Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- mode: nginx; mode: flyspell-prog; ispell-current-dictionary: american -*-
- ### Configuration for example.com.
- ## Return (no rewrite) server block.
- #server {
- ## This is to avoid the spurious if for sub-domain name
- ## "rewriting".
- #listen 80; # IPv4
- ## Replace the IPv6 address by your own address. The address below
- ## was stolen from the wikipedia page on IPv6.
- ##listen [fe80::a00:27ff:fee0:8f1/64]:80 ipv6only=on;
- #server_name mysite.net www.mysite.net;
- #return 301 $scheme://192.168.1.95$request_uri;
- #} # server domain return.
- ## HTTP server.
- server {
- listen 8080; # IPv4
- ## Replace the IPv6 address by your own address. The address below
- ## was stolen from the wikipedia page on IPv6.
- ##listen [fe80::202:b3ff:fe1e:8330]:80 ipv6only=on;
- server_name mysite.net www.mysite.net;
- limit_conn arbeit 32;
- ## Access and error logs.
- access_log /srv/www/mysite/logs/access.log;
- error_log /srv/www/mysite/logs/error.log debug;
- ## See the blacklist.conf file at the parent dir: /etc/nginx.
- ## Deny access based on the User-Agent header.
- if ($bad_bot) {
- return 444;
- }
- ## Deny access based on the Referer header.
- if ($bad_referer) {
- return 444;
- }
- ## Protection against illegal HTTP methods. Out of the box only HEAD,
- ## GET and POST are allowed.
- if ($not_allowed_method) {
- return 405;
- }
- ## Filesystem root of the site and index.
- root /srv/www/mysite/public;
- index index.php;
- location ~ \.php$ {
- try_files $uri = 404;
- fastcgi_pass phpcgi;
- include /etc/nginx/apps/drupal/fastcgi_drupal.conf;
- }
- location ^~ files/advagg_(?:css|js)/ {
- # access_log off;
- # expires max;
- # add_header ETag "";
- # add_header Cache-Control "max-age=290304000, no-transform, public";
- #add_header Last-Modifi#ed "Wed, 20 Jan 1988 04:20:42 GMT";
- #try_files $uri @drupal;
- deny all;
- }
- ## If you're using a Nginx version greater or equal to 1.1.4 then
- ## you can use keep alive connections to the upstream be it
- ## FastCGI or Apache. If that's not the case comment out the line below.
- fastcgi_keep_conn on; # keep alive to the FCGI upstream
- ## Uncomment if you're proxying to Apache for handling PHP.
- #proxy_http_version 1.1; # keep alive to the Apache upstream
- ################################################################
- ### Generic configuration: for most Drupal 7 sites.
- ################################################################
- include apps/drupal/drupal.conf;
- ################################################################
- ### Configuration for Drupal 7 sites to serve URIs that need
- ### to be **escaped**
- ################################################################
- #include apps/drupal/drupal_escaped.conf;
- #################################################################
- ### Configuration for Drupal 7 sites that use boost.
- #################################################################
- #include apps/drupal/drupal_boost.conf;
- #################################################################
- ### Configuration for Drupal 7 sites that use boost if having
- ### to serve URIs that need to be **escaped**
- #################################################################
- #include apps/drupal/drupal_boost_escaped.conf;
- #################################################################
- ### Configuration for updating the site via update.php and running
- ### cron externally. If you don't use drush for running cron use
- ### the configuration below.
- #################################################################
- #include apps/drupal/drupal_cron_update.conf;
- ################################################################
- ### Installation handling. This should be commented out after
- ### installation if on an already installed site there's no need
- ### to touch it. If on a yet to be installed site. Uncomment the
- ### line below and comment out after installation. Note that
- ### there's a basic auth in front as secondary ligne of defense.
- ################################################################
- #include apps/drupal/drupal_install.conf;
- #################################################################
- ### Support for upload progress bar. Configurations differ for
- ### Drupal 6 and Drupal 7.
- #################################################################
- include apps/drupal/drupal_upload_progress.conf;
- ## Including the php-fpm status and ping pages config.
- ## Uncomment to enable if you're running php-fpm.
- include php_fpm_status_vhost.conf;
- ## Including the Nginx stub status page for having stats about
- ## Nginx activity: http://wiki.nginx.org/HttpStubStatusModule.
- include nginx_status_vhost.conf;
- } # HTTP server
- ## Return (no rewrite) server block.
- #server {
- # ## This is to avoid the spurious if for sub-domain name
- # ## "rewriting".
- # ## Comment the line below if you're using SPDY.
- # listen 443 ssl;
- # ## Uncomment the line below if you're using SPDY.
- # #listen 443 ssl spdy; # IPv4
- #
- # ## Replace the IPv6 address by your own address. The address below
- # ## was stolen from the wikipedia page on IPv6.
- #
- # ## Comment the line below if you're using SPDY.
- # #listen [fe80::a00:27ff:fee0:8f1/64]:443 ssl ipv6only=on;
- # ## Uncomment the line below if you're using SPDY.
- # #listen [fe80::202:b3ff:fe1e:8329]:443 ssl spdy ipv6only=on;
- #
- # server_name mysite.net www.mysite.net;
- #
- # ## Keep alive timeout set to a greater value for SSL/TLS.
- # keepalive_timeout 75 75;
- #
- # ## See the keepalive_timeout directive in nginx.conf.
- # ## Server certificate and key.
- # ssl_certificate /etc/nginx/ssl/server.crt;
- # ssl_certificate_key /etc/nginx/ssl/server.key;
- #
- # return 301 $scheme://192.168.1.95$request_uri;
- #
- #} # server domain return.
- ## HTTPS server.
- server {
- ## Comment the line below if you're using SPDY.
- listen 443 ssl;
- ## Uncomment the line below if you're using SPDY.
- #listen 443 ssl spdy;
- ## Replace the IPv6 address by your own address. The address below
- ## was stolen from the wikipedia page on IPv6.
- ## Comment the line below if you're using SPDY.
- #listen [fe80::202:b3ff:fe1e:8330]:443 ssl spdy ipv6only=on;
- #server_name mysite www.mysite.net;
- limit_conn arbeit 32;
- ## Access and error logs.
- access_log /srv/www/mysite/logs/access.log;
- error_log /srv/www/mysite/logs/error.log;
- ## Keep alive timeout set to a greater value for SSL/TLS.
- keepalive_timeout 75 75;
- ## See the keepalive_timeout directive in nginx.conf.
- ## Server certificate and key.
- ssl_certificate /etc/nginx/ssl/server.crt;
- ssl_certificate_key /etc/nginx/ssl/server.key;
- ## Strict Transport Security header for enhanced security. See
- ## http://www.chromium.org/sts. I've set it to 2 hours; set it to
- ## whichever age you want.
- add_header Strict-Transport-Security "max-age=7200";
- root /srv/www/mysite/public;
- index index.php;
- location ~ \.php$ {
- try_files $uri = 404;
- fastcgi_pass phpcgi;
- include apps/drupal/fastcgi_drupal.conf;
- }
- ## If you're using a Nginx version greater or equal to 1.1.4 then
- ## you can use keep alive connections to the upstream be it
- ## FastCGI or Apache. If that's not the case comment out the line below.
- fastcgi_keep_conn on; # keep alive to the FCGI upstream
- ## Uncomment if you're proxying to Apache for handling PHP.
- #proxy_http_version 1.1; # keep alive to the Apache upstream
- ## See the blacklist.conf file at the parent dir: /etc/nginx.
- ## Deny access based on the User-Agent header.
- if ($bad_bot) {
- return 444;
- }
- ## Deny access based on the Referer header.
- if ($bad_referer) {
- return 444;
- }
- ## Protection against illegal HTTP methods. Out of the box only HEAD,
- ## GET and POST are allowed.
- if ($not_allowed_method) {
- return 405;
- }
- ################################################################
- ### Generic configuration: for most Drupal 7 sites.
- ################################################################
- include apps/drupal/drupal.conf;
- ################################################################
- ### Configuration for Drupal 7 sites to serve URIs that need
- ### to be **escaped**
- ################################################################
- #include apps/drupal/drupal_escaped.conf;
- #################################################################
- ### Configuration for Drupal 7 sites that use boost.
- #################################################################
- #include apps/drupal/drupal_boost.conf;
- #################################################################
- ### Configuration for Drupal 7 sites that use boost if having
- ### to serve URIs that need to be **escaped**
- #################################################################
- #include apps/drupal/drupal_boost_escaped.conf;
- #################################################################
- ### Configuration for updating the site via update.php and running
- ### cron externally. If you don't use drush for running cron use
- ### the configuration below.
- #################################################################
- #include apps/drupal/drupal_cron_update.conf;
- ################################################################
- ### Installation handling. This should be commented out after
- ### installation if on an already installed site there's no need
- ### to touch it. If on a yet to be installed site. Uncomment the
- ### line below and comment out after installation. Note that
- ### there's a basic auth in front as secondary ligne of defense.
- ################################################################
- #include apps/drupal/drupal_install.conf;
- #################################################################
- ### Support for upload progress bar. Configurations differ for
- ### Drupal 6 and Drupal 7.
- #################################################################
- include apps/drupal/drupal_upload_progress.conf;
- ## Including the php-fpm status and ping pages config.
- ## Uncomment to enable if you're running php-fpm.
- include php_fpm_status_vhost.conf;
- ## Including the Nginx stub status page for having stats about
- ## Nginx activity: http://wiki.nginx.org/HttpStubStatusModule.
- include nginx_status_vhost.conf;
- } # HTTPS server
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement