thynan/drupal-nginx-snippet

## drupal-nginx-snippet
location / {

  ## Trying to access private files directly returns a 404.
  location ^~ /sites/default/files/private/ {
    internal;
  }

  ## Drupal 7 generated image handling, i.e., imagecache in core. See:
  ## http://drupal.org/node/371374.
  location ~* /files/styles/ {
    ## Image hotlinking protection. If you want hotlinking
    ## protection for your images uncomment the following line.
    #include apps/drupal/hotlinking_protection.conf;

    access_log off;
    expires 30d;
    try_files $uri @rewrite;
  }

  ## All static files will be served directly.
  location ~* ^(?!/system/files).*\.(css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
    access_log off;
    expires 30d;
    ## No need to bleed constant updates. Send the all shebang in one fell swoop.
    tcp_nodelay off;
    ## Set the OS file cache.
    open_file_cache max=3000 inactive=120s;
    open_file_cache_valid 45s;
    open_file_cache_min_uses 2;
    open_file_cache_errors off;
  }

  location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
    return 404;
  }

  try_files $uri @rewrite;
}

location @rewrite {
  access_log off;
  expires 30d;
  rewrite ^ /index.php;
}

## Any other attempt to access PHP files returns a 404.
location ~* ^.+\.php$ {
  return 404;
}

location ~* \.(txt|log)$ {
  allow 192.168.0.0/16;
  deny all;
}

location ~ (^|/)\. {
  return 403;
}
	location / {

	## Trying to access private files directly returns a 404.
	location ^~ /sites/default/files/private/ {
	internal;
	}

	## Drupal 7 generated image handling, i.e., imagecache in core. See:
	## http://drupal.org/node/371374.
	location ~* /files/styles/ {
	## Image hotlinking protection. If you want hotlinking
	## protection for your images uncomment the following line.
	#include apps/drupal/hotlinking_protection.conf;

	access_log off;
	expires 30d;
	try_files $uri @rewrite;
	}

	## All static files will be served directly.
	location ~* ^(?!/system/files).*\.(css\|cur\|js\|jpe?g\|gif\|htc\|ico\|png\|html\|xml\|otf\|ttf\|eot\|woff\|svg)$ {
	access_log off;
	expires 30d;
	## No need to bleed constant updates. Send the all shebang in one fell swoop.
	tcp_nodelay off;
	## Set the OS file cache.
	open_file_cache max=3000 inactive=120s;
	open_file_cache_valid 45s;
	open_file_cache_min_uses 2;
	open_file_cache_errors off;
	}

	location ~* ^(?:.+\.(?:htaccess\|make\|txt\|engine\|inc\|info\|install\|module\|profile\|po\|pot\|sh\|.sql\|test\|theme\|tpl(?:\.php)?\|xtmpl)\|code-style\.pl\|/Entries.\|/Repository\|/Root\|/Tag\|/Template)$ {
	return 404;
	}

	try_files $uri @rewrite;
	}

	location @rewrite {
	access_log off;
	expires 30d;
	rewrite ^ /index.php;
	}

	## Any other attempt to access PHP files returns a 404.
	location ~* ^.+\.php$ {
	return 404;
	}

	location ~* \.(txt\|log)$ {
	allow 192.168.0.0/16;
	deny all;
	}

	location ~ (^\|/)\. {
	return 403;
	}