nginx.conf.sample

1. ## Optional override of deployment mode. We recommend you use the
2. ## command 'bin/magento deploy:mode:set' to switch modes instead.
3. ##
4. ## set $MAGE_MODE default; # or production or developer
5. ##
6. ## If you set MAGE_MODE in server config, you must pass the variable into the
7. ## PHP entry point blocks, which are indicated below. You can pass
8. ## it in using:
9. ##
10. ## fastcgi_param  MAGE_MODE $MAGE_MODE;
11. ##
12. ## In production mode, you should uncomment the 'expires' directive in the /static/ location block
13.  
14. root $MAGE_ROOT/pub;
15.  
16. index index.php;
17. autoindex off;
18. charset UTF-8;
19. error_page 404 403 = /errors/404.php;
20. #add_header "X-UA-Compatible" "IE=Edge";
21.  
22. # PHP entry point for setup application
23. location ~* ^/setup($|/) {
24.     root $MAGE_ROOT;
25.     location ~ ^/setup/index.php {
26.         fastcgi_pass   phpfpm;
27.         fastcgi_index  index.php;
28.         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
29.         fastcgi_param  MAGE_MODE $MAGE_MODE;
30.         include        fastcgi_params;
31.     }
32.  
33.     location ~ ^/setup/(?!pub/). {
34.         deny all;
35.     }
36.  
37.     location ~ ^/setup/pub/ {
38.         add_header X-Frame-Options "SAMEORIGIN";
39.     }
40. }
41.  
42. # PHP entry point for update application
43. location ~* ^/update($|/) {
44.     root $MAGE_ROOT;
45.  
46.     location ~ ^/update/index.php {
47.         fastcgi_split_path_info ^(/update/index.php)(/.+)$;
48.         fastcgi_pass   phpfpm;
49.         fastcgi_index  index.php;
50.         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
51.         fastcgi_param  PATH_INFO        $fastcgi_path_info;
52.         include        fastcgi_params;
53.     }
54.  
55.     # Deny everything but index.php
56.     location ~ ^/update/(?!pub/). {
57.         deny all;
58.     }
59.  
60.     location ~ ^/update/pub/ {
61.         add_header X-Frame-Options "SAMEORIGIN";
62.     }
63. }
64.  
65. location / {
66.     try_files $uri $uri/ /index.php?$args;
67. }
68.  
69. location /pub/ {
70.     location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
71.         deny all;
72.     }
73.     alias $MAGE_ROOT/pub/;
74.     add_header X-Frame-Options "SAMEORIGIN";
75. }
76.  
77. location /static/ {
78.     # Uncomment the following line in production mode
79.     # expires max;
80.  
81.     # Remove signature of the static files that is used to overcome the browser cache
82.     location ~ ^/static/version {
83.         rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
84.     }
85.  
86.     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
87.         add_header Cache-Control "public";
88.         add_header X-Frame-Options "SAMEORIGIN";
89.         expires +1y;
90.  
91.         if (!-f $request_filename) {
92.             rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
93.         }
94.     }
95.     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
96.         add_header Cache-Control "no-store";
97.         add_header X-Frame-Options "SAMEORIGIN";
98.         expires    off;
99.  
100.         if (!-f $request_filename) {
101.            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
102.         }
103.     }
104.     if (!-f $request_filename) {
105.         rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
106.     }
107.     add_header X-Frame-Options "SAMEORIGIN";
108. }
109.  
110. location /media/ {
111.     try_files $uri $uri/ /get.php?$args;
112.  
113.     location ~ ^/media/theme_customization/.*\.xml {
114.         deny all;
115.     }
116.  
117.     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
118.         add_header Cache-Control "public";
119.         add_header X-Frame-Options "SAMEORIGIN";
120.         expires +1y;
121.         try_files $uri $uri/ /get.php?$args;
122.     }
123.     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
124.         add_header Cache-Control "no-store";
125.         add_header X-Frame-Options "SAMEORIGIN";
126.         expires    off;
127.         try_files $uri $uri/ /get.php?$args;
128.     }
129.     add_header X-Frame-Options "SAMEORIGIN";
130. }
131.  
132. location /media/customer/ {
133.     deny all;
134. }
135.  
136. location /media/downloadable/ {
137.     deny all;
138. }
139.  
140. location /media/import/ {
141.     deny all;
142. }
143.  
144. # PHP entry point for main application
145. location ~ (index|get|static|report|404|503|phpinfo)\.php$ {
146.     try_files $uri =404;
147.     fastcgi_pass   phpfpm;
148.     fastcgi_buffers 1024 4k;
149.  
150.     fastcgi_read_timeout 600s;
151.     fastcgi_connect_timeout 600s;
152.  
153.     fastcgi_index  index.php;
154.     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
155.     include        fastcgi_params;
156. }
157.  
158. gzip on;
159. gzip_disable "msie6";
160.  
161. gzip_comp_level 6;
162. gzip_min_length 1100;
163. gzip_buffers 16 8k;
164. gzip_proxied any;
165. gzip_types
166.     text/plain
167.     text/css
168.     text/js
169.     text/xml
170.     text/javascript
171.     application/javascript
172.     application/x-javascript
173.     application/json
174.     application/xml
175.     application/xml+rss
176.     image/svg+xml;
177. gzip_vary on;
178.  
179. # Banned locations (only reached if the earlier PHP entry point regexes don't match)
180. location ~* (\.php$|\.htaccess$|\.git) {
181.     deny all;
182. }