.html;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # Subversion
    location /svn {
        proxy_pass https://localhost:8443/svn;
    }

    # ownCloud blacklist
    location ~ ^/owncloud/(?:\.htaccess|data|config|db_structure\.xml|README) {
        deny all;
        error_page 403 = /owncloud/core/templates/403.php;
    }

    location /owncloud/ {
        error_page 403 = /owncloud/core/templates/403.php;
        error_page 404 = /owncloud/core/templates/404.php;

        rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect;
        rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect;
        rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect;

        rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;

        # The following 2 rules are only needed with webfinger
        rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;

        rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
        rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;

        try_files $uri $uri/ index.php;
    }

    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_pass php-handler;
	fastcgi_intercept_errors on;
    }

#    # Optional: set long EXPIRES header on static assets
#    location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf))$ {
#        expires 30d;
#        # Optional: Don't log access to assets
#        access_log off;
#    }
# Replaced by lines below

    # Adding the cache control header for JS and CSS files
    # Make sure it is BELOW the location ~ \.php(?:$|/) { block
    #location ~* \.(?:css|js)$ {
    location ~* ^/owncloud(/.+\.(css|js))$ {
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        # Optional: Don't log access to assets
        access_log off;
    }

    # Optional: Don't log access to other assets
    #location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|swf))$ {
        access_log off;
    }
}

## nginx.conf

user  www-data;
worker_processes  2;

pid        /var/run/nginx.pid;


events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Phusion Passenger config
	##
	# Uncomment it if you installed passenger or passenger-enterprise
	##

	passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
	passenger_ruby /usr/bin/passenger_free_ruby;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}
	upstream php-handler {
	server 127.0.0.1:9000;
	# server unix:/var/run/php5-fpm.sock;
	}

	server {
	listen 80;
	server_name example.com localhost;

	root /var/www;

	passenger_enabled on;
	passenger_ruby /usr/bin/ruby1.9.1;

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	location / {
	index index.php index.html;
	}

	# Redmine
	location /redmine {
	alias /var/www-apps/redmine/public;
	passenger_document_root /var/www-apps/redmine/public;
	passenger_base_uri /redmine;
	}

	# DokuWiki
	location /doku {
	index doku.php;
	try_files $uri $uri/ @dokuwiki;
	}

	location ~ /\.ht {
	deny all;
	}
	location ~ /(data/\|conf/\|bin/\|inc/\|install.php) {
	deny all;
	}

	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {
	expires 31536000s;
	add_header Pragma "public";
	add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
	log_not_found off;
	}

	location @dokuwiki {
	rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
	rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
	rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
	rewrite ^/(.*) /doku.php?id=$1&$args last;
	}

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass php-handler;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}

	# ownCloud
	location /owncloud {
	# enforce https
	return 301 https://$host:8443$request_uri;
	}

	}

	server {
	# listen on port 8443 instead of 443
	listen 8443 ssl;
	server_name example.com localhost;

	ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; #/etc/ssl/nginx/cert.pem;
	ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; #/etc/ssl/nginx/cert.key;

	# Path to the root of your installation
	root /var/www/;

	# set max upload size
	client_max_body_size 5G;
	fastcgi_buffers 64 4K;

	# Disable gzip to avoid the removal of the ETag header
	gzip off;

	# Uncomment if your server is build with the ngx_pagespeed module
	# This module is currently not supported.
	#pagespeed off;

	location / {
	index index.html;
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	# Subversion
	location /svn {
	proxy_pass https://localhost:8443/svn;
	}

	# ownCloud blacklist
	location ~ ^/owncloud/(?:\.htaccess\|data\|config\|db_structure\.xml\|README) {
	deny all;
	error_page 403 = /owncloud/core/templates/403.php;
	}

	location /owncloud/ {
	error_page 403 = /owncloud/core/templates/403.php;
	error_page 404 = /owncloud/core/templates/404.php;

	rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect;

	rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;

	# The following 2 rules are only needed with webfinger
	rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
	rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;

	rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
	rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;

	try_files $uri $uri/ index.php;
	}

	location ~ \.php(?:$\|/) {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param HTTPS on;
	fastcgi_pass php-handler;
	fastcgi_intercept_errors on;
	}

	# # Optional: set long EXPIRES header on static assets
	# location ~* ^/owncloud(/.+\.(jpg\|jpeg\|gif\|bmp\|ico\|png\|css\|js\|swf))$ {
	# expires 30d;
	# # Optional: Don't log access to assets
	# access_log off;
	# }
	# Replaced by lines below

	# Adding the cache control header for JS and CSS files
	# Make sure it is BELOW the location ~ \.php(?:$\|/) { block
	#location ~* \.(?:css\|js)$ {
	location ~* ^/owncloud(/.+\.(css\|js))$ {
	add_header Cache-Control "public, max-age=7200";
	# Add headers to serve security related headers
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	# Optional: Don't log access to assets
	access_log off;
	}

	# Optional: Don't log access to other assets
	#location ~* \.(?:jpg\|jpeg\|gif\|bmp\|ico\|png\|swf)$ {
	location ~* ^/owncloud(/.+\.(jpg\|jpeg\|gif\|bmp\|ico\|png\|swf))$ {
	access_log off;
	}
	}

	user www-data;
	worker_processes 2;

	pid /var/run/nginx.pid;


	events {
	worker_connections 768;
	# multi_accept on;
	}

	http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Phusion Passenger config
	##
	# Uncomment it if you installed passenger or passenger-enterprise
	##

	passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
	passenger_ruby /usr/bin/passenger_free_ruby;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	}