Location,GUJARAT,INDIA
+91 9426209259
vrkansagara@gmail.com

Full Example Configuration | NGINX

Programmer

Full Example Configuration | NGINX

Hello I been using this config since last many years. I just want to share with you  guys.

#openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj “/C=US/ST=State/L=Town/O=Office/CN=vrkansagara.in” -keyout /etc/nginx/ssl/vrkansagara-in.key -out /etc/nginx/ssl/vrkansagara-in.crt
server {
listen 80;
listen 443 ssl;

server_name vrkansagara.in;

if ($server_port = 80) {
return 301 https://vrkansagara.in$request_uri;
}

if ($host = ‘www.vrkansagara.in’) {
return 301 https://vrkansagara.in$request_uri;
}

ssl_certificate /etc/nginx/ssl/vrkansagara-in.key;
ssl_certificate_key /etc/nginx/ssl/vrkansagara-in.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header Strict-Transport-Security “max-age=31536000”;

charset utf-8;

root /var/www;

# Logs
access_log /var/log/nginx/vrkansagara-in-access.log;
error_log /var/log/nginx/vrkansagara-in-error.log;

index index.php;

## Begin – Index
# for subfolders, simply adjust:
# `location /subfolder {`
# and the rewrite to use `/subfolder/index.php`
location / {
add_header X-uri “$uri”;
autoindex on;
autoindex_exact_size on;
autoindex_format html;
autoindex_localtime on;
try_files $uri $uri/ /index.php;
#try_files $uri $uri/ @index;
#Few people actually realise that it does, which is:
#Check for the existence of the file.
#If it does not exist, try and see if there’s a directory with that name.
#Otherwise, fall back to @index (/index.php).
#But, in reality, you only really use $uri/ (step 2) if you really are linking to a directory that will have its own index.php or index.html. Considering you’re using Grav, you will only go to /, and that already goes to /index.php in step 3.
#If you’re not going to use it, don’t keep it around, and you will take out an extra filesystem stat():
# try_files $uri @index;
location /assets {
gzip_static off;
}
}

location @index {
try_files = /index.php?_url=$uri&$query_string;
}
## End – Index

## Begin – Security
# set error handler for these to the @index location
error_page 418 = @index;
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 418; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 418; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 418; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 418; }
## End – Security

location ~ \.php$ {
#location = /index.php {
# add_header X-debug-message “A php file was used” always;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

# output compression saves bandwidth
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

# make sure gzip does not lose large gzipped js or css files
# see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl
gzip_buffers 16 8k;

# Disable gzip for certain browsers.
gzip_disable “MSIE [1-6].(?!.*SV1)”;

location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$ {
expires 30d;
access_log off;
# add_header X-debug-message “A static file was served” always;

}

location ~* \.(ico|css|js|gif|jp?g|png) {
add_header Cache-Control “public, no-transform”;
#if ($args ~ [0-9]+) {
expires max;
# break;
# }
}

## Begin – Security
# deny access to other .php-scripts
location ~ \.php$ { return 418; }
## End – Security

# Block access to .htaccess
location ~ \.htaccess {
deny all;
}
}

 

No Comments

Add your comment