User:Woozle/nginx/opt/nginx/conf/nginx.conf

worker_processes 4;
 * 1) user nobody;

error_log logs/error.log  info;
 * 1) error_log logs/error.log;
 * 2) error_log logs/error.log  notice;

pid       logs/nginx.pid;

events { worker_connections 1024; }

http {

passenger_root /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.12; passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p194/ruby; ssl_session_cache   shared:SSL:10m; ssl_session_timeout 10m;

include      mime.types; default_type application/octet-stream;

log_format main  '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

access_log logs/access.log  main;

sendfile       on; #tcp_nopush    on;

#keepalive_timeout 0; keepalive_timeout 65;

#gzip on;

server { listen 443; ssl on; ssl_certificate /etc/ssl/localcerts/makeyourlaws.org.combined.crt; ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key; keepalive_timeout 70; proxy_set_header X-Forwarded-Proto $scheme; server_name   wiki.makeyourlaws.org; return 301 http://wiki.makeyourlaws.org$request_uri; }
 * 1) the wiki server does not have SSL. this will generate a domain mismatch error, but it'll redirect to non-https wiki.

server { listen 80; server_name wiki.makeyourlaws.org; root /home/mylwiki/mylwiki-1.19.1; index index.php; client_max_body_size 5m; client_body_timeout 60; location / { try_files $uri $uri/ @rewrite; }       location @rewrite { rewrite ^/(.*)$ /index.php?title=$1&$args; }       location ^~ /maintenance/ { return 403; }       location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME    /home/mylwiki/mylwiki-1.19.1/$fastcgi_script_name; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; }       location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { try_files $uri /index.php; expires max; log_not_found off; }       location = /_.gif { expires max; empty_gif; }       location ^~ /cache/ { deny all; } }
 * 1)  root /home/mylwiki/wiki.makeyourlaws.org;
 * 1) this is a kluge
 * 1) 		fastcgi_pass unix:/tmp/php-fpm.sock;

server { listen 80 default_server; proxy_set_header X-Forwarded-Proto $scheme; server_name   makeyourlaws.org www.makeyourlaws.org makeyourlaws.com www.makeyourlaws.com makeyourlaws.net www.makeyourlaws.net; return 301 https://makeyourlaws.org$request_uri; }
 * 1)        server_name   ~^(www\.)?(? .+)$; # captures it to set $server_name
 * 1)       server_name    www.makeyourlaws.org;

server { listen 443; ssl on; ssl_certificate /etc/ssl/localcerts/makeyourlaws.org.combined.crt; ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key; keepalive_timeout 70; proxy_set_header X-Real-IP  $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Url-Scheme $scheme; proxy_redirect   off; proxy_max_temp_file_size 0;
 * 1) 	proxy_set_header X_FORWARDED_PROTO https;

server_name makeyourlaws.org www.makeyourlaws.org makeyourlaws.com www.makeyourlaws.com makeyourlaws.net www.makeyourlaws.net; root /home/makeyourlaws/makeyourlaws.org/current/public; server_name_in_redirect off; passenger_enabled on;

if ($host != 'makeyourlaws.org' ) { rewrite ^/(.*)$  https://makeyourlaws.org/$1  permanent; }

location ~* ^/assets/ { # Per RFC2616 - 1 year maximum expiry # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html expires 1y; add_header Cache-Control public;

# Some browsers still send conditional-GET requests if there's a	   # Last-Modified header or an ETag header even if they haven't	    # reached the expiry date sent in the Expires header. #   add_header Last-Modified ""; #   add_header ETag ""; break; }	gzip on; gzip_static on; gzip_http_version  1.1; gzip_comp_level 2; gzip_min_length 1000; gzip_proxied    any; #expired no-cache no-store private auth; gzip_types      text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;  # already includes text/html, don't include or you get a warning gzip_disable       "MSIE [1-6]\."; gzip_vary          on; }

# server {
 * 1)       listen       80;
 * 2)        server_name  localhost;

#charset koi8-r;

#access_log logs/host.access.log  main;
 * 1) 	root /home/makeyourlaws/makeyourlaws.org/current/public;
 * 2)        passenger_enabled on;
 * 3)        location / {
 * 4)            root   html;
 * 5)            index  index.html index.htm;
 * 6)        }
 * 1)        }

#error_page 404              /404.html;

# redirect server error pages to the static page /50x.html #
 * 1)        error_page   500 502 503 504  /50x.html;
 * 2)        location = /50x.html {
 * 3)            root   html;
 * 4)        }

# proxy the PHP scripts to Apache listening on 127.0.0.1:80 #       #location ~ \.php$ { #   proxy_pass   http://127.0.0.1; #}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 #       #location ~ \.php$ { #   root           html; #   fastcgi_pass   127.0.0.1:9000; #   fastcgi_index  index.php; #   fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name; #   include        fastcgi_params; #}

# deny access to .htaccess files, if Apache's document root # concurs with nginx's one #       #location ~ /\.ht { #   deny  all; #}
 * 1)    }

# another virtual host using mix of IP-, name-, and port-based configuration #   #server { #   listen       8000; #   listen       somename:8080; #   server_name  somename  alias  another.alias;

#   location / { #       root   html; #       index  index.html index.htm; #   }    #}

# HTTPS server #   #server { #   listen       443; #   server_name  localhost;

#   ssl                  on; #   ssl_certificate      cert.pem; #   ssl_certificate_key  cert.key;

#   ssl_session_timeout  5m;

#   ssl_protocols  SSLv2 SSLv3 TLSv1; #   ssl_ciphers  HIGH:!aNULL:!MD5; #   ssl_prefer_server_ciphers   on;

#   location / { #       root   html; #       index  index.html index.htm; #   }    #}

}