CodySwannGT · April 26, 2012 01:22 · Letbeauty · May 2, 2013
diff --git a/cloudflare.conf b/cloudflare.conf
 # /etc/nginx/cloudflare.conf

 # If using Cloudflare, uncomment the following to get proper originating IPs
 #set_real_ip_from   204.93.240.0/24;
 #set_real_ip_from   204.93.177.0/24;
 #set_real_ip_from   199.27.128.0/21;
 #set_real_ip_from 173.245.48.0/20;
 #set_real_ip_from 103.22.200.0/22;
 #set_real_ip_from 141.101.64.0/18;
 #real_ip_header   CF-Connecting-IP;
 # end Cloudflare
diff --git a/default b/default
 # /etc/nginx/sites-enabled/default

 server {
  listen  8080; ## listen for ipv4
  #listen   [::]:80 default ipv6only=on; ## listen for ipv6

  server_name  _;
  root   /Users/www-data/gunnertechnetwork/current;
  index   index.php;

  access_log  /var/log/nginx/localhost.access.log;

  client_max_body_size 8M;
  client_body_buffer_size 128k;

  keepalive_timeout 10;

  server_name_in_redirect off;
  port_in_redirect off;

  error_page  404  /missing.html;
  error_page   500 502 503 504  /50x.html;

  include /usr/local/etc/nginx/wordpress.conf;
  include /usr/local/etc/nginx/w3totalcache.conf;

 }
diff --git a/default.vcl b/default.vcl
 backend default {
    .host = "127.0.0.1";
    .port = "8080";
 }

 acl purge {
    "10.0.1.100";
    "10.0.1.101";
    "10.0.1.102";
    "10.0.1.103";
    "10.0.1.104";
 }

 sub vcl_recv {
  if (req.request == "PURGE") {
    if (!client.ip ~ purge) {
      error 405 "Not allowed.";
    }
    return(lookup);
  }

  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(gif|jpg|jpeg|swf|flv|mp3|mp4|pdf|ico|png|gz|tgz|bz2)(\?.*|)$") {
      remove req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
      set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
      set req.http.Accept-Encoding = "deflate";
    } else {
      remove req.http.Accept-Encoding;
    }
  }

  if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
    unset req.http.cookie;
    set req.url = regsub(req.url, "\?.*$", "");
  }

  if (req.url ~ "\?(utm_(campaign|medium|source|term)|adParams|client|cx|eid|fbid|feed|ref(id|src)?|v(er|iew))=") {
    set req.url = regsub(req.url, "\?.*$", "");
  }

  if (req.http.cookie) {
    if (req.http.cookie ~ "(wordpress_|wp-settings-)" || req.url ~ "(wp-(login|admin)|login|products)") {
      return(pass);
    } else {
      unset req.http.cookie;
    }
  }
 }

 sub vcl_fetch {
 	if (req.url ~ "wp-(login|admin)" || req.url ~ "products-page" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
 		return (hit_for_pass);
 	}
 	
  if ( (!(req.url ~ "(wp-(login|admin)|login|products)")) || (req.request == "GET") ) {
    unset beresp.http.set-cookie;
    set beresp.ttl = 1h;
  }

  if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
    set beresp.ttl = 365d;
  }
 }

 sub vcl_deliver {
   set resp.http.X-Server = "server-01";

   if (obj.hits > 0) {
     set resp.http.X-Cache = "HIT";
   } else {
     set resp.http.X-Cache = "MISS";
   }
 }

 sub vcl_hit {
  if (req.request == "PURGE") {
    set obj.ttl = 0s;
    error 200 "OK";
  }
 }

 sub vcl_miss {
  if (req.request == "PURGE") {
    error 404 "Not cached";
  }
 }

 sub vcl_error {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {" 
 <html>
  <head>
    <title>We're sorry. This server is under maintenance</title>
  </head>
  <body>
    <h1>The server is being updated</h1>
    <p>Please check back later.</p>
  </body>
 </html>
 "};
 }
diff --git a/nginx.conf b/nginx.conf
 user www-data;
 worker_processes  4;

 error_log  /var/log/nginx/error.log;
 pid        /var/run/nginx.pid;

 events {
    worker_connections  1024;
 }

 http {
    include       /usr/local/etc/nginx/mime.types;
    include       /usr/local/etc/nginx/cloudflare.conf;

    access_log    /var/log/nginx/access.log;

    sendfile        on;
    tcp_nopush      off;

    keepalive_timeout  30;
    tcp_nodelay        on;

    gzip  on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    upstream php {
      server unix:/tmp/php-cgi.socket;
      #server 127.0.0.1:9000;
    }

    include /usr/local/etc/nginx/conf.d/*.conf;
    include /usr/local/etc/nginx/sites-enabled/*;
 }
diff --git a/php-fpm.conf b/php-fpm.conf
 ; Start a new pool named 'www'.
 [www]

 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
 ; 'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
 ; a specific port;
 ; 'port'                 - to listen on a TCP socket to all addresses on a
 ;  specific port;
 ;  '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
 ; listen = 127.0.0.1:9000
 listen = /tmp/php-cgi.socket

 ; Set listen(2) backlog. A value of '-1' means unlimited.
 ; Default Value: -1
 ;listen.backlog = -1
 
 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
 ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
 ; must be separated by a comma. If this value is left blank, connections will be
 ; accepted from any ip address.
 ; Default Value: any
 ; listen.allowed_clients = 127.0.0.1

 ; Set permissions for unix socket, if one is used. In Linux, read/write
 ; permissions must be set in order to allow connections from a web server. Many
 ; BSD-derived systems allow connections regardless of permissions. 
 ; Default Values: user and group are set as the running user
 ; mode is set to 0666
 ;listen.owner = www-data
 ;listen.group = www-data
 ;listen.mode = 0666

 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;  will be used.
 ; RPM: apache Choosed to be able to access some dir as httpd
 user = www-data
 ; RPM: Keep a group allowed to write in log dir.
 group = www-data

 ; Choose how the process manager will control the number of child processes.
 ; Possible Values:
 ;  static  - a fixed number (pm.max_children) of child processes;
 ;  dynamic - the number of child processes are set dynamically based on the
 ;  following directives:
 ;  pm.max_children      - the maximum number of children that can
 ;  be alive at the same time.
 ;  pm.start_servers     - the number of children created on startup.
 ;  pm.min_spare_servers - the minimum number of children in 'idle'
 ;  state (waiting to process). If the number
 ;  of 'idle' processes is less than this
 ;  number then some children will be created.
 ;  pm.max_spare_servers - the maximum number of children in 'idle'
 ;  state (waiting to process). If the number
 ;  of 'idle' processes is greater than this
 ;  number then some children will be killed.
 ; Note: This value is mandatory.
 pm = dynamic

 ; The number of child processes to be created when pm is set to 'static' and the
 ; maximum number of child processes to be created when pm is set to 'dynamic'.
 ; This value sets the limit on the number of simultaneous requests that will be
 ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
 ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
 ; CGI.
 ; Note: Used when pm is set to either 'static' or 'dynamic'
 ; Note: This value is mandatory.
 pm.max_children = 50

 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
 pm.start_servers = 10

 ; The desired minimum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
 pm.min_spare_servers = 5

 ; The desired maximum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
 pm.max_spare_servers = 35
 
 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 ; Default Value: 0
 pm.max_requests = 500

 ; The URI to view the FPM status page. If this value is not set, no URI will be
 ; recognized as a status page. By default, the status page shows the following
 ; information:
 ;   accepted conn    - the number of request accepted by the pool;
 ;   pool             - the name of the pool;
 ;   process manager  - static or dynamic;
 ;   idle processes   - the number of idle processes;
 ;   active processes - the number of active processes;
 ;   total processes  - the number of idle + active processes.
 ; The values of 'idle processes', 'active processes' and 'total processes' are
 ; updated each second. The value of 'accepted conn' is updated in real time.
 ; Example output:
 ;   accepted conn:   12073
 ;   pool:             www
 ;   process manager:  static
 ;   idle processes:   35
 ;   active processes: 65
 ;   total processes:  100
 ; By default the status page output is formatted as text/plain. Passing either
 ; 'html' or 'json' as a query string will return the corresponding output
 ; syntax. Example:
 ;   http://www.foo.bar/status
 ;   http://www.foo.bar/status?json
 ;   http://www.foo.bar/status?html
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
 ;       may conflict with a real PHP file.
 ; Default Value: not set 
 ;pm.status_path = /status
 
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
 ; that FPM is alive and responding, or to
 ; - create a graph of FPM availability (rrd or such);
 ; - remove a server from a group if it is not responding (load balancing);
 ; - trigger alerts for the operating team (24/7).
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
 ;       may conflict with a real PHP file.
 ; Default Value: not set
 ;ping.path = /ping

 ; This directive may be used to customize the response of a ping request. The
 ; response is formatted as text/plain with a 200 response code.
 ; Default Value: pong
 ;ping.response = pong
 
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 ;request_terminate_timeout = 0
 
 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 ;request_slowlog_timeout = 0
 
 ; The log file for slow requests
 ; Default Value: not set
 ; Note: slowlog is mandatory if request_slowlog_timeout is set
 slowlog = /var/log/php-fpm/www-slow.log
 
 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 ;rlimit_files = 1024
 
 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 ;rlimit_core = 0
 
 ; Chroot to this directory at the start. This value must be defined as an
 ; absolute path. When this value is not set, chroot is not used.
 ; Note: chrooting is a great security feature and should be used whenever 
 ;       possible. However, all PHP paths will be relative to the chroot
 ;       (error_log, sessions.save_path, ...).
 ; Default Value: not set
 ;chroot = 
 
 ; Chdir to this directory at the start. This value must be an absolute path.
 ; Default Value: current directory or / when chroot
 ;chdir = /var/www
 
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Default Value: no
 ;catch_workers_output = yes
 
 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
 ; the current environment.
 ; Default Value: clean env
 ;env[HOSTNAME] = $HOSTNAME
 ;env[PATH] = /usr/local/bin:/usr/bin:/bin
 ;env[TMP] = /tmp
 ;env[TMPDIR] = /tmp
 ;env[TEMP] = /tmp

 ; Additional php.ini defines, specific to this pool of workers. These settings
 ; overwrite the values previously defined in the php.ini. The directives are the
 ; same as the PHP SAPI:
 ;   php_value/php_flag             - you can set classic ini defines which can
 ;                                    be overwritten from PHP call 'ini_set'. 
 ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
 ;                                     PHP call 'ini_set'
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

 ; Defining 'extension' will load the corresponding shared extension from
 ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
 ; overwrite previously defined php.ini values, but will append the new value
 ; instead.

 ; Default Value: nothing is defined by default except the values in php.ini and
 ;                specified at startup with the -d argument
 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
 ;php_flag[display_errors] = off
 php_admin_value[error_log] = /var/log/php-fpm/www-error.log
 php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M
diff --git a/varnish b/varnish
 START=yes
 NFILES=131072
 MEMLOCK=82000
 DAEMON_OPTS="-a :80 \
 -T localhost:6082 \
 -f /etc/varnish/default.vcl \
 -S /etc/varnish/secret \
 -s malloc,250M" 
diff --git a/w3totalcache.conf b/w3totalcache.conf
 # /etc/nginx/w3totalcache.conf

 # BEGIN W3TC Browser Cache
 gzip on;
 gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

 gzip_vary on;
 gzip_comp_level 2;
 gzip_proxied any;
 gzip_buffers 16 8k;
 gzip_disable "MSIE [1-6].(?!.*SV1)";

 location ~ \.(css|js|htc)$ {
  add_header X-Powered-By "W3 Total Cache/0.9.2.4";
 }

 location ~ \.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
  add_header X-Powered-By "W3 Total Cache/0.9.2.4";
 }

 location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
    add_header X-Powered-By "W3 Total Cache/0.9.2.4";
 }
 # END W3TC Browser Cache

 # BEGIN W3TC Minify core
 set $w3tc_enc "";
 if ($http_accept_encoding ~ gzip) {
  set $w3tc_enc .gzip;
 }
 if (-f $request_filename$w3tc_enc) {
  rewrite (.*) $1$w3tc_enc break;
 }
 rewrite ^/wp-content/w3tc/min/([a-f0-9]+)\/(.+)\.(include(\-(footer|body))?(-nb)?)\.[0-9]+\.(css|js)$ /wp-content/w3tc/min/index.php?tt=$1&gg=$2&g=$3&t=$7 last;
 # END W3TC Minify core

 # BEGIN W3TC Minify cache
 location ~ /wp-content/w3tc/min.*\.js$ {
  types {}
  default_type application/x-javascript;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
  add_header Vary "Accept-Encoding";
 }
 location ~ /wp-content/w3tc/min.*\.css$ {
  types {}
  default_type text/css;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
  add_header Vary "Accept-Encoding";
 }
 location ~ /wp-content/w3tc/min.*js\.gzip$ {
  gzip off;
  types {}
  default_type application/x-javascript;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
  add_header Vary "Accept-Encoding";
  add_header Content-Encoding gzip;
 }
 location ~ /wp-content/w3tc/min.*css\.gzip$ {
  gzip off;
  types {}
  default_type text/css;
  add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
  add_header Vary "Accept-Encoding";
  add_header Content-Encoding gzip;
 }
 # END W3TC Minify cache
diff --git a/wordpress.conf b/wordpress.conf
 # /etc/nginx/wordpress.conf

 rewrite ^/products-page/(.+)/index\.php /products-page/$1/?ajax=true last;
 rewrite ^/products-page/index\.php /products-page/?ajax=true last;
 rewrite ^/sitemap\.xml$ /index.php?sitemap=1 last;
 rewrite ^/sitemap\.xml\.gz$ /index.php?sitemap=1 last;
 rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
 rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

 ### HACK TO REWRITE OLD UPLOAD FILES TO CLOUDFRONT CDN TO AVOID 404s ###
 if ($http_host !~ "^.+.dev$"){
  set $rule_0 1$rule_0;
 }
 if ($rule_0 = "1"){
  rewrite ^/wp-content/uploads/(.+) http://dhwlijwe9jil7.cloudfront.net/files/$1 permanent;
 }

 ### REWRITE TO UPLOADS TO CLOUDFRONT ###
 if ($uri ~ "^/files/.+$"){
  set $rule_3 1$rule_3;
 }
 if ($http_host !~ "^.+.dev$"){
  set $rule_3 2$rule_3;
 }
 if ($http_host !~* "^.+cloudfront.net$"){
  set $rule_3 3$rule_3;
 }
 if ($rule_3 = "321"){
  rewrite ^/ http://dhwlijwe9jil7.cloudfront.net$uri permanent;
 }

 ### DEFAULT REWRITE TO WP FILES ###
 rewrite ^/files/(.+) /wp-includes/ms-files.php?file=$1 last;

 ### REWRITE TO APEX###
 if ($host ~* www\.(.*)) {
  set $host_without_www $1;
  rewrite ^(.*)$ http://$host_without_www$1 permanent;
 }

 ### WORDPRESS LOCATIONS ###

 location / {
  try_files $uri $uri/ /index.php?$args @wordpress;
 }

 location @wordpress {
  rewrite ^.*/files/(.*) /wp-includes/ms-files.php?file=$1;
  if (!-e $request_filename) {
    rewrite ^.+/products-page/(.*)index.php?ajax=true /products-page/$1/?ajax=true last;
    rewrite ^.+/?(/wp-.*) $1 last;
    rewrite ^.+/?(/.*\.php)$ $1 last;
    rewrite ^(.+)$ /index.php?q=$1 last;
  }
 }

 location ~ \.php$ {
  try_files $uri =404;

  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_param   REMOTE_ADDR  $http_client_ip;
  fastcgi_index   index.php;
  fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
  include /usr/local/etc/nginx/fastcgi_params;
  fastcgi_pass php;
 }

 location ~ /\. { access_log off; log_not_found off; deny all; }

 # Prevent access to any files starting with a $ (usually temp files)
 location ~ ~$ { access_log off; log_not_found off; deny all; }

 # Do not log access to robots.txt, to keep the logs cleaner
 location = /robots.txt { allow all; access_log off; log_not_found off; }

 # Do not log access to the favicon, to keep the logs cleaner
 location = /favicon.ico { access_log off; log_not_found off; }

 location ~* wp-admin/includes { deny all; }
 location ~* wp-includes/theme-compat/ { deny all; }
 location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
 location ~* wp-config.php { deny all; }
 location ^~ /config/ { deny all; }
	# /etc/nginx/cloudflare.conf

	# If using Cloudflare, uncomment the following to get proper originating IPs
	#set_real_ip_from 204.93.240.0/24;
	#set_real_ip_from 204.93.177.0/24;
	#set_real_ip_from 199.27.128.0/21;
	#set_real_ip_from 173.245.48.0/20;
	#set_real_ip_from 103.22.200.0/22;
	#set_real_ip_from 141.101.64.0/18;
	#real_ip_header CF-Connecting-IP;
	# end Cloudflare
	# /etc/nginx/sites-enabled/default

	server {
	listen 8080; ## listen for ipv4
	#listen [::]:80 default ipv6only=on; ## listen for ipv6

	server_name _;
	root /Users/www-data/gunnertechnetwork/current;
	index index.php;

	access_log /var/log/nginx/localhost.access.log;

	client_max_body_size 8M;
	client_body_buffer_size 128k;

	keepalive_timeout 10;

	server_name_in_redirect off;
	port_in_redirect off;

	error_page 404 /missing.html;
	error_page 500 502 503 504 /50x.html;

	include /usr/local/etc/nginx/wordpress.conf;
	include /usr/local/etc/nginx/w3totalcache.conf;

	}
	backend default {
	.host = "127.0.0.1";
	.port = "8080";
	}

	acl purge {
	"10.0.1.100";
	"10.0.1.101";
	"10.0.1.102";
	"10.0.1.103";
	"10.0.1.104";
	}

	sub vcl_recv {
	if (req.request == "PURGE") {
	if (!client.ip ~ purge) {
	error 405 "Not allowed.";
	}
	return(lookup);
	}

	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(gif\|jpg\|jpeg\|swf\|flv\|mp3\|mp4\|pdf\|ico\|png\|gz\|tgz\|bz2)(\?.*\|)$") {
	remove req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	remove req.http.Accept-Encoding;
	}
	}

	if (req.url ~ "\.(gif\|jpg\|jpeg\|swf\|css\|js\|flv\|mp3\|mp4\|pdf\|ico\|png)(\?.*\|)$") {
	unset req.http.cookie;
	set req.url = regsub(req.url, "\?.*$", "");
	}

	if (req.url ~ "\?(utm_(campaign\|medium\|source\|term)\|adParams\|client\|cx\|eid\|fbid\|feed\|ref(id\|src)?\|v(er\|iew))=") {
	set req.url = regsub(req.url, "\?.*$", "");
	}

	if (req.http.cookie) {
	if (req.http.cookie ~ "(wordpress_\|wp-settings-)" \|\| req.url ~ "(wp-(login\|admin)\|login\|products)") {
	return(pass);
	} else {
	unset req.http.cookie;
	}
	}
	}

	sub vcl_fetch {
	if (req.url ~ "wp-(login\|admin)" \|\| req.url ~ "products-page" \|\| req.url ~ "preview=true" \|\| req.url ~ "xmlrpc.php") {
	return (hit_for_pass);
	}

	if ( (!(req.url ~ "(wp-(login\|admin)\|login\|products)")) \|\| (req.request == "GET") ) {
	unset beresp.http.set-cookie;
	set beresp.ttl = 1h;
	}

	if (req.url ~ "\.(gif\|jpg\|jpeg\|swf\|css\|js\|flv\|mp3\|mp4\|pdf\|ico\|png)(\?.*\|)$") {
	set beresp.ttl = 365d;
	}
	}

	sub vcl_deliver {
	set resp.http.X-Server = "server-01";

	if (obj.hits > 0) {
	set resp.http.X-Cache = "HIT";
	} else {
	set resp.http.X-Cache = "MISS";
	}
	}

	sub vcl_hit {
	if (req.request == "PURGE") {
	set obj.ttl = 0s;
	error 200 "OK";
	}
	}

	sub vcl_miss {
	if (req.request == "PURGE") {
	error 404 "Not cached";
	}
	}

	sub vcl_error {
	set obj.http.Content-Type = "text/html; charset=utf-8";
	synthetic {"
	<html>
	<head>
	<title>We're sorry. This server is under maintenance</title>
	</head>
	<body>
	<h1>The server is being updated</h1>
	<p>Please check back later.</p>
	</body>
	</html>
	"};
	}
	user www-data;
	worker_processes 4;

	error_log /var/log/nginx/error.log;
	pid /var/run/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	include /usr/local/etc/nginx/mime.types;
	include /usr/local/etc/nginx/cloudflare.conf;

	access_log /var/log/nginx/access.log;

	sendfile on;
	tcp_nopush off;

	keepalive_timeout 30;
	tcp_nodelay on;

	gzip on;
	gzip_disable "MSIE [1-6]\.(?!.*SV1)";

	upstream php {
	server unix:/tmp/php-cgi.socket;
	#server 127.0.0.1:9000;
	}

	include /usr/local/etc/nginx/conf.d/*.conf;
	include /usr/local/etc/nginx/sites-enabled/*;
	}
	; Start a new pool named 'www'.
	[www]

	; The address on which to accept FastCGI requests.
	; Valid syntaxes are:
	; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
	; a specific port;
	; 'port' - to listen on a TCP socket to all addresses on a
	; specific port;
	; '/path/to/unix/socket' - to listen on a unix socket.
	; Note: This value is mandatory.
	; listen = 127.0.0.1:9000
	listen = /tmp/php-cgi.socket

	; Set listen(2) backlog. A value of '-1' means unlimited.
	; Default Value: -1
	;listen.backlog = -1

	; List of ipv4 addresses of FastCGI clients which are allowed to connect.
	; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
	; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
	; must be separated by a comma. If this value is left blank, connections will be
	; accepted from any ip address.
	; Default Value: any
	; listen.allowed_clients = 127.0.0.1

	; Set permissions for unix socket, if one is used. In Linux, read/write
	; permissions must be set in order to allow connections from a web server. Many
	; BSD-derived systems allow connections regardless of permissions.
	; Default Values: user and group are set as the running user
	; mode is set to 0666
	;listen.owner = www-data
	;listen.group = www-data
	;listen.mode = 0666

	; Unix user/group of processes
	; Note: The user is mandatory. If the group is not set, the default user's group
	; will be used.
	; RPM: apache Choosed to be able to access some dir as httpd
	user = www-data
	; RPM: Keep a group allowed to write in log dir.
	group = www-data

	; Choose how the process manager will control the number of child processes.
	; Possible Values:
	; static - a fixed number (pm.max_children) of child processes;
	; dynamic - the number of child processes are set dynamically based on the
	; following directives:
	; pm.max_children - the maximum number of children that can
	; be alive at the same time.
	; pm.start_servers - the number of children created on startup.
	; pm.min_spare_servers - the minimum number of children in 'idle'
	; state (waiting to process). If the number
	; of 'idle' processes is less than this
	; number then some children will be created.
	; pm.max_spare_servers - the maximum number of children in 'idle'
	; state (waiting to process). If the number
	; of 'idle' processes is greater than this
	; number then some children will be killed.
	; Note: This value is mandatory.
	pm = dynamic

	; The number of child processes to be created when pm is set to 'static' and the
	; maximum number of child processes to be created when pm is set to 'dynamic'.
	; This value sets the limit on the number of simultaneous requests that will be
	; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
	; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
	; CGI.
	; Note: Used when pm is set to either 'static' or 'dynamic'
	; Note: This value is mandatory.
	pm.max_children = 50

	; The number of child processes created on startup.
	; Note: Used only when pm is set to 'dynamic'
	; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
	pm.start_servers = 10

	; The desired minimum number of idle server processes.
	; Note: Used only when pm is set to 'dynamic'
	; Note: Mandatory when pm is set to 'dynamic'
	pm.min_spare_servers = 5

	; The desired maximum number of idle server processes.
	; Note: Used only when pm is set to 'dynamic'
	; Note: Mandatory when pm is set to 'dynamic'
	pm.max_spare_servers = 35

	; The number of requests each child process should execute before respawning.
	; This can be useful to work around memory leaks in 3rd party libraries. For
	; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
	; Default Value: 0
	pm.max_requests = 500

	; The URI to view the FPM status page. If this value is not set, no URI will be
	; recognized as a status page. By default, the status page shows the following
	; information:
	; accepted conn - the number of request accepted by the pool;
	; pool - the name of the pool;
	; process manager - static or dynamic;
	; idle processes - the number of idle processes;
	; active processes - the number of active processes;
	; total processes - the number of idle + active processes.
	; The values of 'idle processes', 'active processes' and 'total processes' are
	; updated each second. The value of 'accepted conn' is updated in real time.
	; Example output:
	; accepted conn: 12073
	; pool: www
	; process manager: static
	; idle processes: 35
	; active processes: 65
	; total processes: 100
	; By default the status page output is formatted as text/plain. Passing either
	; 'html' or 'json' as a query string will return the corresponding output
	; syntax. Example:
	; http://www.foo.bar/status
	; http://www.foo.bar/status?json
	; http://www.foo.bar/status?html
	; Note: The value must start with a leading slash (/). The value can be
	; anything, but it may not be a good idea to use the .php extension or it
	; may conflict with a real PHP file.
	; Default Value: not set
	;pm.status_path = /status

	; The ping URI to call the monitoring page of FPM. If this value is not set, no
	; URI will be recognized as a ping page. This could be used to test from outside
	; that FPM is alive and responding, or to
	; - create a graph of FPM availability (rrd or such);
	; - remove a server from a group if it is not responding (load balancing);
	; - trigger alerts for the operating team (24/7).
	; Note: The value must start with a leading slash (/). The value can be
	; anything, but it may not be a good idea to use the .php extension or it
	; may conflict with a real PHP file.
	; Default Value: not set
	;ping.path = /ping

	; This directive may be used to customize the response of a ping request. The
	; response is formatted as text/plain with a 200 response code.
	; Default Value: pong
	;ping.response = pong

	; The timeout for serving a single request after which the worker process will
	; be killed. This option should be used when the 'max_execution_time' ini option
	; does not stop script execution for some reason. A value of '0' means 'off'.
	; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
	; Default Value: 0
	;request_terminate_timeout = 0

	; The timeout for serving a single request after which a PHP backtrace will be
	; dumped to the 'slowlog' file. A value of '0s' means 'off'.
	; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
	; Default Value: 0
	;request_slowlog_timeout = 0

	; The log file for slow requests
	; Default Value: not set
	; Note: slowlog is mandatory if request_slowlog_timeout is set
	slowlog = /var/log/php-fpm/www-slow.log

	; Set open file descriptor rlimit.
	; Default Value: system defined value
	;rlimit_files = 1024

	; Set max core size rlimit.
	; Possible Values: 'unlimited' or an integer greater or equal to 0
	; Default Value: system defined value
	;rlimit_core = 0

	; Chroot to this directory at the start. This value must be defined as an
	; absolute path. When this value is not set, chroot is not used.
	; Note: chrooting is a great security feature and should be used whenever
	; possible. However, all PHP paths will be relative to the chroot
	; (error_log, sessions.save_path, ...).
	; Default Value: not set
	;chroot =

	; Chdir to this directory at the start. This value must be an absolute path.
	; Default Value: current directory or / when chroot
	;chdir = /var/www

	; Redirect worker stdout and stderr into main error log. If not set, stdout and
	; stderr will be redirected to /dev/null according to FastCGI specs.
	; Default Value: no
	;catch_workers_output = yes

	; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
	; the current environment.
	; Default Value: clean env
	;env[HOSTNAME] = $HOSTNAME
	;env[PATH] = /usr/local/bin:/usr/bin:/bin
	;env[TMP] = /tmp
	;env[TMPDIR] = /tmp
	;env[TEMP] = /tmp

	; Additional php.ini defines, specific to this pool of workers. These settings
	; overwrite the values previously defined in the php.ini. The directives are the
	; same as the PHP SAPI:
	; php_value/php_flag - you can set classic ini defines which can
	; be overwritten from PHP call 'ini_set'.
	; php_admin_value/php_admin_flag - these directives won't be overwritten by
	; PHP call 'ini_set'
	; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

	; Defining 'extension' will load the corresponding shared extension from
	; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
	; overwrite previously defined php.ini values, but will append the new value
	; instead.

	; Default Value: nothing is defined by default except the values in php.ini and
	; specified at startup with the -d argument
	;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
	;php_flag[display_errors] = off
	php_admin_value[error_log] = /var/log/php-fpm/www-error.log
	php_admin_flag[log_errors] = on
	;php_admin_value[memory_limit] = 32M
	START=yes
	NFILES=131072
	MEMLOCK=82000
	DAEMON_OPTS="-a :80 \
	-T localhost:6082 \
	-f /etc/varnish/default.vcl \
	-S /etc/varnish/secret \
	-s malloc,250M"
	# /etc/nginx/w3totalcache.conf

	# BEGIN W3TC Browser Cache
	gzip on;
	gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

	gzip_vary on;
	gzip_comp_level 2;
	gzip_proxied any;
	gzip_buffers 16 8k;
	gzip_disable "MSIE [1-6].(?!.*SV1)";

	location ~ \.(css\|js\|htc)$ {
	add_header X-Powered-By "W3 Total Cache/0.9.2.4";
	}

	location ~ \.(html\|htm\|rtf\|rtx\|svg\|svgz\|txt\|xsd\|xsl\|xml)$ {
	add_header X-Powered-By "W3 Total Cache/0.9.2.4";
	}

	location ~ \.(asf\|asx\|wax\|wmv\|wmx\|avi\|bmp\|class\|divx\|doc\|docx\|eot\|exe\|gif\|gz\|gzip\|ico\|jpg\|jpeg\|jpe\|mdb\|mid\|midi\|mov\|qt\|mp3\|m4a\|mp4\|m4v\|mpeg\|mpg\|mpe\|mpp\|otf\|odb\|odc\|odf\|odg\|odp\|ods\|odt\|ogg\|pdf\|png\|pot\|pps\|ppt\|pptx\|ra\|ram\|svg\|svgz\|swf\|tar\|tif\|tiff\|ttf\|ttc\|wav\|wma\|wri\|xla\|xls\|xlsx\|xlt\|xlw\|zip)$ {
	add_header X-Powered-By "W3 Total Cache/0.9.2.4";
	}
	# END W3TC Browser Cache

	# BEGIN W3TC Minify core
	set $w3tc_enc "";
	if ($http_accept_encoding ~ gzip) {
	set $w3tc_enc .gzip;
	}
	if (-f $request_filename$w3tc_enc) {
	rewrite (.*) $1$w3tc_enc break;
	}
	rewrite ^/wp-content/w3tc/min/([a-f0-9]+)\/(.+)\.(include(\-(footer\|body))?(-nb)?)\.[0-9]+\.(css\|js)$ /wp-content/w3tc/min/index.php?tt=$1&gg=$2&g=$3&t=$7 last;
	# END W3TC Minify core

	# BEGIN W3TC Minify cache
	location ~ /wp-content/w3tc/min.*\.js$ {
	types {}
	default_type application/x-javascript;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
	add_header Vary "Accept-Encoding";
	}
	location ~ /wp-content/w3tc/min.*\.css$ {
	types {}
	default_type text/css;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify)";
	add_header Vary "Accept-Encoding";
	}
	location ~ /wp-content/w3tc/min.*js\.gzip$ {
	gzip off;
	types {}
	default_type application/x-javascript;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
	add_header Vary "Accept-Encoding";
	add_header Content-Encoding gzip;
	}
	location ~ /wp-content/w3tc/min.*css\.gzip$ {
	gzip off;
	types {}
	default_type text/css;
	add_header X-Powered-By "W3 Total Cache/0.9.1.4b (Minify, Gzipped)";
	add_header Vary "Accept-Encoding";
	add_header Content-Encoding gzip;
	}
	# END W3TC Minify cache
	# /etc/nginx/wordpress.conf

	rewrite ^/products-page/(.+)/index\.php /products-page/$1/?ajax=true last;
	rewrite ^/products-page/index\.php /products-page/?ajax=true last;
	rewrite ^/sitemap\.xml$ /index.php?sitemap=1 last;
	rewrite ^/sitemap\.xml\.gz$ /index.php?sitemap=1 last;
	rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

	### HACK TO REWRITE OLD UPLOAD FILES TO CLOUDFRONT CDN TO AVOID 404s ###
	if ($http_host !~ "^.+.dev$"){
	set $rule_0 1$rule_0;
	}
	if ($rule_0 = "1"){
	rewrite ^/wp-content/uploads/(.+) http://dhwlijwe9jil7.cloudfront.net/files/$1 permanent;
	}

	### REWRITE TO UPLOADS TO CLOUDFRONT ###
	if ($uri ~ "^/files/.+$"){
	set $rule_3 1$rule_3;
	}
	if ($http_host !~ "^.+.dev$"){
	set $rule_3 2$rule_3;
	}
	if ($http_host !~* "^.+cloudfront.net$"){
	set $rule_3 3$rule_3;
	}
	if ($rule_3 = "321"){
	rewrite ^/ http://dhwlijwe9jil7.cloudfront.net$uri permanent;
	}

	### DEFAULT REWRITE TO WP FILES ###
	rewrite ^/files/(.+) /wp-includes/ms-files.php?file=$1 last;

	### REWRITE TO APEX###
	if ($host ~* www\.(.*)) {
	set $host_without_www $1;
	rewrite ^(.*)$ http://$host_without_www$1 permanent;
	}

	### WORDPRESS LOCATIONS ###

	location / {
	try_files $uri $uri/ /index.php?$args @wordpress;
	}

	location @wordpress {
	rewrite ^./files/(.) /wp-includes/ms-files.php?file=$1;
	if (!-e $request_filename) {
	rewrite ^.+/products-page/(.*)index.php?ajax=true /products-page/$1/?ajax=true last;
	rewrite ^.+/?(/wp-.*) $1 last;
	rewrite ^.+/?(/.*\.php)$ $1 last;
	rewrite ^(.+)$ /index.php?q=$1 last;
	}
	}

	location ~ \.php$ {
	try_files $uri =404;

	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_param REMOTE_ADDR $http_client_ip;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include /usr/local/etc/nginx/fastcgi_params;
	fastcgi_pass php;
	}

	location ~ /\. { access_log off; log_not_found off; deny all; }

	# Prevent access to any files starting with a $ (usually temp files)
	location ~ ~$ { access_log off; log_not_found off; deny all; }

	# Do not log access to robots.txt, to keep the logs cleaner
	location = /robots.txt { allow all; access_log off; log_not_found off; }

	# Do not log access to the favicon, to keep the logs cleaner
	location = /favicon.ico { access_log off; log_not_found off; }

	location ~* wp-admin/includes { deny all; }
	location ~* wp-includes/theme-compat/ { deny all; }
	location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
	location ~* wp-config.php { deny all; }
	location ^~ /config/ { deny all; }