server { listen 443 ssl http2; listen [::]:443 ssl http2; server_na

1. server {
2. listen 443 ssl http2;
3. listen [::]:443 ssl http2;
4.  
5. server_name dev.domain.co.uk;
6. set $base /var/www/dev.domain.co.uk;
7. root $base;
8.  
9. # SSL
10. ssl_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem;
11. ssl_certificate_key /etc/letsencrypt/live/dev.domain.co.uk/privkey.pem;
12. ssl_trusted_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem;
13.  
14. # index.php
15. index index.php;
16.  
17. # reverse proxy
18. location / {
19. proxy_pass http://127.0.0.1:80;
20. include nginxconfig.io/proxy.conf;
21. }
22.  
23. # handle .php
24. location ~ .php$ {
25. include nginxconfig.io/php_fastcgi.conf;
26. }
27.  
28. include nginxconfig.io/general.conf;
29. include nginxconfig.io/wordpress.conf;
30. }
31.  
32. # subdomains redirect
33. server {
34. listen 443 ssl http2;
35. listen [::]:443 ssl http2;
36.  
37. server_name *.dev.domain.co.uk;
38.  
39. # SSL
40. ssl_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem;
41. ssl_certificate_key /etc/letsencrypt/live/dev.domain.co.uk/privkey.pem;
42. ssl_trusted_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem;
43.  
44. return 301 https://dev.domain.co.uk$request_uri;
45. }
46.  
47. # HTTP redirect
48. server {
49. listen 8080;
50. listen [::]:8080;
51.  
52. server_name .dev.domain.co.uk;
53.  
54. include nginxconfig.io/letsencrypt.conf;
55.  
56. location / {
57. return 301 https://dev.domain.co.uk$request_uri;
58. }
59. }
60.  
61. proxy_http_version 1.1;
62. proxy_set_header Upgrade $http_upgrade;
63. proxy_set_header Connection "upgrade";
64. proxy_set_header Host $host;
65. proxy_set_header X-Real-IP $remote_addr;
66. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
67. proxy_set_header X-Forwarded-Proto $scheme;
68. proxy_set_header X-Forwarded-Host $host;
69. proxy_set_header X-Forwarded-Port $server_port;
70. proxy_cache_bypass $http_upgrade;
71.  
72. #
73. # It does not do anything by default, delegating control to the
74. # builtin VCL. The builtin VCL is called when there is no explicit
75. # return statement.
76. #
77. # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
78. # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples.
79.  
80. # Marker to tell the VCL compiler that this VCL has been adapted to the
81. # new 4.0 format.
82. vcl 4.0;
83.  
84. # Default backend definition. Set this to point to your content server.
85. backend default {
86. .host = "127.0.0.1";
87. .port = "8080";
88. }
89.  
90. sub vcl_recv {
91. # Happens before we check if we have this in cache already.
92. #
93. # Typically you clean up the request here, removing cookies you don't need,
94. # rewriting the request, etc.
95. }
96.  
97. sub vcl_backend_response {
98. # Happens after we have read the response headers from the backend.
99. #
100. # Here you clean the response headers, removing silly Set-Cookie headers
101. # and other mistakes your backend does.
102. set beresp.ttl = 10s;
103. set beresp.grace = 1h;
104. }
105.  
106. sub vcl_deliver {
107. # Happens when we have all the pieces we need, and are about to send the
108. # response to the client.
109. #
110. # You can do accounting or modifying the final object here.
111. }
112.  
113. [Unit]
114. Description=Varnish HTTP accelerator
115. Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd
116.  
117. [Service]
118. Type=simple
119. LimitNOFILE=131072
120. LimitMEMLOCK=82000
121. ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
122. ExecReload=/usr/share/varnish/reload-vcl
123. ProtectSystem=full
124. ProtectHome=true
125. PrivateTmp=true
126. PrivateDevices=true
127.  
128. [Install]
129. WantedBy=multi-user.target
130.  
131. # Configuration file for varnish
132. #
133. # /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
134. # to be set from this shell script fragment.
135. #
136. # Note: If systemd is installed, this file is obsolete and ignored. Please see
137. # /usr/share/doc/varnish/examples/varnish.systemd-drop-in.conf
138.  
139. # Should we start varnishd at boot? Set to "no" to disable.
140. START=yes
141.  
142. # Maximum number of open files (for ulimit -n)
143. NFILES=131072
144.  
145. # Maximum locked memory size (for ulimit -l)
146. # Used for locking the shared memory log in memory. If you increase log size,
147. # you need to increase this number as well
148. MEMLOCK=82000
149.  
150. # Default varnish instance name is the local nodename. Can be overridden with
151. # the -n switch, to have more instances on a single server.
152. # You may need to uncomment this variable for alternatives 1 and 3 below.
153. # INSTANCE=$(uname -n)
154.  
155. # This file contains 4 alternatives, please use only one.
156.  
157. ## Alternative 1, Minimal configuration, no VCL
158. #
159. # Listen on port 6081, administration on localhost:6082, and forward to
160. # content server on localhost:8080. Use a 1GB fixed-size cache file.
161. #
162. # This example uses the INSTANCE variable above, which you need to uncomment.
163. #
164. # DAEMON_OPTS="-a :6081
165. # -T localhost:6082
166. # -b localhost:8080
167. # -u varnish -g varnish
168. # -S /etc/varnish/secret
169. # -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
170.  
171.  
172. ## Alternative 2, Configuration with VCL
173. #
174. # Listen on port 6081, administration on localhost:6082, and forward to
175. # one content server selected by the vcl file, based on the request.
176. #
177. DAEMON_OPTS="-a :80
178. -T localhost:6082
179. -f /etc/varnish/default.vcl
180. -S /etc/varnish/secret
181. -s malloc,256m"
182.  
183.  
184. ## Alternative 3, Advanced configuration
185. #
186. # This example uses the INSTANCE variable above, which you need to uncomment.
187. #
188. # See varnishd(1) for more information.
189. #
190. # # Main configuration file. You probably want to change it :)
191. # VARNISH_VCL_CONF=/etc/varnish/default.vcl
192. #
193. # # Default address and port to bind to
194. # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
195. # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
196. # VARNISH_LISTEN_ADDRESS=
197. # VARNISH_LISTEN_PORT=6081
198. #
199. # # Telnet admin interface listen address and port
200. # VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
201. # VARNISH_ADMIN_LISTEN_PORT=6082
202. #
203. # # Cache file location
204. # VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin
205. #
206. # # Cache file size: in bytes, optionally using k / M / G / T suffix,
207. # # or in percentage of available disk space using the % suffix.
208. # VARNISH_STORAGE_SIZE=1G
209. #
210. # # File containing administration secret
211. # VARNISH_SECRET_FILE=/etc/varnish/secret
212. #
213. # # Backend storage specification
214. # VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
215. #
216. # # Default TTL used when the backend does not specify one
217. # VARNISH_TTL=120
218. #
219. # # DAEMON_OPTS is used by the init script. If you add or remove options, make
220. # # sure you update this section, too.
221. # DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT}
222. # -f ${VARNISH_VCL_CONF}
223. # -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT}
224. # -t ${VARNISH_TTL}
225. # -S ${VARNISH_SECRET_FILE}
226. # -s ${VARNISH_STORAGE}"
227. #
228.  
229.  
230. ## Alternative 4, Do It Yourself
231. #
232. # DAEMON_OPTS=""