wturyn · April 24, 2017 11:21
diff --git a/nginx server block b/nginx server block
 List of nginx server block examples
diff --git a/nginx ssl let's encrypt b/nginx ssl let's encrypt
 server {
 	# SSL configuration
 	#
 	listen 443 ssl http2;

 	root /var/www/mywebsite.com;
 	server_name mywebsite.com www.mywebsite.com;
 	charset UTF-8;
 	access_log /var/log/nginx/mywebsite.com-access.log;
 	error_log /var/log/nginx/mywebsite.com-error.log;
 	
 	# First include our certificates and chain of trust
 	ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
 	## verify chain of trust of OCSP response using Root CA and Intermediate certs
 	ssl_trusted_certificate /etc/letsencrypt/live/mywebsite.com/chain.pem;

 	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
 	ssl_dhparam /etc/ssl/certs/dhparam.pem;
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:SSL:128m;
 	ssl_session_tickets off;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	# ciphers recommended by https://mozilla.github.io/server-side-tls/ssl-config-generator/
 	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 	ssl_prefer_server_ciphers on;
 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
 	ssl_stapling on;
 	ssl_stapling_verify on;

 }
 server {
 	listen 80;
 	server_name mywebsite.com www.mywebsite.com;
        return 301 https://mywebsite.com$request_uri;
 # END OF HTTP PORT 80 HOST CONFIG - CLOSING BRACE BELOW THIS LINE
 } 
diff --git a/php b/php
 server {
        listen   80;
     

        root /path/to/files;
        index index.php index.html index.htm;

        server_name my.server.name;

        location / {
                try_files $uri $uri/ /index.html;
        }

        error_page 404 /404.html;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
              root /path/to/files;
        }

        # pass the PHP scripts to FastCGI server listening on the php-fpm socket
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                
        }

 }
diff --git a/php+bolt b/php+bolt
 # Bolt virtual server
 server {
    server_name mycoolsite.com www.mycoolsite.com;
    root /home/mycoolsite.com/public_html;
    index index.php;

    # The main Bolt website
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Generated thumbnail images
    location ~* /thumbs/(.*)$ {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Bolt backend access
    #
    # NOTE: If you set a custom branding path, you will need to change '/bolt/' 
    #       here to match
    location ~* /bolt/(.*)$ {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Backend async routes
    location ~* /async/(.*)$ {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Enforce caching for certain file extension types
    location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff|woff2)$ {
        access_log off;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
    }

    # Don't create logs for favicon.ico or robots.txt requests
    location = /(?:favicon.ico|robots.txt) {
        access_log off;
        log_not_found off;
    }

    # Block PHP files from being run in upload (files), app, theme and extension directories
    location ~* /(?:app|extensions|files|theme)/(.*)\.php$ {
        deny all;
    }

    # Block hidden files
    location ~ /\. {
        deny all;
    }

    # Block access to Sqlite database files
    location ~ /\.(?:db)$ {
        deny all;
    }

    # Block access to the app, cache & vendor directories
    location ~ /(?:app|src|tests|vendor) {
        deny all;
    }

    # Block access to Markdown, Twig & YAML files directly
    location ~* /(.*)\.(?:markdown|md|twig|yaml|yml)$ {
        deny all;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS off;
    }
 }
diff --git a/php+prestashop b/php+prestashop
 server {
    listen 80;
    #listen [::]:80;            # Uncomment this line if you also want to enable IPv6 support
    server_name example.com www.example.com;
    root /var/www/example;
    access_log /var/log/nginx/example.access.log;
    error_log /var/log/nginx/example.error.log;
 
    index index.php index.html; # Letting nginx know which files to try when requesting a folder
 
 
    location = /favicon.ico {
        log_not_found off;      # PrestaShop by default does not provide a favicon.ico
        access_log off;         # Disable logging to prevent excessive log sizes
    }
 
 
     location = /robots.txt {
         auth_basic off;        # Whatever happens, always let bots know about your policy
         allow all;
         log_not_found off;     # Prevent excessive log size
         access_log off;
    }
 
    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
 
    ##
    # Gzip Settings
    ##
 
    gzip on;
    gzip_disable "msie6";                                             # Do people still use Internet Explorer 6? In that case, disable gzip and hope for the best!
    gzip_vary on;                                                     # Also compress content with other MIME types than "text/html"
    gzip_types application/json text/css application/javascript;      # We only want to compress json, css and js. Compressing images and such isn't worth it
    gzip_proxied any;
    gzip_comp_level 6;                                                # Set desired compression ratio, higher is better compression, but slower
    gzip_buffers 16 8k;                                               # Gzip buffer size
    gzip_http_version 1.0;                                            # Compress every type of HTTP request
     
    rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
    rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2.jpg last;
    rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3.jpg last;
    rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last;
    rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last;
    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last;
    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last;
    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last;
    rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last;
    rewrite ^/c/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
    rewrite ^/c/([a-zA-Z-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1.jpg last;
    rewrite ^/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
    try_files $uri $uri/ /index.php?$args;
 
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_keep_conn on;
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;                    # When using TCP
        #fastcgi_pass unix:/var/run/php/php-fpm.sock;   # When using unix sockets
    }
 }
diff --git a/php+silex b/php+silex
 server {
    server_name domain.tld www.domain.tld;
    root /var/www/project/web;

    location / {
        # try to serve file directly, fallback to front controller
        try_files $uri /index.php$is_args$args;
    }

    # If you have 2 front controllers for dev|prod use the following line instead
    # location ~ ^/(index|index_dev)\.php(/|$) {
    location ~ ^/index\.php(/|$) {
        # the ubuntu default
        fastcgi_pass   unix:/var/run/php/php7.0-fpm.sock;
        # for running on centos
        #fastcgi_pass   unix:/var/run/php-fpm/www.sock;

        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS off;

        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/index.php/some-path
        # Enable the internal directive to disable URIs like this
        # internal;
    }

    #return 404 for all php files as we do have a front controller
    location ~ \.php$ {
        return 404;
    }

    error_log /var/log/nginx/project_error.log;
    access_log /var/log/nginx/project_access.log;
 }
diff --git a/php+symfony b/php+symfony
 server {
    server_name domain.tld www.domain.tld;
    root /var/www/project/web;

    location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /app.php$is_args$args;
    }
    # DEV
    # This rule should only be placed on your development environment
    # In production, don't include this and don't deploy app_dev.php or config.php
    location ~ ^/(app_dev|config)\.php(/|$) {
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        # When you are using symlinks to link the document root to the
        # current version of your application, you should pass the real
        # application path instead of the path to the symlink to PHP
        # FPM.
        # Otherwise, PHP's OPcache may not properly detect changes to
        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
        # for more information).
        fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
    }
    # PROD
    location ~ ^/app\.php(/|$) {
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        # When you are using symlinks to link the document root to the
        # current version of your application, you should pass the real
        # application path instead of the path to the symlink to PHP
        # FPM.
        # Otherwise, PHP's OPcache may not properly detect changes to
        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
        # for more information).
        fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/app.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    error_log /var/log/nginx/project_error.log;
    access_log /var/log/nginx/project_access.log;
 }
diff --git a/php+wordpress b/php+wordpress
 server {
        root /path/to/files;
        index index.php index.html index.htm;
        server_name your_domain.com;

        location / {
                # try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php?q=$uri&$args;
        }

        error_page 404 /404.html;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
 }
diff --git a/static b/static
 server {
        listen 80;

        root /path/to/files;

        index index.html;

        server_name domain.example.com;

        location / {
                try_files $uri $uri/ =404;
        }

 }
diff --git a/upstream with load balancer b/upstream with load balancer
 upstream lb-app-upstream {
    ip_hash;
    server 127.0.0.1:3000 weight=10 max_fails=3 fail_timeout=30s;
    server 127.0.0.1:3001 weight=10 max_fails=3 fail_timeout=30s;
    keepalive 8;
 }

 # the nginx server instance
 server {
    listen 0.0.0.0:80;
    server_name yourdomain.com yourdomain;
    access_log /var/log/nginx/yourdomain.log;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;

      proxy_pass http://lb-app-upstream;
      proxy_redirect off;
    }
 }
diff --git a/upstream+websockets b/upstream+websockets
 upstream app-upstream {
    server 127.0.0.1:3000;
    keepalive 8;
 }

 # the nginx server instance
 server {
    listen 0.0.0.0:80;
    server_name yourdomain.com yourdomain;
    access_log /var/log/nginx/yourdomain.log;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;

      proxy_pass http://app-upstream/;
      proxy_redirect off;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
 }
	server {
	# SSL configuration
	#
	listen 443 ssl http2;

	root /var/www/mywebsite.com;
	server_name mywebsite.com www.mywebsite.com;
	charset UTF-8;
	access_log /var/log/nginx/mywebsite.com-access.log;
	error_log /var/log/nginx/mywebsite.com-error.log;

	# First include our certificates and chain of trust
	ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
	## verify chain of trust of OCSP response using Root CA and Intermediate certs
	ssl_trusted_certificate /etc/letsencrypt/live/mywebsite.com/chain.pem;

	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
	# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:128m;
	ssl_session_tickets off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	# ciphers recommended by https://mozilla.github.io/server-side-tls/ssl-config-generator/
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
	ssl_stapling on;
	ssl_stapling_verify on;

	}
	server {
	listen 80;
	server_name mywebsite.com www.mywebsite.com;
	return 301 https://mywebsite.com$request_uri;
	# END OF HTTP PORT 80 HOST CONFIG - CLOSING BRACE BELOW THIS LINE
	}
	server {
	listen 80;


	root /path/to/files;
	index index.php index.html index.htm;

	server_name my.server.name;

	location / {
	try_files $uri $uri/ /index.html;
	}

	error_page 404 /404.html;

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /path/to/files;
	}

	# pass the PHP scripts to FastCGI server listening on the php-fpm socket
	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;

	}

	}
	# Bolt virtual server
	server {
	server_name mycoolsite.com www.mycoolsite.com;
	root /home/mycoolsite.com/public_html;
	index index.php;

	# The main Bolt website
	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	# Generated thumbnail images
	location ~* /thumbs/(.*)$ {
	try_files $uri $uri/ /index.php?$query_string;
	}

	# Bolt backend access
	#
	# NOTE: If you set a custom branding path, you will need to change '/bolt/'
	# here to match
	location ~* /bolt/(.*)$ {
	try_files $uri $uri/ /index.php?$query_string;
	}

	# Backend async routes
	location ~* /async/(.*)$ {
	try_files $uri $uri/ /index.php?$query_string;
	}

	# Enforce caching for certain file extension types
	location ~* \.(?:ico\|css\|js\|gif\|jpe?g\|png\|ttf\|woff\|woff2)$ {
	access_log off;
	expires 30d;
	add_header Pragma public;
	add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
	}

	# Don't create logs for favicon.ico or robots.txt requests
	location = /(?:favicon.ico\|robots.txt) {
	access_log off;
	log_not_found off;
	}

	# Block PHP files from being run in upload (files), app, theme and extension directories
	location ~* /(?:app\|extensions\|files\|theme)/(.*)\.php$ {
	deny all;
	}

	# Block hidden files
	location ~ /\. {
	deny all;
	}

	# Block access to Sqlite database files
	location ~ /\.(?:db)$ {
	deny all;
	}

	# Block access to the app, cache & vendor directories
	location ~ /(?:app\|src\|tests\|vendor) {
	deny all;
	}

	# Block access to Markdown, Twig & YAML files directly
	location ~* /(.*)\.(?:markdown\|md\|twig\|yaml\|yml)$ {
	deny all;
	}

	location ~ \.php$ {
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param HTTPS off;
	}
	}
	server {
	listen 80;
	#listen [::]:80; # Uncomment this line if you also want to enable IPv6 support
	server_name example.com www.example.com;
	root /var/www/example;
	access_log /var/log/nginx/example.access.log;
	error_log /var/log/nginx/example.error.log;

	index index.php index.html; # Letting nginx know which files to try when requesting a folder


	location = /favicon.ico {
	log_not_found off; # PrestaShop by default does not provide a favicon.ico
	access_log off; # Disable logging to prevent excessive log sizes
	}


	location = /robots.txt {
	auth_basic off; # Whatever happens, always let bots know about your policy
	allow all;
	log_not_found off; # Prevent excessive log size
	access_log off;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6"; # Do people still use Internet Explorer 6? In that case, disable gzip and hope for the best!
	gzip_vary on; # Also compress content with other MIME types than "text/html"
	gzip_types application/json text/css application/javascript; # We only want to compress json, css and js. Compressing images and such isn't worth it
	gzip_proxied any;
	gzip_comp_level 6; # Set desired compression ratio, higher is better compression, but slower
	gzip_buffers 16 8k; # Gzip buffer size
	gzip_http_version 1.0; # Compress every type of HTTP request

	rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
	rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2.jpg last;
	rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3.jpg last;
	rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last;
	rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last;
	rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last;
	rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last;
	rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last;
	rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last;
	rewrite ^/c/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
	rewrite ^/c/([a-zA-Z-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1.jpg last;
	rewrite ^/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
	try_files $uri $uri/ /index.php?$args;

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_keep_conn on;
	include /etc/nginx/fastcgi_params;
	fastcgi_pass 127.0.0.1:9000; # When using TCP
	#fastcgi_pass unix:/var/run/php/php-fpm.sock; # When using unix sockets
	}
	}
	server {
	server_name domain.tld www.domain.tld;
	root /var/www/project/web;

	location / {
	# try to serve file directly, fallback to front controller
	try_files $uri /index.php$is_args$args;
	}

	# If you have 2 front controllers for dev\|prod use the following line instead
	# location ~ ^/(index\|index_dev)\.php(/\|$) {
	location ~ ^/index\.php(/\|$) {
	# the ubuntu default
	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	# for running on centos
	#fastcgi_pass unix:/var/run/php-fpm/www.sock;

	fastcgi_split_path_info ^(.+\.php)(/.*)$;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param HTTPS off;

	# Prevents URIs that include the front controller. This will 404:
	# http://domain.tld/index.php/some-path
	# Enable the internal directive to disable URIs like this
	# internal;
	}

	#return 404 for all php files as we do have a front controller
	location ~ \.php$ {
	return 404;
	}

	error_log /var/log/nginx/project_error.log;
	access_log /var/log/nginx/project_access.log;
	}
	upstream lb-app-upstream {
	ip_hash;
	server 127.0.0.1:3000 weight=10 max_fails=3 fail_timeout=30s;
	server 127.0.0.1:3001 weight=10 max_fails=3 fail_timeout=30s;
	keepalive 8;
	}

	# the nginx server instance
	server {
	listen 0.0.0.0:80;
	server_name yourdomain.com yourdomain;
	access_log /var/log/nginx/yourdomain.log;

	# pass the request to the node.js server with the correct headers
	# and much more can be added, see nginx config options
	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-NginX-Proxy true;

	proxy_pass http://lb-app-upstream;
	proxy_redirect off;
	}
	}
	upstream app-upstream {
	server 127.0.0.1:3000;
	keepalive 8;
	}

	# the nginx server instance
	server {
	listen 0.0.0.0:80;
	server_name yourdomain.com yourdomain;
	access_log /var/log/nginx/yourdomain.log;

	# pass the request to the node.js server with the correct headers
	# and much more can be added, see nginx config options
	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-NginX-Proxy true;

	proxy_pass http://app-upstream/;
	proxy_redirect off;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}
	}