2019-05-09 18:54:39 +12:00
|
|
|
user www-data;
|
|
|
|
worker_processes auto;
|
|
|
|
pid /run/nginx.pid;
|
|
|
|
daemon off;
|
|
|
|
|
|
|
|
events {
|
|
|
|
worker_connections 2048;
|
|
|
|
|
|
|
|
# multi_accept on;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
|
|
# Basic Settings
|
|
|
|
sendfile on;
|
|
|
|
tcp_nopush on;
|
|
|
|
tcp_nodelay on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
types_hash_max_size 2048;
|
|
|
|
client_max_body_size 10M;
|
|
|
|
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
|
|
|
|
# SSL Settings
|
|
|
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
|
|
#ssl_prefer_server_ciphers on;
|
|
|
|
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
|
|
|
|
ssl_prefer_server_ciphers off;
|
|
|
|
|
|
|
|
# Logging Settings
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
|
|
|
|
# Gzip Settings
|
|
|
|
gzip on;
|
|
|
|
gzip_disable "msie6";
|
|
|
|
|
|
|
|
gzip_vary on;
|
|
|
|
gzip_proxied any;
|
|
|
|
gzip_comp_level 6;
|
|
|
|
gzip_buffers 16 8k;
|
|
|
|
gzip_http_version 1.1;
|
|
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
|
|
|
|
|
|
|
|
# Virtual Host Configs
|
|
|
|
server {
|
|
|
|
listen 80; ## listen for ipv4; this line is default and implied
|
|
|
|
listen [::]:80 ipv6only=on; ## listen for ipv6
|
|
|
|
listen 443 default ssl http2;
|
|
|
|
|
|
|
|
#ssl on;
|
2019-11-17 10:18:21 +13:00
|
|
|
ssl_certificate /etc/nginx/ssl/cert.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
root /usr/share/nginx/html/public;
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
# Make site accessible from http://localhost/
|
|
|
|
#server_name localhost;
|
|
|
|
|
|
|
|
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
|
|
|
|
sendfile off;
|
|
|
|
|
|
|
|
# Add stdout logging
|
|
|
|
|
|
|
|
#error_log /dev/stdout info;
|
|
|
|
#access_log /dev/stdout;
|
|
|
|
|
|
|
|
access_log off;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
# First attempt to serve request as file, then
|
|
|
|
# as directory, then fall back to index.html
|
|
|
|
try_files $uri $uri/ /index.php?q=$uri&$args;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
# Media: images, icons, video, audio, HTC
|
|
|
|
location ~* \.(?:ico|cur|gz|svg|svgz|mp4|ogg|woff|woff2|ogv|webm|htc)$ {
|
|
|
|
expires 1M;
|
|
|
|
access_log off;
|
|
|
|
add_header Cache-Control "public";
|
|
|
|
}
|
|
|
|
|
2019-10-02 14:34:49 +13:00
|
|
|
# CSS and JavaScript
|
2019-05-09 18:54:39 +12:00
|
|
|
location ~* \.(?:css|js)$ {
|
|
|
|
expires 1y;
|
|
|
|
access_log off;
|
|
|
|
add_header Cache-Control "public";
|
|
|
|
}
|
|
|
|
|
|
|
|
location /images {
|
|
|
|
expires 1y;
|
|
|
|
access_log off;
|
|
|
|
add_header Cache-Control "public";
|
|
|
|
}
|
|
|
|
|
|
|
|
location /favicon.png {
|
|
|
|
expires 1y;
|
|
|
|
access_log off;
|
|
|
|
add_header Cache-Control "public";
|
|
|
|
}
|
|
|
|
|
|
|
|
location /proxy.html {
|
|
|
|
expires 1y;
|
|
|
|
access_log off;
|
|
|
|
add_header Cache-Control "public";
|
|
|
|
}
|
|
|
|
|
|
|
|
#error_page 404 /404.html;
|
|
|
|
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
|
|
#
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
location = /50x.html {
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
}
|
|
|
|
|
|
|
|
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
|
|
|
#
|
|
|
|
location ~ \.php$ {
|
|
|
|
try_files $uri =404;
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
#fastcgi_pass unix:/var/run/php5-fpm.sock;
|
|
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
|
|
fastcgi_param HTTP_IF_NONE_MATCH $http_if_none_match;
|
|
|
|
fastcgi_param HTTP_IF_MODIFIED_SINCE $http_if_modified_since;
|
|
|
|
fastcgi_read_timeout 600;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
}
|
|
|
|
|
|
|
|
# deny access to . files, for security
|
|
|
|
#
|
|
|
|
location ~ /\. {
|
|
|
|
#log_not_found off;
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
}
|
2019-10-02 14:34:49 +13:00
|
|
|
}
|