User:Woozle/nginx/opt/nginx/conf/nginx.conf

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to: navigation, search
#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {

    passenger_root /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.12;
    passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p194/ruby;
    
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

# the wiki server does not have SSL. this will generate a domain mismatch error, but it'll redirect to non-https wiki.
server {
        listen 443;
	ssl on;
        ssl_certificate /etc/ssl/localcerts/makeyourlaws.org.combined.crt;
        ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key;
        keepalive_timeout 70;
	proxy_set_header X-Forwarded-Proto $scheme;
       server_name    wiki.makeyourlaws.org;
        return 301  http://wiki.makeyourlaws.org$request_uri;
}

server {
  listen 80;
  server_name wiki.makeyourlaws.org;
#  root /home/mylwiki/wiki.makeyourlaws.org;
  root /home/mylwiki/mylwiki-1.19.1;
  index index.php;
 
        client_max_body_size 5m;
        client_body_timeout 60;
 
        location / {
                try_files $uri $uri/ @rewrite;
        }
 
        location @rewrite {
                rewrite ^/(.*)$ /index.php?title=$1&$args;
        }
 
        location ^~ /maintenance/ {
                return 403;
        }
 
        location ~ \.php$ {
                include fastcgi_params;
# this is a kluge
		fastcgi_param  SCRIPT_FILENAME    /home/mylwiki/mylwiki-1.19.1/$fastcgi_script_name;
		try_files $uri =404;
		fastcgi_pass 127.0.0.1:9000;
#		fastcgi_pass unix:/tmp/php-fpm.sock;
        }
 
        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                try_files $uri /index.php;
                expires max;
                log_not_found off;
        }
 
        location = /_.gif {
                expires max;
                empty_gif;
        }
 
        location ^~ /cache/ {
                deny all;
        }
 
}


server {
        listen 80 default_server;
	proxy_set_header X-Forwarded-Proto $scheme;
#        server_name   ~^(www\.)?(?<domain>.+)$; # captures it to set $server_name
       server_name    makeyourlaws.org www.makeyourlaws.org makeyourlaws.com www.makeyourlaws.com makeyourlaws.net www.makeyourlaws.net;
#       server_name    www.makeyourlaws.org;
        return 301  https://makeyourlaws.org$request_uri;
}

    server {
	listen 443;
	ssl on;
	ssl_certificate /etc/ssl/localcerts/makeyourlaws.org.combined.crt;
	ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key;
	keepalive_timeout 70;
	
	proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-Proto $scheme;
#	proxy_set_header  X_FORWARDED_PROTO https;
	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header  Host $http_host;
	proxy_set_header  X-Url-Scheme $scheme;
	proxy_redirect    off;
	proxy_max_temp_file_size 0;

	server_name makeyourlaws.org www.makeyourlaws.org makeyourlaws.com www.makeyourlaws.com makeyourlaws.net www.makeyourlaws.net;
        root /home/makeyourlaws/makeyourlaws.org/current/public;
        server_name_in_redirect off;
        passenger_enabled on;

        if ($host != 'makeyourlaws.org' ) {
          rewrite  ^/(.*)$  https://makeyourlaws.org/$1  permanent;
        }

	location ~* ^/assets/ {
	    # Per RFC2616 - 1 year maximum expiry
	    # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
	    expires 1y;
	    add_header Cache-Control public;

	    # Some browsers still send conditional-GET requests if there's a
	    # Last-Modified header or an ETag header even if they haven't
	    # reached the expiry date sent in the Expires header.
	#    add_header Last-Modified "";
	#    add_header ETag "";
	    break;
	}
	
	gzip on;
	gzip_static on;
	gzip_http_version   1.1;
	gzip_comp_level 2;
	gzip_min_length  1000;
	gzip_proxied     any; #expired no-cache no-store private auth;
	gzip_types       text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;  # already includes text/html, don't include or you get a warning
	gzip_disable        "MSIE [1-6]\.";
	gzip_vary           on;
    }

  #  server {
 #       listen       80;
#        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
#
#	root /home/makeyourlaws/makeyourlaws.org/current/public;
#        passenger_enabled on;
#        location / {
#            root   html;
#            index  index.html index.htm;
#        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
#        error_page   500 502 503 504  /50x.html;
#        location = /50x.html {
#            root   html;
#        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
#    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}