petemcw · April 12, 2021 13:14
diff --git a/assets.nginxconf b/assets.nginxconf
 # FILE: /etc/nginx/conf.d/assets.conf

 # Directives to send expires headers and turn off 404 error logging for Static assets
 location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
    access_log off;
    log_not_found off;
    expires max;
    add_header Cache-Control public;
 }
diff --git a/default.nginxconf b/default.nginxconf
 # FILE: /etc/nginx/sites-enabled/default.conf

 server {
    # Server settings
    listen 80;
    server_name www.example.com;

    # Logging
    access_log /var/log/nginx/access.log main;
    error_log  /var/log/nginx/error.log warn;
    location = /robots.txt  { access_log off; log_not_found off; }
    location = /favicon.ico { access_log off; log_not_found off; }

    # Configuration
    include /etc/nginx/conf.d/drop.conf;
    include /etc/nginx/conf.d/php.conf;
    include /etc/nginx/conf.d/assets.conf;
    include /etc/nginx/conf.d/drupal.conf;

    # Environment
    root /var/www/example.com/;
    index index.php index.html index.htm;
 }
diff --git a/drop.nginxconf b/drop.nginxconf
 # FILE: /etc/nginx/conf.d/drop.conf

 # Do not log attempts for common files
 location ~ ^/(favicon.ico|robots.txt) {
    access_log off;
    log_not_found off;
 }

 # Deny access to hidden files
 location /. {
    access_log off;
    log_not_found off;
    return 404;
 }

 # Deny obviously bad requests
 location ~ \.(aspx|asp|jsp|cgi)$ {
    return 410;
 }
diff --git a/drupal.nginxconf b/drupal.nginxconf
 # FILE: /etc/nginx/conf.d/drupal.conf

 # Deny access to files the public doesn't need
 location ~* ^.+(\.(txt|log|engine|inc|info|install|make|module|profile|test|po|sh|sql|theme|tpl(\.php)?|xtmpl))$ {
    internal;
 }

 # Deny access to other PHP files
 location ~ \..*/.*\.php {
    internal;
 }

 # Deny access to private and backups
 location ~* ^/sites/.*/(private|files/backup_migrate)/ {
    access_log off;
    return 404;
 }

 # Attempt to serve the request by trying direct file, directory, Drupal Controller
 location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
    expires max;
 }

 # Check: http://wiki.nginx.org/Pitfalls
 location ~* (install|update|apc|info)\.php$ {
    # do not cache dynamic content
    expires off;

    # php5 specific configuration options
    include /etc/nginx/fastcgi.conf;
 }

 # Below locations are for image cache
 location ~* files/styles {
    access_log off;
    log_not_found off;
    expires max;
    try_files $uri @image_rewrite;
 }

 location @image_rewrite {
    rewrite ^/(.*)$ /index.php?q=$1 last;
 }
diff --git a/fastcgi.nginxconf b/fastcgi.nginxconf
 # FILE: /etc/nginx/fastcgi.conf

 fastcgi_param QUERY_STRING        $query_string;
 fastcgi_param REQUEST_METHOD      $request_method;
 fastcgi_param CONTENT_TYPE        $content_type;
 fastcgi_param CONTENT_LENGTH      $content_length;

 fastcgi_param SCRIPT_FILENAME     $request_filename;
 fastcgi_param SCRIPT_NAME         $fastcgi_script_name;
 fastcgi_param REQUEST_URI         $request_uri;
 fastcgi_param DOCUMENT_URI        $document_uri;
 fastcgi_param DOCUMENT_ROOT       $document_root;
 fastcgi_param SERVER_PROTOCOL     $server_protocol;
 fastcgi_param PATH_INFO           $fastcgi_path_info;

 fastcgi_param GATEWAY_INTERFACE   CGI/1.1;
 fastcgi_param SERVER_SOFTWARE     nginx/$nginx_version;

 fastcgi_param REMOTE_ADDR         $remote_addr;
 fastcgi_param REMOTE_PORT         $remote_port;
 fastcgi_param SERVER_ADDR         $server_addr;
 fastcgi_param SERVER_PORT         $server_port;
 fastcgi_param SERVER_NAME         $server_name;

 fastcgi_param HTTPS               $https if_not_empty;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param REDIRECT_STATUS     200;

 fastcgi_connect_timeout           60;
 fastcgi_send_timeout              300;
 fastcgi_read_timeout              300;

 fastcgi_buffer_size               4k;
 fastcgi_buffers                   512 4k;
 fastcgi_busy_buffers_size         8k;
 fastcgi_temp_file_write_size      256k;

 fastcgi_intercept_errors          off;
 fastcgi_ignore_client_abort       off;

 fastcgi_pass_header               *;
 fastcgi_split_path_info           ^(.+\.php)(/.+)$;
 fastcgi_index                     index.php;
diff --git a/nginx.nginxconf b/nginx.nginxconf
 # FILE: /etc/nginx/nginx.conf

 #----------------------------------------------------------------------
 #  http://wiki.nginx.org/NginxMainModule
 #----------------------------------------------------------------------
 user nginx nginx;
 worker_processes 2;
 pid /var/run/nginx/nginx.pid;

 #----------------------------------------------------------------------
 # http://wiki.nginx.org/NginxEventsModule
 #----------------------------------------------------------------------
 events {
    worker_connections 1024;
    accept_mutex off;
 }

 #----------------------------------------------------------------------
 # http://wiki.nginx.org/NginxHttpCoreModule
 #----------------------------------------------------------------------
 http {
    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log warn;

    include mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    # This tells Nginx to ignore the contents of a file it is sending
    # and uses the kernel sendfile instead
    sendfile on;

    # Set this to on if you have sendfile on
    # It will prepend the HTTP response headers before
    # calling sendfile()
    tcp_nopush on;

    # This disables the "Nagle buggering algorithm" (Nginx Docs)
    # Good for websites that send a lot of small requests that
    # don't need a response
    tcp_nodelay on;

    # timeouts
    keepalive_timeout 25;
    send_timeout 30;

    # general options
    charset utf-8;
    server_tokens off;
    server_name_in_redirect off;
    ignore_invalid_headers on;
    recursive_error_pages on;
    merge_slashes on;
    underscores_in_headers on;
    limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    types_hash_max_size 2048;
    server_names_hash_bucket_size 128;
    client_max_body_size 24m;
    client_body_buffer_size 128k;

    # compression
    gzip on;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_vary on;
    gzip_static on;
    gzip_min_length 1024;
    gzip_buffers 32 8k;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
    gzip_disable "MSIE [1-6].(?!.*SV1)";

    # PHP-FPM
    upstream phpfpm {
      server unix:/var/run/nginx/phpfpm.sock;
    }

    # include active sites
    include /etc/nginx/sites-enabled/*;
 }
diff --git a/php.nginxconf b/php.nginxconf
 # FILE: /etc/nginx/conf.d/php.conf

 # Pass PHP scripts to PHP-FPM daemon
 # Check: http://wiki.nginx.org/Pitfalls
 location ~* \.php$ {
    # do not cache dynamic content
    expires off;

    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include /etc/nginx/fastcgi.conf;

    # send requests to Upstream
    fastcgi_pass phpfpm;
 }
	# FILE: /etc/nginx/conf.d/assets.conf

	# Directives to send expires headers and turn off 404 error logging for Static assets
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpe?g\|gif\|png\|ico\|zip\|pdf\|t?gz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|swf\|bmp\|txt\|rtf\|md)$ {
	access_log off;
	log_not_found off;
	expires max;
	add_header Cache-Control public;
	}
	# FILE: /etc/nginx/sites-enabled/default.conf

	server {
	# Server settings
	listen 80;
	server_name www.example.com;

	# Logging
	access_log /var/log/nginx/access.log main;
	error_log /var/log/nginx/error.log warn;
	location = /robots.txt { access_log off; log_not_found off; }
	location = /favicon.ico { access_log off; log_not_found off; }

	# Configuration
	include /etc/nginx/conf.d/drop.conf;
	include /etc/nginx/conf.d/php.conf;
	include /etc/nginx/conf.d/assets.conf;
	include /etc/nginx/conf.d/drupal.conf;

	# Environment
	root /var/www/example.com/;
	index index.php index.html index.htm;
	}
	# FILE: /etc/nginx/conf.d/drop.conf

	# Do not log attempts for common files
	location ~ ^/(favicon.ico\|robots.txt) {
	access_log off;
	log_not_found off;
	}

	# Deny access to hidden files
	location /. {
	access_log off;
	log_not_found off;
	return 404;
	}

	# Deny obviously bad requests
	location ~ \.(aspx\|asp\|jsp\|cgi)$ {
	return 410;
	}
	# FILE: /etc/nginx/conf.d/drupal.conf

	# Deny access to files the public doesn't need
	location ~* ^.+(\.(txt\|log\|engine\|inc\|info\|install\|make\|module\|profile\|test\|po\|sh\|sql\|theme\|tpl(\.php)?\|xtmpl))$ {
	internal;
	}

	# Deny access to other PHP files
	location ~ \../.\.php {
	internal;
	}

	# Deny access to private and backups
	location ~* ^/sites/.*/(private\|files/backup_migrate)/ {
	access_log off;
	return 404;
	}

	# Attempt to serve the request by trying direct file, directory, Drupal Controller
	location / {
	try_files $uri $uri/ /index.php?q=$uri&$args;
	expires max;
	}

	# Check: http://wiki.nginx.org/Pitfalls
	location ~* (install\|update\|apc\|info)\.php$ {
	# do not cache dynamic content
	expires off;

	# php5 specific configuration options
	include /etc/nginx/fastcgi.conf;
	}

	# Below locations are for image cache
	location ~* files/styles {
	access_log off;
	log_not_found off;
	expires max;
	try_files $uri @image_rewrite;
	}

	location @image_rewrite {
	rewrite ^/(.*)$ /index.php?q=$1 last;
	}
	# FILE: /etc/nginx/fastcgi.conf

	fastcgi_param QUERY_STRING $query_string;
	fastcgi_param REQUEST_METHOD $request_method;
	fastcgi_param CONTENT_TYPE $content_type;
	fastcgi_param CONTENT_LENGTH $content_length;

	fastcgi_param SCRIPT_FILENAME $request_filename;
	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param REQUEST_URI $request_uri;
	fastcgi_param DOCUMENT_URI $document_uri;
	fastcgi_param DOCUMENT_ROOT $document_root;
	fastcgi_param SERVER_PROTOCOL $server_protocol;
	fastcgi_param PATH_INFO $fastcgi_path_info;

	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

	fastcgi_param REMOTE_ADDR $remote_addr;
	fastcgi_param REMOTE_PORT $remote_port;
	fastcgi_param SERVER_ADDR $server_addr;
	fastcgi_param SERVER_PORT $server_port;
	fastcgi_param SERVER_NAME $server_name;

	fastcgi_param HTTPS $https if_not_empty;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param REDIRECT_STATUS 200;

	fastcgi_connect_timeout 60;
	fastcgi_send_timeout 300;
	fastcgi_read_timeout 300;

	fastcgi_buffer_size 4k;
	fastcgi_buffers 512 4k;
	fastcgi_busy_buffers_size 8k;
	fastcgi_temp_file_write_size 256k;

	fastcgi_intercept_errors off;
	fastcgi_ignore_client_abort off;

	fastcgi_pass_header *;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_index index.php;
	# FILE: /etc/nginx/nginx.conf

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxMainModule
	#----------------------------------------------------------------------
	user nginx nginx;
	worker_processes 2;
	pid /var/run/nginx/nginx.pid;

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxEventsModule
	#----------------------------------------------------------------------
	events {
	worker_connections 1024;
	accept_mutex off;
	}

	#----------------------------------------------------------------------
	# http://wiki.nginx.org/NginxHttpCoreModule
	#----------------------------------------------------------------------
	http {
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log warn;

	include mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] $request '
	'"$status" $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	# This tells Nginx to ignore the contents of a file it is sending
	# and uses the kernel sendfile instead
	sendfile on;

	# Set this to on if you have sendfile on
	# It will prepend the HTTP response headers before
	# calling sendfile()
	tcp_nopush on;

	# This disables the "Nagle buggering algorithm" (Nginx Docs)
	# Good for websites that send a lot of small requests that
	# don't need a response
	tcp_nodelay on;

	# timeouts
	keepalive_timeout 25;
	send_timeout 30;

	# general options
	charset utf-8;
	server_tokens off;
	server_name_in_redirect off;
	ignore_invalid_headers on;
	recursive_error_pages on;
	merge_slashes on;
	underscores_in_headers on;
	limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 128;
	client_max_body_size 24m;
	client_body_buffer_size 128k;

	# compression
	gzip on;
	gzip_http_version 1.0;
	gzip_proxied any;
	gzip_vary on;
	gzip_static on;
	gzip_min_length 1024;
	gzip_buffers 32 8k;
	gzip_comp_level 6;
	gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript;
	gzip_disable "MSIE [1-6].(?!.*SV1)";

	# PHP-FPM
	upstream phpfpm {
	server unix:/var/run/nginx/phpfpm.sock;
	}

	# include active sites
	include /etc/nginx/sites-enabled/*;
	}
	# FILE: /etc/nginx/conf.d/php.conf

	# Pass PHP scripts to PHP-FPM daemon
	# Check: http://wiki.nginx.org/Pitfalls
	location ~* \.php$ {
	# do not cache dynamic content
	expires off;

	# filter out problem conditions
	location ~ \../.\.php$ { return 404; }

	# bring in parameters
	include /etc/nginx/fastcgi.conf;

	# send requests to Upstream
	fastcgi_pass phpfpm;
	}