Difference between revisions of "User:Woozle/nginx/opt/nginx/conf/nginx.conf"
< User:Woozle | nginx
Jump to navigation
Jump to search
(current contents) |
(current version -- kluged but working) |
||
Line 1: | Line 1: | ||
<pre> | <pre> | ||
− | |||
#user nobody; | #user nobody; | ||
worker_processes 4; | worker_processes 4; | ||
Line 56: | Line 55: | ||
listen 80; | listen 80; | ||
server_name wiki.makeyourlaws.org; | server_name wiki.makeyourlaws.org; | ||
− | + | # root /home/mylwiki/wiki.makeyourlaws.org; | |
− | + | root /home/mylwiki/mylwiki-1.19.1; | |
+ | index index.php; | ||
client_max_body_size 5m; | client_max_body_size 5m; | ||
Line 76: | Line 76: | ||
location ~ \.php$ { | location ~ \.php$ { | ||
include fastcgi_params; | include fastcgi_params; | ||
+ | # this is a kluge | ||
+ | fastcgi_param SCRIPT_FILENAME /home/mylwiki/mylwiki-1.19.1/$fastcgi_script_name; | ||
try_files $uri =404; | try_files $uri =404; | ||
fastcgi_pass 127.0.0.1:9000; | fastcgi_pass 127.0.0.1:9000; | ||
− | # | + | # fastcgi_pass unix:/tmp/php-fpm.sock; |
} | } | ||
Line 114: | Line 116: | ||
ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key; | ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key; | ||
keepalive_timeout 70; | keepalive_timeout 70; | ||
− | + | ||
proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-Proto $scheme; | proxy_set_header X-Forwarded-Proto $scheme; | ||
Line 243: | Line 245: | ||
#} | #} | ||
− | } | + | }</pre> |
− | </pre> |
Latest revision as of 19:57, 24 June 2012
#user nobody; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 1024; } http { passenger_root /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.12; passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p194/ruby; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; # the wiki server does not have SSL. this will generate a domain mismatch error, but it'll redirect to non-https wiki. server { listen 443; ssl on; ssl_certificate /etc/ssl/localcerts/makeyourlaws.org.combined.crt; ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key; keepalive_timeout 70; proxy_set_header X-Forwarded-Proto $scheme; server_name wiki.makeyourlaws.org; return 301 http://wiki.makeyourlaws.org$request_uri; } server { listen 80; server_name wiki.makeyourlaws.org; # root /home/mylwiki/wiki.makeyourlaws.org; root /home/mylwiki/mylwiki-1.19.1; index index.php; client_max_body_size 5m; client_body_timeout 60; location / { try_files $uri $uri/ @rewrite; } location @rewrite { rewrite ^/(.*)$ /index.php?title=$1&$args; } location ^~ /maintenance/ { return 403; } location ~ \.php$ { include fastcgi_params; # this is a kluge fastcgi_param SCRIPT_FILENAME /home/mylwiki/mylwiki-1.19.1/$fastcgi_script_name; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; # fastcgi_pass unix:/tmp/php-fpm.sock; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { try_files $uri /index.php; expires max; log_not_found off; } location = /_.gif { expires max; empty_gif; } location ^~ /cache/ { deny all; } } server { listen 80 default_server; proxy_set_header X-Forwarded-Proto $scheme; # server_name ~^(www\.)?(?<domain>.+)$; # captures it to set $server_name server_name makeyourlaws.org www.makeyourlaws.org makeyourlaws.com www.makeyourlaws.com makeyourlaws.net www.makeyourlaws.net; # server_name www.makeyourlaws.org; return 301 https://makeyourlaws.org$request_uri; } server { listen 443; ssl on; ssl_certificate /etc/ssl/localcerts/makeyourlaws.org.combined.crt; ssl_certificate_key /etc/ssl/localcerts/makeyourlaws.org.key; keepalive_timeout 70; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Url-Scheme $scheme; proxy_redirect off; proxy_max_temp_file_size 0; server_name makeyourlaws.org www.makeyourlaws.org makeyourlaws.com www.makeyourlaws.com makeyourlaws.net www.makeyourlaws.net; root /home/makeyourlaws/makeyourlaws.org/current/public; server_name_in_redirect off; passenger_enabled on; if ($host != 'makeyourlaws.org' ) { rewrite ^/(.*)$ https://makeyourlaws.org/$1 permanent; } location ~* ^/assets/ { # Per RFC2616 - 1 year maximum expiry # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html expires 1y; add_header Cache-Control public; # Some browsers still send conditional-GET requests if there's a # Last-Modified header or an ETag header even if they haven't # reached the expiry date sent in the Expires header. # add_header Last-Modified ""; # add_header ETag ""; break; } gzip on; gzip_static on; gzip_http_version 1.1; gzip_comp_level 2; gzip_min_length 1000; gzip_proxied any; #expired no-cache no-store private auth; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; # already includes text/html, don't include or you get a warning gzip_disable "MSIE [1-6]\."; gzip_vary on; } # server { # listen 80; # server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; # # root /home/makeyourlaws/makeyourlaws.org/current/public; # passenger_enabled on; # location / { # root html; # index index.html index.htm; # } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # root html; # } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} # } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }