Last active
August 29, 2015 14:16
-
-
Save vanjor/b355d474a08b02d77d14 to your computer and use it in GitHub Desktop.
Nginx config snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# snippet 1 | |
# define a new log_format which support logging requestion_time and transter time | |
log_format combinedio '$remote_addr - $remote_user [$time_local] ' | |
'"$request" $status $body_bytes_sent ' | |
'"$http_referer" "$http_user_agent" $request_length $request_time $upstream_response_time'; | |
# snippet 2 | |
http { | |
gzip on; | |
gzip_min_length 1k; | |
gzip_buffers 4 16k; | |
gzip_comp_level 2; | |
# support to gzip transfer js,txt,png,etc.some js, need both application/javascript and application/x-javascript to fix some compatibility problems | |
# detail refer:http://www.webkaka.com/blog/archives/how-to-set-gzip-for-js-in-Nginx.html | |
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; | |
gzip_disable "MSIE [1-6]."; | |
# support move all site conf into sub folders | |
include include/*.conf; | |
} | |
# snippet 3 | |
# static resource control expires times | |
server{ | |
location = /image/ { | |
root /work/MediaService/image; | |
expires 30d; | |
} | |
} | |
# snippet 4 | |
# security issue controlling, prevent some sensitive documents being exposed | |
server{ | |
# deny rule | |
location ~* \.(svn|ht|txt|conf|doc|yaml|py|sh)$ { | |
deny all; | |
return 404; | |
} | |
location ~ /(scripts|system|serverconfig|application) { | |
deny all; | |
return 404; | |
} | |
} | |
# snippet 5 | |
# php fastcig config, | |
server { | |
location ~ \.php$ { | |
root /work/Dashboard; | |
fastcgi_pass 127.0.0.1:9000; | |
fastcgi_index index.php; | |
include fastcgi.conf; | |
fastcgi_connect_timeout 30s; | |
fastcgi_send_timeout 30s; | |
fastcgi_read_timeout 30s; | |
} | |
# url pattern without .php suffix for some framework need to routing all to index.php | |
location / { | |
# Check if a file or directory index file exists, else route it to index.php. | |
try_files $uri $uri/ /index.php?$args; | |
} | |
} | |
# snippet 6 | |
# rewrite and proxy_pass forward | |
location /api/ { | |
rewrite ^(.*)\.json $1 last; | |
proxy_pass http://domain2/data/; | |
# if not set, proxy_pass may defect for lost domain2 request header, request ip directly. | |
proxy_set_header Host domain2; | |
} | |
# if proxy_pass did not change the domain, could using following setting, pass_by all original request info | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header REMOTE-HOST $remote_addr; | |
proxy_set_header X-Forwarded-For $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# snippet 7 | |
# support username/password visit access control by nginx native way | |
# set username:password:htpasswd -c /work/subversion/websvn/config/passwd.d username | |
# reference http://linux.it.net.cn/e/server/nginx/2014/1120/8498.html | |
location ~ \.php$ { | |
root /work/subversion/websvn/; | |
fastcgi_pass 127.0.0.1:9000; | |
fastcgi_index index.php; | |
include fastcgi.conf; | |
auth_basic "closed site"; | |
auth_basic_user_file /work/subversion/websvn/config/passwd.db; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment