Skip to content

Instantly share code, notes, and snippets.

@hidonet
Last active September 23, 2019 12:22
Show Gist options
  • Save hidonet/7197dd37584dd1333060f664ca5ba2cd to your computer and use it in GitHub Desktop.
Save hidonet/7197dd37584dd1333060f664ca5ba2cd to your computer and use it in GitHub Desktop.
vestacp magento nginx template
# Template Updated At 2019-04-17
upstream php_backend_%domain_idn%_%web_ssl_port% {
server %backend_lsnr%;
#server %backend_lsnr% backup;
}
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
#rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
rewrite ^/(.*\.php)(/)(.*)$ /$1$3 last;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf_letsencrypt*;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location /downloader {
if ($request_uri = '') {
return http://www.urbandictionary.com/define.php?term=smartass;
}
}
location ~ \..*/.*\.php$ {
return 403;
}
client_max_body_size 500M;
if ($http_user_agent ~* (netcrawl|npbot|malicious|apache-httpclient|JoeDog|Siege|foo|bar|apache)) {
return 403;
}
##
# Rewrite for versioned CSS+JS via filemtime
##
rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
location ~* ^.+\.(css|js)$ {
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
##
# Aggressive caching for static files
# If you alter static files often, please use
# add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
##
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
access_log off;
log_not_found off;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /import/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
## Allow admins only to view export folder
location /var/export/ {
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
## Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
## Magento uses a common front handler
location @handler {
rewrite / /index.php;
}
location / {
try_files /maintenance.html index.html $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass %backend_lsnr%;
fastcgi_pass php_backend_%domain_idn%_%web_ssl_port%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
}
# Template Updated At 2019-04-17
upstream php_backend_%domain_idn%_%web_port% {
server %backend_lsnr%;
#server %backend_lsnr% backup;
}
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.html index.php index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
#ssl on;
#ssl_certificate %ssl_pem%;
#ssl_certificate_key %ssl_key%;
#rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
rewrite ^/(.*\.php)(/)(.*)$ /$1$3 last;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf_letsencrypt*;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location /downloader {
if ($request_uri = '') {
return http://www.urbandictionary.com/define.php?term=smartass;
}
}
location ~ \..*/.*\.php$ {
return 403;
}
client_max_body_size 500M;
if ($http_user_agent ~* (netcrawl|npbot|malicious|apache-httpclient|JoeDog|Siege|foo|bar|apache)) {
return 403;
}
##
# Rewrite for versioned CSS+JS via filemtime
##
rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
location ~* ^.+\.(css|js)$ {
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
##
# Aggressive caching for static files
# If you alter static files often, please use
# add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
##
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
access_log off;
log_not_found off;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /import/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
## Allow admins only to view export folder
location /var/export/ {
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
## Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
## Magento uses a common front handler
location @handler {
rewrite / /index.php;
}
location / {
try_files /maintenance.html index.html $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass %backend_lsnr%;
fastcgi_pass php_backend_%domain_idn%_%web_port%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
}
# Installation Steps
Note : If you have these files actually
# 1 ) Run these 2 lines of command in ssh
-- For Centos or Similar Distributions --
wget -O /usr/local/vesta/data/templates/web/nginx/php-fpm/magento1.stpl https://gist.githubusercontent.com/hidonet/7197dd37584dd1333060f664ca5ba2cd/raw/magento.stpl
wget -O /usr/local/vesta/data/templates/web/nginx/php-fpm/magento1.tpl https://gist.githubusercontent.com/hidonet/7197dd37584dd1333060f664ca5ba2cd/raw/magento.tpl
-- For Ubuntu or Similar Distributions --
wget -O /usr/local/vesta/data/templates/web/nginx/php5-fpm/magento1.stpl https://gist.githubusercontent.com/hidonet/7197dd37584dd1333060f664ca5ba2cd/raw/magento.stpl
wget -O /usr/local/vesta/data/templates/web/nginx/php5-fpm/magento1.tpl https://gist.githubusercontent.com/hidonet/7197dd37584dd1333060f664ca5ba2cd/raw/magento.tpl
# 2 ) In vestacp admin click to Packages link and edit existing package or add new one. In package for you can see magento in template list. Select magento and save profile.
@skazhikadyadya
Copy link

Looks ok, thank you! But I can't remove /index.php/ on admin panel in 1.8.0

@hidonet
Copy link
Author

hidonet commented Sep 23, 2019

Looks ok, thank you! But I can't remove /index.php/ on admin panel in 1.8.0

First of all ( in my opinion ) do not use 1.8. Upgrade your magento to latest version.

For removing index.php from urls you have to set System / Configuration / Web / Search Engines Optimization / Use Web Server Rewrites to Yes.

Reindex Catalog Url index and Clear cache.

@skazhikadyadya
Copy link

Thank you for your reply. Do you know any method for automatic update m1 to latest? Magento Downloader no works more. :(

For removing index.php from urls you have to set System / Configuration / Web / Search Engines Optimization / Use Web Server Rewrites to Yes.

Reindex Catalog Url index and Clear cache.

Can't work. If you want I can get you access. ;)

@hidonet
Copy link
Author

hidonet commented Sep 23, 2019

You can not do it with magento downloader. You have do download latest code and migrate your website into it. Or find a professional to do it for you ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment