Newer
Older
#######################################################
### nginx.conf site standard vhost include start
#######################################################
set $nocache_details "Cache";
###
Grazyna Jaworska
committed
### Deny crawlers.
Grazyna Jaworska
committed
return 403;
Grazyna Jaworska
committed
###
### Include high load protection config if exists.
###
Grazyna Jaworska
committed
include /data/conf/nginx_high_load.c*;
Grazyna Jaworska
committed
###
### Deny not compatible request methods without 405 response.
###
Grazyna Jaworska
committed
if ( $request_method !~ ^(?:GET|HEAD|POST|PUT|DELETE|OPTIONS)$ ) {
Grazyna Jaworska
committed
return 403;
Grazyna Jaworska
committed
### Deny listed requests for security reasons.
Grazyna Jaworska
committed
return 403;
### Include high level local configuration override if exists.
include /data/disk/EDIT_USER/config/server_master/nginx/post.d/nginx_force_include*;
###
### CDN Far Future expiration support.
###
location ^~ /cdn/farfuture/ {
tcp_nodelay off;
access_log off;
if_modified_since exact;
set $nocache_details "Skip";
location ~* ^/cdn/farfuture/.+\.(?:css|js|jpe?g|gif|png|ico|bmp|svg|swf|pdf|docx?|xlsx?|pptx?|tiff?|txt|rtf|class|otf|ttf|woff|eot|less)$ {
expires max;
add_header Access-Control-Allow-Origin *;
add_header X-Header "CDN Far Future Generator 1.0";
add_header Cache-Control "no-transform, public";
add_header Last-Modified "Wed, 20 Jan 1988 04:20:42 GMT";
rewrite ^/cdn/farfuture/[^/]+/[^/]+/(.+)$ /$1 break;
try_files $uri @nobots;
}
location ~* ^/cdn/farfuture/ {
expires epoch;
add_header Access-Control-Allow-Origin *;
add_header X-Header "CDN Far Future Generator 1.1";
add_header Cache-Control "private, must-revalidate, proxy-revalidate";
rewrite ^/cdn/farfuture/[^/]+/[^/]+/(.+)$ /$1 break;
try_files $uri @nobots;
}
try_files $uri @nobots;
}
###
### If favicon else return error 204.
###
location = /favicon.ico {
access_log off;
log_not_found off;
expires 30d;
add_header Access-Control-Allow-Origin *;
Grazyna Jaworska
committed
try_files /sites/$server_name/files/favicon.ico $uri =204;
### Support for https://drupal.org/project/robotstxt module
### and static file in the sites/domain/files directory.
###
location = /robots.txt {
access_log off;
log_not_found off;
try_files /sites/$server_name/files/$host.robots.txt /sites/$server_name/files/robots.txt $uri @cache;
}
###
### Allow local access to support wget method in Aegir settings
### for running sites cron.
###
location = /cron.php {
access_log off;
allow 127.0.0.1;
deny all;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
}
###
### Send search to php-fpm early so searching for node.js will work.
Grazyna Jaworska
committed
### Deny bots on search uri.
location ^~ /search {
location ~* ^/search {
if ($is_bot) {
Grazyna Jaworska
committed
return 403;
}
try_files $uri @cache;
Grazyna Jaworska
committed
###
Grazyna Jaworska
committed
###
location ^~ /js/ {
location ~* ^/js/ {
if ($is_bot) {
return 403;
}
rewrite ^/(.*)$ /js.php?q=$1 last;
}
}
Grazyna Jaworska
committed
### Deny crawlers and never cache known AJAX and webform requests.
location ~* /(?:ahah|ajax|batch|autocomplete|webform|done|progress/|x-progress-id|js/.*) {
Grazyna Jaworska
committed
return 403;
}
###
### Deny access to Hostmaster web/db server node.
### It is still possible to edit or break web/db server
### node at /node/2/edit, if you know what are you doing.
###
location ^~ /hosting/c/server_master {
if ($cache_uid = '') {
return 403;
}
if ($is_bot) {
return 403;
}
access_log off;
rewrite ^ $scheme://$host/hosting/sites permanent;
}
###
### Deny access to Hostmaster db server node.
### It is still possible to edit or break db server
### node at /node/4/edit, if you know what are you doing.
###
location ^~ /hosting/c/server_localhost {
if ($cache_uid = '') {
return 403;
}
if ($is_bot) {
return 403;
}
access_log off;
rewrite ^ $scheme://$host/hosting/sites permanent;
}
Grazyna Jaworska
committed
###
### Fix for #2005116
###
location ^~ /hosting/sites {
if ($is_bot) {
return 403;
}
access_log off;
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Fix for Aegir & .info .pl domain extensions.
###
location ^~ /hosting {
if ($is_bot) {
return 403;
}
access_log off;
set $nocache_details "Skip";
Grazyna Jaworska
committed
try_files $uri @cache;
}
###
### Deny cache details display.
###
location ^~ /admin/settings/performance/cache-backend {
rewrite ^ $scheme://$host/admin/settings/performance permanent;
}
###
### Deny cache details display.
###
location ^~ /admin/config/development/performance/redis {
access_log off;
rewrite ^ $scheme://$host/admin/config/development/performance permanent;
}
###
### Support for backup_migrate module download/restore/delete actions.
###
location ^~ /admin {
Grazyna Jaworska
committed
return 403;
}
access_log off;
set $nocache_details "Skip";
try_files $uri @drupal;
}
Grazyna Jaworska
committed
###
### Avoid caching /civicrm* and protect it from bots.
###
location ^~ /civicrm {
if ($is_bot) {
return 403;
}
set $nocache_details "Skip";
try_files $uri @drupal;
}
location ^~ /audio/download {
location ~* ^/audio/download/.*/.*\.(?:mp3|mp4|m4a|ogg)$ {
if ($is_bot) {
Grazyna Jaworska
committed
return 403;
access_log off;
set $nocache_details "Skip";
try_files $uri @drupal;
Grazyna Jaworska
committed
### Deny listed requests for security reasons.
location ~* (/\..*|settings\.php$|\.(?:git|htaccess|engine|make|config|inc|ini|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ {
Grazyna Jaworska
committed
access_log off;
Grazyna Jaworska
committed
return 404;
Grazyna Jaworska
committed
###
### Deny listed requests for security reasons.
###
location ~* /(?:modules|themes|libraries)/.*\.(?:txt|md)$ {
Grazyna Jaworska
committed
access_log off;
return 404;
}
###
### Deny listed requests for security reasons.
###
location ~* ^/sites/.*/files/civicrm/(?:ConfigAndLog|upload|templates_c) {
access_log off;
Grazyna Jaworska
committed
return 404;
}
###
### Deny some not supported URI like cgi-bin on the Nginx level.
###
Grazyna Jaworska
committed
return 404;
Grazyna Jaworska
committed
### Deny bots on some weak modules uri.
location ~* (?:validation|aggregator|vote_up_down|captcha|vbulletin|glossary/) {
Grazyna Jaworska
committed
return 403;
try_files $uri @cache;
}
###
### Responsive Images support.
###
location ~* \.r\.(?:jpe?g|png|gif) {
if ( $http_cookie ~* "rwdimgsize=large" ) {
rewrite ^/(.*)/mobile/(.*)\.r(\.(?:jpe?g|png|gif))$ /$1/desktop/$2$3 last;
}
rewrite ^/(.*)\.r(\.(?:jpe?g|png|gif))$ /$1$2 last;
access_log off;
add_header X-Header "RI Generator 1.0";
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Adaptive Image Styles support.
###
location ~* /(?:.+)/files/styles/adaptive/(?:.+)$ {
if ( $http_cookie ~* "ais=(?<ais_cookie>[a-z0-9-_]+)" ) {
rewrite ^/(.+)/files/styles/adaptive/(.+)$ /$1/files/styles/$ais_cookie/$2 last;
}
access_log off;
add_header X-Header "AIS Generator 1.0";
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Imagecache and imagecache_external support.
###
location ~* /(?:external|system|files/imagecache|files/styles)/ {
access_log off;
log_not_found off;
expires 30d;
# fix common problems with old paths after import from standalone to Aegir multisite
Grazyna Jaworska
committed
rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$server_name/files/imagecache/$2/$3 last;
Grazyna Jaworska
committed
rewrite ^/sites/(.*)/files/imagecache/(.*)/files/(.*)$ /sites/$server_name/files/imagecache/$2/$3 last;
Grazyna Jaworska
committed
rewrite ^/files/imagecache/(.*)$ /sites/$server_name/files/imagecache/$1 last;
rewrite ^/files/styles/(.*)$ /sites/$server_name/files/styles/$1 last;
add_header X-Header "IC Generator 1.0";
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Deny direct access to backups.
###
location ~* ^/sites/.*/files/backup_migrate/ {
access_log off;
deny all;
}
###
### Deny direct access to config files in Drupal 8.
###
location ~* ^/sites/.*/files/config_.* {
access_log off;
deny all;
}
###
### Include local configuration override if exists.
###
include /data/disk/EDIT_USER/config/server_master/nginx/post.d/nginx_vhost_include*;
###
### Private downloads are always sent to the drupal backend.
### Note: this location doesn't work with X-Accel-Redirect.
###
location ~* ^/sites/.*/files/private/ {
access_log off;
rewrite ^/sites/.*/files/private/(.*)$ $scheme://$host/system/files/private/$1 permanent;
add_header X-Header "Private Generator 1.0a";
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Deny direct access to private downloads in sites/domain/private.
### Note: this location works with X-Accel-Redirect.
###
location ~* ^/sites/.*/private/ {
access_log off;
internal;
}
###
### Deny direct access to private downloads also for short, rewritten URLs.
### Note: this location works with X-Accel-Redirect.
###
location ~* /files/private/ {
###
### Wysiwyg Fields support.
###
location ~* wysiwyg_fields/(?:plugins|scripts)/.*\.(?:js|css) {
access_log off;
log_not_found off;
try_files $uri @nobots;
}
###
### Advagg_css and Advagg_js support.
###
location ~* files/advagg_(?:css|js)/ {
expires max;
access_log off;
etag off;
Grazyna Jaworska
committed
rewrite ^/files/advagg_(.*)/(.*)$ /sites/$server_name/files/advagg_$1/$2 last;
Grazyna Jaworska
committed
add_header Cache-Control "max-age=31449600, no-transform, public";
add_header Last-Modified "Wed, 20 Jan 1988 04:20:42 GMT";
add_header Access-Control-Allow-Origin *;
add_header X-Header "AdvAgg Generator 1.0";
set $nocache_details "Skip";
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
}
###
### Make css files compatible with boost caching.
###
location ~* \.css$ {
if ( $request_method = POST ) {
return 405;
}
if ( $cache_uid ) {
return 405;
}
error_page 405 = @uncached;
access_log off;
tcp_nodelay off;
expires max; #if using aggregator
add_header X-Header "Boost Citrus 2.1";
try_files /cache/perm/$host${uri}_.css $uri =404;
}
###
### Make js files compatible with boost caching.
###
location ~* \.(?:js|htc)$ {
if ( $request_method = POST ) {
return 405;
}
if ( $cache_uid ) {
return 405;
}
error_page 405 = @uncached;
access_log off;
tcp_nodelay off;
expires max; # if using aggregator
add_header X-Header "Boost Citrus 2.2";
try_files /cache/perm/$host${uri}_.js $uri =404;
}
###
Grazyna Jaworska
committed
### Support for static .json files with fast 404 +Boost compatibility.
Grazyna Jaworska
committed
location ~* ^/sites/.*/files/.*\.json$ {
access_log off;
tcp_nodelay off;
expires max; ### if using aggregator
add_header X-Header "Boost Citrus 2.3";
Grazyna Jaworska
committed
add_header Access-Control-Allow-Origin *;
try_files /cache/normal/$host${uri}_.json $uri =404;
Grazyna Jaworska
committed
###
### Support for dynamic .json requests.
###
location ~* \.json$ {
try_files $uri @cache;
}
###
### Helper location to bypass boost static files cache for logged in users.
###
location @uncached {
access_log off;
expires max; # max if using aggregator, otherwise sane expire time
}
###
### Map /files/ shortcut early to avoid overrides in other locations.
###
location ^~ /files/ {
location ~* ^.+\.(?:pdf|jpe?g|gif|png|ico|bmp|svg|swf|docx?|xlsx?|pptx?|tiff?|txt|rtf|cgi|bat|pl|dll|class|otf|ttf|woff|eot|less|avi|mpe?g|mov|wmv|mp3|ogg|ogv|wav|midi|zip|tar|t?gz|rar|dmg|exe|apk|pxl|ipa)$ {
expires 30d;
tcp_nodelay off;
access_log off;
log_not_found off;
add_header Access-Control-Allow-Origin *;
rewrite ^/files/(.*)$ /sites/$server_name/files/$1 last;
try_files $uri =404;
}
try_files $uri @cache;
}
###
### Map /downloads/ shortcut early to avoid overrides in other locations.
###
location ^~ /downloads/ {
location ~* ^.+\.(?:pdf|jpe?g|gif|png|ico|bmp|svg|swf|docx?|xlsx?|pptx?|tiff?|txt|rtf|cgi|bat|pl|dll|class|otf|ttf|woff|eot|less|avi|mpe?g|mov|wmv|mp3|ogg|ogv|wav|midi|zip|tar|t?gz|rar|dmg|exe|apk|pxl|ipa)$ {
expires 30d;
tcp_nodelay off;
access_log off;
log_not_found off;
add_header Access-Control-Allow-Origin *;
rewrite ^/downloads/(.*)$ /sites/$server_name/files/downloads/$1 last;
try_files $uri =404;
}
try_files $uri @cache;
}
###
### Serve & no-log static files & images directly,
### without all standard drupal rewrites, php-fpm etc.
###
location ~* ^.+\.(?:jpe?g|gif|png|ico|bmp|svg|swf|docx?|xlsx?|pptx?|tiff?|txt|rtf|cgi|bat|pl|dll|class|otf|ttf|woff|eot|less|mp3|wav|midi)$ {
expires 30d;
tcp_nodelay off;
access_log off;
log_not_found off;
Grazyna Jaworska
committed
add_header Access-Control-Allow-Origin *;
Grazyna Jaworska
committed
rewrite ^/images/(.*)$ /sites/$server_name/files/images/$1 last;
Grazyna Jaworska
committed
rewrite ^/.+/sites/.+/files/(.*)$ /sites/$server_name/files/$1 last;
rewrite ^/odules/civicrm/(.*)$ /sites/all/modules/civicrm/$1 last;
try_files $uri =404;
}
###
### Serve & log bigger media/static/archive files directly,
### without all standard drupal rewrites, php-fpm etc.
###
location ~* ^.+\.(?:avi|mpe?g|mov|wmv|ogg|ogv|zip|tar|t?gz|rar|dmg|exe|apk|pxl|ipa)$ {
Grazyna Jaworska
committed
add_header Access-Control-Allow-Origin *;
Grazyna Jaworska
committed
rewrite ^/.+/sites/.+/files/(.*)$ /sites/$server_name/files/$1 last;
Grazyna Jaworska
committed
###
### Serve & no-log some static files directly,
### but only from the files directory to not break
### dynamically created pdf files or redirects for
### legacy URLs with asp/aspx extension.
###
location ~* ^/sites/.+/files/.+\.(?:pdf|aspx?)$ {
expires 30d;
tcp_nodelay off;
access_log off;
log_not_found off;
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
}
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
###
### Pseudo-streaming server-side support for Flash Video (FLV) files.
###
location ~* ^.+\.flv$ {
flv;
add_header Access-Control-Allow-Origin *;
tcp_nodelay off;
tcp_nopush off;
expires 30d;
try_files $uri =404;
}
###
### Pseudo-streaming server-side support for H.264/AAC files.
###
location ~* ^.+\.(?:mp4|m4a)$ {
mp4;
add_header Access-Control-Allow-Origin *;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
tcp_nodelay off;
tcp_nopush off;
expires 30d;
try_files $uri =404;
}
###
### Serve & no-log some static files as is, without forcing default_type.
###
location ~* /(?:cross-?domain)\.xml$ {
access_log off;
tcp_nodelay off;
expires 30d;
add_header X-Header "XML Generator 1.0";
try_files $uri =404;
}
###
### Allow some known php files (like serve.php in the ad module).
###
Grazyna Jaworska
committed
location ~* /(?:modules|libraries)/(?:contrib/)?(?:ad|tinybrowser|f?ckeditor|tinymce|wysiwyg_spellcheck|ecc|civicrm|fbconnect|radioactivity)/.*\.php$ {
tcp_nopush off;
keepalive_requests 0;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
}
###
### Serve & no-log static helper files used in some wysiwyg editors.
###
location ~* ^/sites/.*/(?:modules|libraries)/(?:contrib/)?(?:tinybrowser|f?ckeditor|tinymce|flowplayer|jwplayer|videomanager)/.*\.(?:html?|xml)$ {
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
access_log off;
tcp_nodelay off;
expires 30d;
try_files $uri =404;
}
###
### Serve & no-log any not specified above static files directly.
###
location ~* ^/sites/.*/files/ {
access_log off;
tcp_nodelay off;
expires 30d;
try_files $uri =404;
}
###
### Make feeds compatible with boost caching and set correct mime type.
###
location ~* \.xml$ {
if ( $request_method = POST ) {
return 405;
}
if ( $cache_uid ) {
return 405;
}
error_page 405 = @drupal;
access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.4";
charset utf-8;
types { }
Grazyna Jaworska
committed
default_type text/xml;
try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal;
Grazyna Jaworska
committed
### Deny bots on never cached uri.
location ~* ^/(?:.*/)?(?:admin|user|cart|checkout|logout|comment/reply) {
Grazyna Jaworska
committed
return 403;
}
access_log off;
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Protect from DoS attempts on never cached uri.
###
location ~* ^/(?:.*/)?(?:node/[0-9]+/edit|node/add) {
if ($is_bot) {
return 403;
}
access_log off;
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Protect from DoS attempts on never cached uri.
location ~* ^/(?:.*/)?(?:node/[0-9]+/delete|approve) {
if ($cache_uid = '') {
return 403;
}
Grazyna Jaworska
committed
return 403;
}
access_log off;
set $nocache_details "Skip";
try_files $uri @drupal;
}
###
### Support for ESI microcaching: http://groups.drupal.org/node/197478.
###
### This may enhance not only anonymous visitors, but also
### logged in users experience, as it allows you to separate
### microcache for ESI/SSI includes (valid for just 5 seconds)
### from both default Speed Booster cache for anonymous visitors
### (valid by default for 10s or 1h, unless purged on demand via
### recently introduced Purge/Expire modules) and also from
### Speed Booster cache per logged in user (valid for 10 seconds).
###
### Now you have three different levels of Speed Booster cache
### to leverage and deliver the 'live content' experience for
### all visitors, and still protect your server from DoS or
### simply high load caused by unexpected high traffic etc.
###
location ~ ^/(?<esi>esi/.*)"$ {
ssi on;
ssi_silent_errors on;
internal;
add_header X-Device "$device";
add_header X-Speed-Micro-Cache "$upstream_cache_status";
add_header X-Speed-Micro-Cache-Expire "5s";
add_header X-NoCache "$nocache_details";
add_header X-GeoIP-Country-Code "$geoip_country_code";
add_header X-GeoIP-Country-Name "$geoip_country_name";
add_header X-This-Proto "$http_x_forwarded_proto";
Grazyna Jaworska
committed
add_header X-Server-Name "$server_name";
###
### Set correct, local $uri.
###
fastcgi_param QUERY_STRING q=$esi;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_pass 127.0.0.1:9000;
###
### Use Nginx cache for all visitors.
###
set $nocache "";
if ( $http_cookie ~* "NoCacheID" ) {
set $nocache "NoCache";
}
fastcgi_cache speed;
fastcgi_cache_methods GET HEAD;
fastcgi_cache_min_uses 1;
fastcgi_cache_key "$is_bot$device$host$request_method$uri$is_args$args$cache_uid$http_x_forwarded_proto";
fastcgi_cache_valid 200 301 404 5s;
fastcgi_cache_valid 302 1m;
fastcgi_ignore_headers Cache-Control Expires;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header X-Accel-Expires;
fastcgi_pass_header X-Accel-Redirect;
fastcgi_no_cache $cookie_NoCacheID $http_authorization $http_pragma $nocache;
fastcgi_cache_bypass $cookie_NoCacheID $http_authorization $http_pragma $nocache;
Grazyna Jaworska
committed
fastcgi_cache_use_stale error http_500 http_503 invalid_header timeout updating;
tcp_nopush off;
keepalive_requests 0;
###
### Rewrite legacy requests with /index.php to extension-free URL.
###
Grazyna Jaworska
committed
if ( $args ~* "^q=(?<query_value>.*)" ) {
rewrite ^/index.php$ $scheme://$host/?q=$query_value? permanent;
}
###
### Catch all unspecified requests.
###
location / {
if ( $http_user_agent ~* wget ) {
Grazyna Jaworska
committed
return 403;
}
try_files $uri @cache;
}
###
### Boost compatible cache check.
###
location @cache {
if ( $request_method = POST ) {
set $nocache_details "Method";
return 405;
}
if ( $args ~* "nocache=1" ) {
set $nocache_details "Args";
return 405;
}
if ( $sent_http_x_force_nocache = "YES" ) {
set $nocache_details "Skip";
return 405;
}
if ( $http_cookie ~* "NoCacheID" ) {
set $nocache_details "AegirCookie";
return 405;
}
if ( $cache_uid ) {
set $nocache_details "DrupalCookie";
return 405;
}
error_page 405 = @drupal;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 1.9";
charset utf-8;
try_files /cache/normal/$host${uri}_$args.html @drupal;
}
###
### Send all not cached requests to drupal with clean URLs support.
###
location @drupal {
error_page 418 = @nobots;
if ($args) {
return 418;
}
rewrite ^/(.*)$ /index.php?q=$1 last;
}
###
### Send all known bots to $args free URLs.
###
location @nobots {
if ($is_bot) {
rewrite ^ $scheme://$host$uri? permanent;
}
###
### Return 404 on special PHP URLs to avoid revealing version used,
### even indirectly. See also: https://drupal.org/node/2116387
###
if ( $args ~* "=PHP[A-Z0-9]{8}-" ) {
return 404;
}
rewrite ^/(.*)$ /index.php?q=$1 last;
}
###
### Send all non-static requests to php-fpm, restricted to known php file.
###
location = /index.php {
internal;
add_header X-Device "$device";
add_header X-Speed-Cache "$upstream_cache_status";
add_header X-Speed-Cache-UID "$cache_uid";
add_header X-Speed-Cache-Key "$key_uri";
add_header X-NoCache "$nocache_details";
add_header X-GeoIP-Country-Code "$geoip_country_code";
add_header X-GeoIP-Country-Name "$geoip_country_name";
add_header X-This-Proto "$http_x_forwarded_proto";
Grazyna Jaworska
committed
add_header X-Server-Name "$server_name";
tcp_nopush off;
keepalive_requests 0;
try_files $uri =404; ### check for existence of php file first
fastcgi_pass 127.0.0.1:9000;
###
### Use Nginx cache for all visitors.
###
set $nocache "";
if ( $nocache_details ~ (?:AegirCookie|Args|Skip) ) {
set $nocache "NoCache";
}
fastcgi_cache speed;
fastcgi_cache_methods GET HEAD; ### Nginx default, but added for clarity
fastcgi_cache_min_uses 1;
fastcgi_cache_key "$is_bot$device$host$request_method$key_uri$cache_uid$http_x_forwarded_proto$sent_http_x_local_proto$cookie_respimg";
fastcgi_cache_valid 301 403 404 5s;
fastcgi_cache_valid 500 502 503 504 1s;
fastcgi_ignore_headers Cache-Control Expires;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header X-Accel-Expires;
fastcgi_pass_header X-Accel-Redirect;
fastcgi_no_cache $cookie_NoCacheID $http_authorization $http_pragma $nocache;
fastcgi_cache_bypass $cookie_NoCacheID $http_authorization $http_pragma $nocache;
Grazyna Jaworska
committed
fastcgi_cache_use_stale error http_500 http_503 invalid_header timeout updating;
}
###
### Send other known php requests/files to php-fpm without any caching.
###
location ~* ^/(?:core/)?(?:boost_stats|rtoc|xmlrpc|js)\.php$ {
Grazyna Jaworska
committed
if ($is_bot) {
return 404;
}
tcp_nopush off;
keepalive_requests 0;
access_log off;
try_files $uri =404; ### check for existence of php file first
fastcgi_pass 127.0.0.1:9000;
}
###
### Allow access to /authorize.php and /update.php only for logged in admin user.
###
location ~* ^/(?:core/)?(?:authorize|update)\.php$ {
error_page 418 = @allowupdate;
Grazyna Jaworska
committed
if ( $cache_uid ) {
return 418;
}
return 404;
}
###
### Internal location for /authorize.php and /update.php restricted access.
###
location @allowupdate {
tcp_nopush off;
keepalive_requests 0;
access_log off;
try_files $uri =404; ### check for existence of php file first
fastcgi_pass 127.0.0.1:9000;
}
###
### Deny access to any not listed above php files with 404 error.
return 404;
}
#######################################################
### nginx.conf site standard vhost include end
#######################################################