Nginx configuration for macos

4handy-work

server {
  listen 443 ssl http2;
  server_name local.4-handy.com;
  root /Users/hieple/Code/4handy-work-2/public;
  # security
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_ecdh_curve secp384r1;
    ssl_certificate /usr/local/etc/nginx/ssl/localwork.pem;
    ssl_certificate_key /usr/local/etc/nginx/ssl/localwork.key;
    
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$ {
      gzip_vary on;
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
      add_header X-Test "hiep";
   }
   location /dist/ {
        try_files $uri $uri/ =404;
    }
    location / {
                proxy_pass http://localhost:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
		proxy_set_header Connection keep-alive;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_read_timeout 150s;
   }
}

server {
    listen 80;
    server_name local.4-handy.com;
    return 301 https://$server_name$request_uri;
}

abby

server {
    # Server settings
    listen 80;
    listen 443 ssl;
    server_name local.abby.vn;

    # Project location
    root /Users/hieple/Code/abby; 
    index index.html index.htm index.php;
    # security
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_ecdh_curve secp384r1;
    ssl_certificate /usr/local/etc/nginx/ssl/localhost.pem;
    ssl_certificate_key /usr/local/etc/nginx/ssl/localhost.key;

    # Logging
    access_log off;
    error_log /usr/local/var/log/nginx/error.log warn;

    # Routes
    include /usr/local/etc/nginx/conf.d/security.conf;
    include /usr/local/etc/nginx/conf.d/assets.conf;

    # Uncomment the desired platform
    include /usr/local/etc/nginx/conf.d/wordpress.conf;
}

assets.conf

location = /robots.txt {
    access_log off;
    log_not_found off;
}

location = /favicon.ico {
    access_log off;
    log_not_found off;
}

fastcgi.conf

# FILE: /usr/local/etc/nginx/conf.d/fastcgi.conf


# Tell upstream who is making the request
proxy_set_header                    Host $host;
proxy_set_header                    X-Real-IP $remote_addr;
proxy_set_header                    X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect                      off;

# Allow to complete long running requests
proxy_read_timeout                  600s;

# Do not cache dynamic content
expires                             off;

# PHP Settings
include                             /usr/local/etc/nginx/fastcgi_params;
fastcgi_connect_timeout             15s;
fastcgi_send_timeout                120s;
fastcgi_read_timeout                120s;

fastcgi_buffer_size                 128k;
fastcgi_buffers                     16 16k;
fastcgi_busy_buffers_size           239k;
fastcgi_temp_file_write_size        256k;
fastcgi_max_temp_file_size          0;

fastcgi_intercept_errors            on;
fastcgi_ignore_client_abort         on;

fastcgi_split_path_info             ^(.+?\.php)(/.+)$;
fastcgi_index                       index.php;
fastcgi_pass_header                 *;

nginx.conf

# NGINX
# FILE: /usr/local/etc/nginx/nginx.conf


#------------------------------------------------------------------------------#
#  http://nginx.org/en/docs/ngx_core_module.html
#------------------------------------------------------------------------------#
user hieple staff;
worker_processes 2;
pid /usr/local/var/run/nginx/nginx.pid;

#------------------------------------------------------------------------------#
# http://nginx.org/en/docs/ngx_core_module.html#events
#------------------------------------------------------------------------------#
events {
    worker_connections 1024;
    accept_mutex off;
}

#------------------------------------------------------------------------------#
# http://nginx.org/en/docs/http/ngx_http_core_module.html
#------------------------------------------------------------------------------#
http {
    include mime.types;
    access_log /usr/local/var/log/nginx/access.log;
    error_log  /usr/local/var/log/nginx/error.log warn;

    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    charset utf-8;

    # compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_disable "msie6";
    gzip_http_version 1.0;
    gzip_min_length 1100;
    gzip_proxied any;
    gzip_static on;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        text/comma-separated-values
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/xml+rss
        application/atom+xml
        image/svg+xml;
    gzip_vary on;


    # general options
    directio off;
    disable_symlinks off;
    ignore_invalid_headers on;
    merge_slashes on;
    recursive_error_pages on;
    sendfile off;
    server_name_in_redirect off;
    server_tokens off;
    tcp_nodelay on;
    tcp_nopush on;
    underscores_in_headers on;

    # timeouts
    keepalive_timeout 2 2;
    keepalive_requests 200;
    send_timeout 30;
    client_body_timeout 15;
    client_header_timeout 15;
    reset_timedout_connection on;

    # sizes
    client_body_buffer_size 512k;
    client_max_body_size 64m;
    server_names_hash_bucket_size 128;
    types_hash_max_size 2048;

    # detect https
    map $scheme $fastcgi_https {
        default "";
        https on;
    }

    # PHP-FPM
    upstream phpfpm {
        server unix:/usr/local/var/run/php-fpm.sock;
    }

    # include active sites
    include /usr/local/etc/nginx/servers/*;
}

security.conf

# NGINX
# FILE: /usr/local/etc/nginx/conf.d/security.conf


# Disable all methods besides HEAD, GET, and POST
if ($request_method !~ ^(GET|HEAD|POST)$) {
    return 444;
}

# Do not log attempts for common files
location ~ ^/(favicon.ico|robots.txt) {
    access_log off;
    log_not_found off;
}

# Deny access to hidden files
location /. {
    access_log off;
    log_not_found off;
    return 404;
}

# Deny obviously bad requests
location ~ \.(aspx|asp|jsp|cgi)$ {
    return 410;
}

wordpress.conf

# NGINX
# FILE: /usr/local/etc/nginx/conf.d/wordpress.conf


# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

# Directives to send expires headers and turn off 404 error logging for Static assets
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
    access_log off;
    log_not_found off;
    expires max;

    # CORS headers; this is wide-open, you want to tight it up a bit
    add_header Cache-Control public;
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods GET,OPTIONS;
    add_header Access-Control-Allow-Headers *;
}

# Attempted to match last if rules below fail.
location / {
    try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Pass PHP scripts to PHP-FPM daemon
# Check: http://wiki.nginx.org/Pitfalls
location ~* \.php$ {
    # filter out problem conditions
    try_files $uri $uri/ =404;

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send requests to upstream
    fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}