Last active
April 12, 2021 13:14
-
-
Save petemcw/9763826 to your computer and use it in GitHub Desktop.
Drupal-specific Nginx Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/conf.d/assets.conf | |
| # Directives to send expires headers and turn off 404 error logging for Static assets | |
| location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ { | |
| access_log off; | |
| log_not_found off; | |
| expires max; | |
| add_header Cache-Control public; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/sites-enabled/default.conf | |
| server { | |
| # Server settings | |
| listen 80; | |
| server_name www.example.com; | |
| # Logging | |
| access_log /var/log/nginx/access.log main; | |
| error_log /var/log/nginx/error.log warn; | |
| location = /robots.txt { access_log off; log_not_found off; } | |
| location = /favicon.ico { access_log off; log_not_found off; } | |
| # Configuration | |
| include /etc/nginx/conf.d/drop.conf; | |
| include /etc/nginx/conf.d/php.conf; | |
| include /etc/nginx/conf.d/assets.conf; | |
| include /etc/nginx/conf.d/drupal.conf; | |
| # Environment | |
| root /var/www/example.com/; | |
| index index.php index.html index.htm; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/conf.d/drop.conf | |
| # Do not log attempts for common files | |
| location ~ ^/(favicon.ico|robots.txt) { | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Deny access to hidden files | |
| location /. { | |
| access_log off; | |
| log_not_found off; | |
| return 404; | |
| } | |
| # Deny obviously bad requests | |
| location ~ \.(aspx|asp|jsp|cgi)$ { | |
| return 410; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/conf.d/drupal.conf | |
| # Deny access to files the public doesn't need | |
| location ~* ^.+(\.(txt|log|engine|inc|info|install|make|module|profile|test|po|sh|sql|theme|tpl(\.php)?|xtmpl))$ { | |
| internal; | |
| } | |
| # Deny access to other PHP files | |
| location ~ \..*/.*\.php { | |
| internal; | |
| } | |
| # Deny access to private and backups | |
| location ~* ^/sites/.*/(private|files/backup_migrate)/ { | |
| access_log off; | |
| return 404; | |
| } | |
| # Attempt to serve the request by trying direct file, directory, Drupal Controller | |
| location / { | |
| try_files $uri $uri/ /index.php?q=$uri&$args; | |
| expires max; | |
| } | |
| # Check: http://wiki.nginx.org/Pitfalls | |
| location ~* (install|update|apc|info)\.php$ { | |
| # do not cache dynamic content | |
| expires off; | |
| # php5 specific configuration options | |
| include /etc/nginx/fastcgi.conf; | |
| } | |
| # Below locations are for image cache | |
| location ~* files/styles { | |
| access_log off; | |
| log_not_found off; | |
| expires max; | |
| try_files $uri @image_rewrite; | |
| } | |
| location @image_rewrite { | |
| rewrite ^/(.*)$ /index.php?q=$1 last; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/fastcgi.conf | |
| fastcgi_param QUERY_STRING $query_string; | |
| fastcgi_param REQUEST_METHOD $request_method; | |
| fastcgi_param CONTENT_TYPE $content_type; | |
| fastcgi_param CONTENT_LENGTH $content_length; | |
| fastcgi_param SCRIPT_FILENAME $request_filename; | |
| fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
| fastcgi_param REQUEST_URI $request_uri; | |
| fastcgi_param DOCUMENT_URI $document_uri; | |
| fastcgi_param DOCUMENT_ROOT $document_root; | |
| fastcgi_param SERVER_PROTOCOL $server_protocol; | |
| fastcgi_param PATH_INFO $fastcgi_path_info; | |
| fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |
| fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; | |
| fastcgi_param REMOTE_ADDR $remote_addr; | |
| fastcgi_param REMOTE_PORT $remote_port; | |
| fastcgi_param SERVER_ADDR $server_addr; | |
| fastcgi_param SERVER_PORT $server_port; | |
| fastcgi_param SERVER_NAME $server_name; | |
| fastcgi_param HTTPS $https if_not_empty; | |
| # PHP only, required if PHP was built with --enable-force-cgi-redirect | |
| fastcgi_param REDIRECT_STATUS 200; | |
| fastcgi_connect_timeout 60; | |
| fastcgi_send_timeout 300; | |
| fastcgi_read_timeout 300; | |
| fastcgi_buffer_size 4k; | |
| fastcgi_buffers 512 4k; | |
| fastcgi_busy_buffers_size 8k; | |
| fastcgi_temp_file_write_size 256k; | |
| fastcgi_intercept_errors off; | |
| fastcgi_ignore_client_abort off; | |
| fastcgi_pass_header *; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| fastcgi_index index.php; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/nginx.conf | |
| #---------------------------------------------------------------------- | |
| # http://wiki.nginx.org/NginxMainModule | |
| #---------------------------------------------------------------------- | |
| user nginx nginx; | |
| worker_processes 2; | |
| pid /var/run/nginx/nginx.pid; | |
| #---------------------------------------------------------------------- | |
| # http://wiki.nginx.org/NginxEventsModule | |
| #---------------------------------------------------------------------- | |
| events { | |
| worker_connections 1024; | |
| accept_mutex off; | |
| } | |
| #---------------------------------------------------------------------- | |
| # http://wiki.nginx.org/NginxHttpCoreModule | |
| #---------------------------------------------------------------------- | |
| http { | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log warn; | |
| include mime.types; | |
| default_type application/octet-stream; | |
| log_format main '$remote_addr - $remote_user [$time_local] $request ' | |
| '"$status" $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| # This tells Nginx to ignore the contents of a file it is sending | |
| # and uses the kernel sendfile instead | |
| sendfile on; | |
| # Set this to on if you have sendfile on | |
| # It will prepend the HTTP response headers before | |
| # calling sendfile() | |
| tcp_nopush on; | |
| # This disables the "Nagle buggering algorithm" (Nginx Docs) | |
| # Good for websites that send a lot of small requests that | |
| # don't need a response | |
| tcp_nodelay on; | |
| # timeouts | |
| keepalive_timeout 25; | |
| send_timeout 30; | |
| # general options | |
| charset utf-8; | |
| server_tokens off; | |
| server_name_in_redirect off; | |
| ignore_invalid_headers on; | |
| recursive_error_pages on; | |
| merge_slashes on; | |
| underscores_in_headers on; | |
| limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m; | |
| types_hash_max_size 2048; | |
| server_names_hash_bucket_size 128; | |
| client_max_body_size 24m; | |
| client_body_buffer_size 128k; | |
| # compression | |
| gzip on; | |
| gzip_http_version 1.0; | |
| gzip_proxied any; | |
| gzip_vary on; | |
| gzip_static on; | |
| gzip_min_length 1024; | |
| gzip_buffers 32 8k; | |
| gzip_comp_level 6; | |
| gzip_types text/plain text/css application/x-javascript text/comma-separated-values text/xml application/xml application/xml+rss application/atom+xml text/javascript; | |
| gzip_disable "MSIE [1-6].(?!.*SV1)"; | |
| # PHP-FPM | |
| upstream phpfpm { | |
| server unix:/var/run/nginx/phpfpm.sock; | |
| } | |
| # include active sites | |
| include /etc/nginx/sites-enabled/*; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FILE: /etc/nginx/conf.d/php.conf | |
| # Pass PHP scripts to PHP-FPM daemon | |
| # Check: http://wiki.nginx.org/Pitfalls | |
| location ~* \.php$ { | |
| # do not cache dynamic content | |
| expires off; | |
| # filter out problem conditions | |
| location ~ \..*/.*\.php$ { return 404; } | |
| # bring in parameters | |
| include /etc/nginx/fastcgi.conf; | |
| # send requests to Upstream | |
| fastcgi_pass phpfpm; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment