drupal sites-vhost nginx

1. # -*- mode: nginx; mode: flyspell-prog;  ispell-current-dictionary: american -*-
2. ### Configuration for example.com.
3.  
4. ## Return (no rewrite) server block.
5. #server {
6.     ## This is to avoid the spurious if for sub-domain name
7.     ## "rewriting".
8.     #listen 80; # IPv4
9.     ## Replace the IPv6 address by your own address. The address below
10.     ## was stolen from the wikipedia page on IPv6.
11.     ##listen [fe80::a00:27ff:fee0:8f1/64]:80 ipv6only=on;
12.     #server_name mysite.net www.mysite.net;
13.     #return 301 $scheme://192.168.1.95$request_uri;
14.  
15. #} # server domain return.
16.  
17. ## HTTP server.
18. server {
19.     listen 8080; # IPv4
20.     ## Replace the IPv6 address by your own address. The address below
21.     ## was stolen from the wikipedia page on IPv6.
22.     ##listen [fe80::202:b3ff:fe1e:8330]:80 ipv6only=on;
23.  
24.     server_name mysite.net www.mysite.net;
25.     limit_conn arbeit 32;
26.  
27.     ## Access and error logs.
28.     access_log /srv/www/mysite/logs/access.log;
29.     error_log /srv/www/mysite/logs/error.log debug;
30.  
31.     ## See the blacklist.conf file at the parent dir: /etc/nginx.
32.     ## Deny access based on the User-Agent header.
33.     if ($bad_bot) {
34.         return 444;
35.     }
36.     ## Deny access based on the Referer header.
37.     if ($bad_referer) {
38.         return 444;
39.     }
40.  
41.     ## Protection against illegal HTTP methods. Out of the box only HEAD,
42.     ## GET and POST are allowed.
43.     if ($not_allowed_method) {
44.         return 405;
45.     }
46.  
47.     ## Filesystem root of the site and index.
48.     root /srv/www/mysite/public;
49.     index index.php;
50.  
51.     location ~ \.php$ {
52.         try_files      $uri = 404;
53.         fastcgi_pass   phpcgi;
54.         include /etc/nginx/apps/drupal/fastcgi_drupal.conf;
55.     }
56.  
57.     location ^~  files/advagg_(?:css|js)/ {
58.                # access_log off;
59.               # expires max;
60.                # add_header ETag "";
61.                # add_header Cache-Control "max-age=290304000, no-transform, public";
62.                #add_header Last-Modifi#ed "Wed, 20 Jan 1988 04:20:42 GMT";
63.                #try_files $uri @drupal;
64.                deny all;
65.             }
66.  
67.  
68.     ## If you're using a Nginx version greater or equal to 1.1.4 then
69.     ## you can use keep alive connections to the upstream be it
70.     ## FastCGI or Apache. If that's not the case comment out the line below.
71.     fastcgi_keep_conn on; # keep alive to the FCGI upstream
72.  
73.     ## Uncomment if you're proxying to Apache for handling PHP.
74.     #proxy_http_version 1.1; # keep alive to the Apache upstream
75.  
76.     ################################################################
77.     ### Generic configuration: for most Drupal 7 sites.
78.     ################################################################
79.     include apps/drupal/drupal.conf;
80.  
81.     ################################################################
82.     ### Configuration for Drupal 7 sites to serve URIs that need
83.     ### to be **escaped**
84.     ################################################################
85.     #include apps/drupal/drupal_escaped.conf;
86.  
87.     #################################################################
88.     ### Configuration for Drupal 7 sites that use boost.
89.     #################################################################
90.     #include apps/drupal/drupal_boost.conf;
91.  
92.     #################################################################
93.     ### Configuration for Drupal 7 sites that use boost if having
94.     ### to serve URIs that need to be **escaped**
95.     #################################################################
96.     #include apps/drupal/drupal_boost_escaped.conf;
97.  
98.     #################################################################
99.     ### Configuration for updating the site via update.php and running
100.     ### cron externally. If you don't use drush for running cron use
101.     ### the configuration below.
102.     #################################################################
103.     #include apps/drupal/drupal_cron_update.conf;
104.  
105.     ################################################################
106.     ### Installation handling. This should be commented out after
107.     ### installation if on an already installed site there's no need
108.     ### to touch it. If on a yet to be installed site. Uncomment the
109.     ### line below and comment out after installation. Note that
110.     ### there's a basic auth in front as secondary ligne of defense.
111.     ################################################################
112.     #include apps/drupal/drupal_install.conf;
113.  
114.     #################################################################
115.     ### Support for upload progress bar. Configurations differ for
116.     ### Drupal 6 and Drupal 7.
117.     #################################################################
118.     include apps/drupal/drupal_upload_progress.conf;
119.  
120.     ## Including the php-fpm status and ping pages config.
121.     ## Uncomment to enable if you're running php-fpm.
122.     include php_fpm_status_vhost.conf;
123.  
124.     ## Including the Nginx stub status page for having stats about
125.     ## Nginx activity: http://wiki.nginx.org/HttpStubStatusModule.
126.     include nginx_status_vhost.conf;
127.  
128. } # HTTP server
129.  
130. ## Return (no rewrite) server block.
131. #server {
132. #    ## This is to avoid the spurious if for sub-domain name
133. #    ## "rewriting".
134. #    ## Comment the line below if you're using SPDY.
135. #    listen 443 ssl;
136. #    ## Uncomment the line below if you're using SPDY.
137. #    #listen 443 ssl spdy; # IPv4
138. #
139. #    ## Replace the IPv6 address by your own address. The address below
140. #    ## was stolen from the wikipedia page on IPv6.
141. #
142. #    ## Comment the line below if you're using SPDY.
143. #    #listen [fe80::a00:27ff:fee0:8f1/64]:443 ssl ipv6only=on;
144. #    ## Uncomment the line below if you're using SPDY.
145. #    #listen [fe80::202:b3ff:fe1e:8329]:443 ssl spdy ipv6only=on;
146. #
147. #    server_name mysite.net www.mysite.net;
148. #
149. #    ## Keep alive timeout set to a greater value for SSL/TLS.
150. #    keepalive_timeout 75 75;
151. #
152. #    ## See the keepalive_timeout directive in nginx.conf.
153. #    ## Server certificate and key.
154. #    ssl_certificate /etc/nginx/ssl/server.crt;
155. #    ssl_certificate_key /etc/nginx/ssl/server.key;
156. #
157. #    return 301 $scheme://192.168.1.95$request_uri;
158. #
159. #} # server domain return.
160.  
161. ## HTTPS server.
162. server {
163.     ## Comment the line below if you're using SPDY.
164.     listen 443 ssl;
165.     ## Uncomment the line below if you're using SPDY.
166.     #listen 443 ssl spdy;
167.     ## Replace the IPv6 address by your own address. The address below
168.     ## was stolen from the wikipedia page on IPv6.
169.  
170.     ## Comment the line below if you're using SPDY.
171. #listen [fe80::202:b3ff:fe1e:8330]:443 ssl spdy ipv6only=on;
172.  
173.     #server_name mysite www.mysite.net;
174.  
175.     limit_conn arbeit 32;
176.  
177.     ## Access and error logs.
178.     access_log /srv/www/mysite/logs/access.log;
179.     error_log /srv/www/mysite/logs/error.log;
180.  
181.     ## Keep alive timeout set to a greater value for SSL/TLS.
182.     keepalive_timeout 75 75;
183.  
184.     ## See the keepalive_timeout directive in nginx.conf.
185.     ## Server certificate and key.
186.     ssl_certificate /etc/nginx/ssl/server.crt;
187.     ssl_certificate_key /etc/nginx/ssl/server.key;
188.  
189.  
190.     ## Strict Transport Security header for enhanced security. See
191.     ## http://www.chromium.org/sts. I've set it to 2 hours; set it to
192.     ## whichever age you want.
193.     add_header Strict-Transport-Security "max-age=7200";
194.  
195.     root /srv/www/mysite/public;
196.     index index.php;
197.  
198.     location ~ \.php$ {
199.         try_files      $uri = 404;
200.         fastcgi_pass   phpcgi;
201.         include apps/drupal/fastcgi_drupal.conf;
202.     }
203.  
204.     ## If you're using a Nginx version greater or equal to 1.1.4 then
205.     ## you can use keep alive connections to the upstream be it
206.     ## FastCGI or Apache. If that's not the case comment out the line below.
207.     fastcgi_keep_conn on; # keep alive to the FCGI upstream
208.  
209.     ## Uncomment if you're proxying to Apache for handling PHP.
210.     #proxy_http_version 1.1; # keep alive to the Apache upstream
211.  
212.     ## See the blacklist.conf file at the parent dir: /etc/nginx.
213.     ## Deny access based on the User-Agent header.
214.     if ($bad_bot) {
215.         return 444;
216.     }
217.     ## Deny access based on the Referer header.
218.     if ($bad_referer) {
219.         return 444;
220.     }
221.  
222.     ## Protection against illegal HTTP methods. Out of the box only HEAD,
223.     ## GET and POST are allowed.
224.     if ($not_allowed_method) {
225.      return 405;
226.     }
227.  
228.     ################################################################
229.     ### Generic configuration: for most Drupal 7 sites.
230.     ################################################################
231.     include apps/drupal/drupal.conf;
232.  
233.     ################################################################
234.     ### Configuration for Drupal 7 sites to serve URIs that need
235.     ### to be **escaped**
236.     ################################################################
237.     #include apps/drupal/drupal_escaped.conf;
238.  
239.     #################################################################
240.     ### Configuration for Drupal 7 sites that use boost.
241.     #################################################################
242.     #include apps/drupal/drupal_boost.conf;
243.  
244.     #################################################################
245.     ### Configuration for Drupal 7 sites that use boost if having
246.     ### to serve URIs that need to be **escaped**
247.     #################################################################
248.     #include apps/drupal/drupal_boost_escaped.conf;
249.  
250.     #################################################################
251.     ### Configuration for updating the site via update.php and running
252.     ### cron externally. If you don't use drush for running cron use
253.     ### the configuration below.
254.     #################################################################
255.     #include apps/drupal/drupal_cron_update.conf;
256.  
257.     ################################################################
258.     ### Installation handling. This should be commented out after
259.     ### installation if on an already installed site there's no need
260.     ### to touch it. If on a yet to be installed site. Uncomment the
261.     ### line below and comment out after installation. Note that
262.     ### there's a basic auth in front as secondary ligne of defense.
263.     ################################################################
264.     #include apps/drupal/drupal_install.conf;
265.  
266.     #################################################################
267.     ### Support for upload progress bar. Configurations differ for
268.     ### Drupal 6 and Drupal 7.
269.     #################################################################
270.     include apps/drupal/drupal_upload_progress.conf;
271.  
272.     ## Including the php-fpm status and ping pages config.
273.     ## Uncomment to enable if you're running php-fpm.
274.     include php_fpm_status_vhost.conf;
275.  
276.     ## Including the Nginx stub status page for having stats about
277.     ## Nginx activity: http://wiki.nginx.org/HttpStubStatusModule.
278.     include nginx_status_vhost.conf;
279.  
280. } # HTTPS server