Skip to content

Instantly share code, notes, and snippets.

@tzkmx
Created January 9, 2017 18:55
Show Gist options
  • Save tzkmx/d3922b0c2feeac1fe8d7249ac0b5e3ae to your computer and use it in GitHub Desktop.
Save tzkmx/d3922b0c2feeac1fe8d7249ac0b5e3ae to your computer and use it in GitHub Desktop.
Custom templates Plesk Nginx + PHP-FPM (SSL Force redirection, no proxy through Apache)
<?php
/**
* @see /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainSslForceRedirection.php
* @var Template_VariableAccessor $VAR
* @var array $OPT
*/
?>
server {
listen <?php echo $OPT['ipAddress']->escapedAddress . ':' . $OPT['frontendPort']; ?>;
server_name <?php echo $VAR->domain->asciiName ?>;
<?php if ($VAR->domain->isWildcard): ?>
server_name ~^<?php echo $VAR->domain->pcreName ?>$;
<?php else: ?>
server_name www.<?php echo $VAR->domain->asciiName ?>;
<?php if ($OPT['ipAddress']->isIpV6()): ?>
server_name ipv6.<?php echo $VAR->domain->asciiName ?>;
<?php else: ?>
server_name ipv4.<?php echo $VAR->domain->asciiName ?>;
<?php endif ?>
<?php endif ?>
location / {
return 301 https://<?php echo $VAR->domain->asciiName ;?>$request_uri;
}
}
<?php
/**
* @see /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
* @var Template_VariableAccessor $VAR
* @var array $OPT
*/
?>
server {
listen <?php echo $OPT['ipAddress']->escapedAddress . ':' . $OPT['frontendPort'] .
($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') .
($OPT['ssl'] && $VAR->domain->physicalHosting->proxySettings['nginxHttp2'] ? ' http2' : '') ?>;
server_name <?php echo $VAR->domain->asciiName ?>;
<?php if ($VAR->domain->isWildcard): ?>
server_name ~^<?php echo $VAR->domain->pcreName ?>$;
<?php else: ?>
server_name www.<?php echo $VAR->domain->asciiName ?>;
<?php if ($OPT['ipAddress']->isIpV6()): ?>
server_name ipv6.<?php echo $VAR->domain->asciiName ?>;
<?php else: ?>
server_name ipv4.<?php echo $VAR->domain->asciiName ?>;
<?php endif ?>
<?php endif ?>
<?php // ignoring webAliases at this moment * 06 Ene 2017 : jfranco * ?>
<?php // ignoring previewDomainName at this moment * 06 Ene 2017 : jfranco * ?>
<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $VAR->server->sni && $VAR->domain->physicalHosting->sslCertificate ?
$VAR->domain->physicalHosting->sslCertificate :
$OPT['ipAddress']->sslCertificate; ?>
<?php if ($sslCertificate->ce): ?>
ssl_certificate <?php echo $sslCertificate->ceFilePath ?>;
ssl_certificate_key <?php echo $sslCertificate->ceFilePath ?>;
<?php if ($sslCertificate->ca): ?>
ssl_client_certificate <?php echo $sslCertificate->caFilePath ?>;
<?php endif ?>
<?php endif ?>
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
<?php endif ?>
<?php if (!empty($VAR->domain->physicalHosting->proxySettings['nginxClientMaxBodySize'])): ?>
client_max_body_size <?php echo $VAR->domain->physicalHosting->proxySettings['nginxClientMaxBodySize'] ?>;
<?php endif; ?>
<?php if ($VAR->domain->physicalHosting->scriptTimeout): ?>
proxy_read_timeout <?php echo min($VAR->domain->physicalHosting->scriptTimeout, 2147483); ?>;
<?php endif; ?>
root "<?php echo $OPT['ssl'] ? $VAR->domain->physicalHosting->httpsDir : $VAR->domain->physicalHosting->httpDir ?>";
access_log "<?php echo $VAR->domain->physicalHosting->logsDir . '/' . ($OPT['ssl'] ? 'proxy_access_ssl_log' : 'proxy_access_log') ?>";
error_log "<?php echo $VAR->domain->physicalHosting->logsDir . '/proxy_error_log' ?>";
<?php if ($OPT['default']): ?>
<?php echo $VAR->includeTemplate('service/nginxSitePreview.php') ?>
<?php endif ?>
<?php echo $VAR->includeTemplate('domain/service/nginxSeoSafeRedirects.php', array('ssl' => $OPT['ssl'])); ?>
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_comp_level 6;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/x-javascript text/xml text/css;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location = / { index index.php; }
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass <?php echo $VAR->domain->asciiName; ?>;
include /etc/nginx/fastcgi.conf;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 200 3m;
}
<?php echo $VAR->includeTemplate('domain/service/fastcgi_cache_check.php'); ?>
<?php // ignoring TransparentMode && ServeStatic at this moment * 06 Ene 2017 : jfranco * ?>
<?php if (is_file($VAR->domain->physicalHosting->customNginxConfigFile)): ?>
include "<?php echo $VAR->domain->physicalHosting->customNginxConfigFile ?>";
<?php endif; ?>
}
<?php
/**
* @see /usr/local/psa/admin/conf/templates/custom/domain/service/fastcgi_cache_check.php
*/
?>
#fastcgi_cache start
set $no_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $no_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
# /etc/nginx/conf.d/fastcgi_cache.conf
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:4096m inactive=120m;
fastcgi_cache_key "$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header updating http_500;
<?php echo AUTOGENERATED_CONFIGS; ?>
<?php
/**
* @see /usr/local/psa/admin/conf/templates/custom/nginxDomainVhost.php
* @var Template_VariableAccessor $VAR
*/
?>
<?php if ($VAR->domain->disabled): ?>
# Domain is disabled
<?php return ?>
<?php endif ?>
upstream <?php echo $VAR->domain->asciiName; ?> {
server <?php echo $VAR->domain->physicalHosting->fpmSocket; ?>;
}
add_header X-Cache $upstream_cache_status;
<?php if ($VAR->domain->physicalHosting->ssl): ?>
<?php foreach ($VAR->domain->physicalHosting->ipAddresses as $ipAddress): ?>
<?php if ($ipAddress->defaultDomainId != $VAR->domain->id): ?>
<?php echo $VAR->includeTemplate('domain/nginxDomainVirtualHost.php',
array(
'ssl' => true,
'frontendPort' => $VAR->server->nginx->httpsPort,
'backendPort' => $VAR->server->webserver->httpsPort,
'documentRoot' => $VAR->domain->physicalHosting->httpsDir,
'ipAddress' => $ipAddress,
'default' => false,
)) ?>
<?php echo $VAR->includeTemplate('domain/nginxDomainSslForceRedirection.php',
array(
'frontendPort' => $VAR->server->nginx->httpPort,
'ipAddress' => $ipAddress,
)); ?>
<?php endif ?>
<?php endforeach ?>
<?php return ?>
<?php endif ?>
<?php foreach ($VAR->domain->physicalHosting->ipAddresses as $ipAddress): ?>
<?php if ($ipAddress->defaultDomainId != $VAR->domain->id): ?>
<?php echo $VAR->includeTemplate('domain/nginxDomainVirtualHost.php',
array(
'ssl' => false,
'frontendPort' => $VAR->server->nginx->httpPort,
'backendPort' => $VAR->server->webserver->httpPort,
'documentRoot' => $VAR->domain->physicalHosting->httpDir,
'ipAddress' => $ipAddress,
'default' => false,
)) ?>
<?php endif ?>
<?php endforeach ?>
# /etc/nginx/conf.d/openfilecache.conf
open_file_cache max=1000;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment