forked from perusio/drupal-with-nginx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
173 lines (139 loc) · 6.29 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
## Accept as many connections as possible.
multi_accept on;
}
http {
## MIME types.
include /etc/nginx/mime.types;
default_type application/octet-stream;
## FastCGI.
include /etc/nginx/fastcgi.conf;
## Default log and error files.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
## Use sendfile() syscall to speed up I/O operations and speed up
## static file serving.
sendfile on;
## Handling of IPs in proxied and load balancing situations.
set_real_ip_from 0.0.0.0/32; # all addresses get a real IP.
real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy
## Define a zone for limiting the number of simultaneous
## connections nginx accepts. 1m means 32000 simultaneous
## sessions. We need to define for each server the limit_conn
## value refering to this or other zones.
## ** This syntax requires nginx version >=
## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older
## ** version then use the limit_zone directive below
## ** instead. Comment out this
## ** one if not using nginx version >= 1.1.8.
limit_conn_zone $binary_remote_addr zone=arbeit:10m;
## Define a zone for limiting the number of simultaneous
## connections nginx accepts. 1m means 32000 simultaneous
## sessions. We need to define for each server the limit_conn
## value refering to this or other zones.
## ** Use this directive for nginx versions below 1.1.8. Uncomment the line below.
#limit_zone arbeit $binary_remote_addr 10m;
## Timeouts.
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 10 10;
send_timeout 60;
## Reset lingering timed out connections. Deflect DDoS.
reset_timedout_connection on;
## Body size.
client_max_body_size 10m;
## TCP options.
tcp_nodelay on;
## Optimization of socket handling when using sendfile.
tcp_nopush on;
## Compression.
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 1;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
gzip_vary on;
gzip_proxied any; # Compression for all requests.
## No need for regexps. See
## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
gzip_disable "msie6";
## Serve already compressed files directly, bypassing on-the-fly
## compression.
##
# Usually you don't make much use of this. It's better to just
# enable gzip_static on the locations you need it.
# gzip_static on;
## Hide the Nginx version number.
server_tokens off;
## Use a SSL/TLS cache for SSL session resume. This needs to be
## here (in this context, for session resumption to work. See this
## thread on the Nginx mailing list:
## http://nginx.org/pipermail/nginx/2010-November/023736.html.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## Uncomment to increase map_hash_bucket_size. If start getting
## [emerg]: could not build the map_hash, you should increase
## map_hash_bucket_size: 64 in your
## logs. Cf. http://wiki.nginx.org/NginxOptimizations.
#map_hash_bucket_size 192;
## For the filefield_nginx_progress module to work. From the
## README. Reserve 1MB under the name 'uploads' to track uploads.
upload_progress uploads 1m;
## Enable clickjacking protection in modern browsers. Available in
## IE8 also. See
## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12).
## Uncomment the line below if you're not using media streaming.
#add_header X-Frame-Options SAMEORIGIN;
## Include the upstream servers for PHP FastCGI handling config.
## This one uses the FCGI process listening on TCP sockets.
include upstream_phpcgi_tcp.conf;
## Include the map to block HTTP methods.
include map_block_http_methods.conf;
## Include the upstream servers for PHP FastCGI handling
## configuration. This setup uses UNIX sockets for talking with the
## upstream.
#include upstream_phpcgi_unix.conf;
## If using Nginx version >= 1.1.11 then there's a $https variable
## that has the value 'on' if the used scheme is https and '' if not.
## See: http://trac.nginx.org/nginx/changeset/4380/nginx
## http://trac.nginx.org/nginx/changeset/4333/nginx and
## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a
## previous version then uncomment out the line below.
#include map_https_fcgi.conf;
## Include the upstream servers for Apache handling the PHP
## processes. In this case Nginx functions as a reverse proxy.
#include reverse_proxy.conf;
#include upstream_phpapache.conf;
## Include the php-fpm status allowed hosts configuration block.
## Uncomment to enable if you're running php-fpm.
#include php_fpm_status_allowed_hosts.conf;
## Include the Nginx stub status allowed hosts configuration block.
include nginx_status_allowed_hosts.conf;
## If you want to run cron using Drupal cron.php. i.e., you're not
## using drush then uncomment the line below. Specify in
## cron_allowed_hosts.conf which hosts can invole cron.
# include cron_allowed_hosts.conf;
## Include blacklist for bad bot and referer blocking.
include blacklist.conf;
## For drupal 7 with unsafe URIs uncomment the line below and
## comment out the ones above.
#include drupal7_escaped_uri.conf;
## Include the caching setup. Needed for using Drupal with an external cache.
include map_cache.conf;
## Microcache zone definition for FastCGI.
include fastcgi_microcache_zone.conf;
## If you're using Apache for handling PHP then comment the line
## above and uncomment the line below.
#include proxy_microcache_zone.conf
## Include all vhosts.
include /etc/nginx/sites-enabled/*;
}