-
-
Save Pross/a2b882432ac3f665d3e4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream php { | |
| server 127.0.0.1:9001; | |
| } | |
| upstream hhvm { | |
| server 127.0.0.1:9002; | |
| } | |
| fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache_fpm:100m max_size=1000m; | |
| add_header rt-Fastcgi-Cache $upstream_cache_status; | |
| server { | |
| access_log /var/log/nginx/pross-access.log; | |
| listen 443 ssl spdy; | |
| root /home/pross/public_html; | |
| index index.php index.html; | |
| # SSL Configuration | |
| ssl_certificate /etc/nginx/certs/ssl-unified.crt; | |
| ssl_certificate_key /etc/nginx/certs/ssl.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 24h; | |
| spdy_keepalive_timeout 300; | |
| spdy_headers_comp 6; | |
| add_header Alternate-Protocol 443:npn-spdy/3; | |
| add_header Strict-Transport-Security max-age=31536000; | |
| # See https://bjornjohansen.no/optimizing-https-nginx | |
| # on how to get the following 5 lines working properly | |
| ssl_dhparam /etc/nginx/certs/dhparam.pem; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| ssl_trusted_certificate /etc/ssl/certs/startssl.stapling.crt; | |
| resolver 8.8.8.8 8.8.4.4; | |
| gzip on; | |
| gzip_buffers 16 8k; | |
| gzip_comp_level 9; | |
| gzip_http_version 1.0; | |
| gzip_min_length 0; | |
| gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript; | |
| gzip_vary on; | |
| gzip_proxied expired no-cache no-store private auth; | |
| gzip_disable "MSIE [1-6]\."; | |
| location ~* \.(?:rss|atom)$ { | |
| expires 1h; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~* \.(?:css|js)$ { | |
| expires 1y; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location / { | |
| try_files $uri $uri/ /index.php?$args; | |
| } | |
| location ~ \.(hh|php)$ { | |
| sub_filter </head> | |
| "<script>jQuery(document).ready(function(){jQuery('.p_stats').append(' Nginx: $upstream_cache_status')})</script></head>"; | |
| sub_filter_once on; | |
| # Set some proxy cache stuff | |
| fastcgi_cache microcache_fpm; | |
| fastcgi_cache_key $scheme$host$request_method$request_uri; | |
| fastcgi_cache_valid 200 30s; | |
| fastcgi_cache_use_stale updating; | |
| fastcgi_max_temp_file_size 1M; | |
| fastcgi_cache_min_uses 3; # Hit a URL 3 times before caching it | |
| set $no_cache_set 0; | |
| set $no_cache_get 0; | |
| set $temp_caching_exemption 0; | |
| if ($request_method !~ ^(GET|HEAD)$) { | |
| set $temp_caching_exemption 1; | |
| } | |
| if ( $temp_caching_exemption = 1 ) { | |
| add_header Set-Cookie "_mcnc=1; Max-Age=10; Path=/"; | |
| } | |
| # Bypass cache if no-cache cookie is set | |
| if ( $http_cookie ~* "_mcnc" ) { | |
| set $no_cache_set 1; | |
| set $no_cache_get 1; | |
| } | |
| if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) { | |
| set $no_cache_set 1; | |
| set $no_cache_get 1; | |
| } | |
| # fastcgi_no_cache means "Do not store this proxy response in the cache" | |
| fastcgi_no_cache $no_cache_set; | |
| # fastcgi_cache_bypass means "Do not look in the cache for this request" | |
| fastcgi_cache_bypass $no_cache_get; | |
| include /etc/nginx/fastcgi_params; | |
| proxy_intercept_errors on; | |
| error_page 502 = @fpm; | |
| try_files $uri =404; | |
| fastcgi_pass hhvm; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_index index.php; | |
| } | |
| location @fpm { | |
| try_files $uri /index.php; | |
| include /etc/nginx/fastcgi_params; | |
| fastcgi_pass php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_index index.php; | |
| } | |
| # Local includes | |
| include /home/pross/nginx.conf; | |
| } | |
| server { | |
| listen 443; | |
| server_name www.pross.org.uk; | |
| return 301 https://pross.org.uk$request_uri; | |
| } | |
| server { | |
| listen 80; | |
| server_name www.pross.org.uk; | |
| return 301 https://pross.org.uk$request_uri; | |
| } | |
| server { | |
| listen 80; | |
| server_name pross.org.uk; | |
| return 301 https://pross.org.uk$request_uri; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment