diff options
Diffstat (limited to 'etc/nginx/apps/drupal/drupal.conf')
-rw-r--r-- | etc/nginx/apps/drupal/drupal.conf | 347 |
1 files changed, 0 insertions, 347 deletions
diff --git a/etc/nginx/apps/drupal/drupal.conf b/etc/nginx/apps/drupal/drupal.conf deleted file mode 100644 index e65024f..0000000 --- a/etc/nginx/apps/drupal/drupal.conf +++ /dev/null @@ -1,347 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Nginx configuration for Drupal. This configuration makes use of -### drush (http:///drupal.org/project/drush) for site maintenance -### and like tasks: -### -### 1. Run the cronjobs. -### 2. Run the DB and code updates: drush up or drush upc followed by -### drush updb to run any DB updates required by the code upgrades -### that were performed. -### 3. Disabling of xmlrpc.xml, install.php (needed only for -### installing the site) and update.php: all updates are now -### handled through drush. - -## The 'default' location. -location / { - - ## Drupal 404 from can impact performance. If using a module like - ## search404 then 404's *have *to be handled by Drupal. Uncomment to - ## relay the handling of 404's to Drupal. - ## error_page 404 /index.php; - - ## Using a nested location is the 'correct' way to use regexes. - - ## Regular private file serving (i.e. handled by Drupal). - location ^~ /system/files/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## Trying to access private files directly returns a 404. - location ^~ /sites/default/files/private/ { - internal; - } - - ## Support for the file_force module - ## http://drupal.org/project/file_force. - location ^~ /system/files_force/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## If accessing an image generated by Drupal 6 imagecache, serve it - ## directly if available, if not relay the request to Drupal to (re)generate - ## the image. - location ~* /imagecache/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $uri @drupal; - } - - ## Drupal 7 generated image handling, i.e., imagecache in core. See: - ## http://drupal.org/node/371374. - location ~* /files/styles/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $uri @drupal; - } - - ## Advanced Aggregation module CSS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_css/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { - access_log off; - try_files $uri @drupal; - } - } - - ## Advanced Aggregation module JS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_js/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { - access_log off; - try_files $uri @drupal; - } - } - - ## All static files will be served directly. - location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { - - access_log off; - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - ## Set the OS file cache. - open_file_cache max=3000 inactive=120s; - open_file_cache_valid 45s; - open_file_cache_min_uses 2; - open_file_cache_errors off; - } - - ## PDFs and powerpoint files handling. - location ~* ^.+\.(?:pdf|pptx?)$ { - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. - location ^~ /sites/default/files/audio/mp3 { - location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; -# aio on; - output_buffers 1 2M; - } - } - - location ^~ /sites/default/files/audio/ogg { - location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; -# aio on; - output_buffers 1 2M; - } - } - - ## Pseudo streaming of FLV files: - ## http://wiki.nginx.org/HttpFlvStreamModule. - ## If pseudo streaming isn't working, try to comment - ## out in nginx.conf line with: - ## add_header X-Frame-Options SAMEORIGIN; - location ^~ /sites/default/files/video/flv { - location ~* ^/sites/default/files/video/flv/.*\.flv$ { -# flv; - } - } - - ## Pseudo streaming of H264/AAC files. This requires an Nginx - ## version greater or equal to 1.0.7 for the stable branch and - ## greater or equal to 1.1.3 for the development branch. - ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. - location ^~ /sites/default/files/video/mp4 { # videos - location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { -# mp4; -# mp4_buffer_size 1M; -# mp4_max_buffer_size 5M; - } - } - - location ^~ /sites/default/files/audio/m4a { # audios - location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { -# mp4; -# mp4_buffer_size 1M; -# mp4_max_buffer_size 5M; - } - } - - ## Advanced Help module makes each module provided README available. - location ^~ /help/ { - location ~* ^/help/[^/]*/README\.txt$ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - } - } - - ## Replicate the Apache <FilesMatch> directive of Drupal standard - ## .htaccess. Disable access to any code files. Return a 404 to curtail - ## information disclosure. Hide also the text files. - location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { - return 404; - } - - ## First we try the URI and relay to the /index.php?q=$uri&$args if not found. - try_files $uri @drupal; -} - -########### Security measures ########## - -## Uncomment the line below if you want to enable basic auth for -## access to all /admin URIs. Note that this provides much better -## protection if use HTTPS. Since it can easily be eavesdropped if you -## use HTTP. -#include apps/drupal/admin_basic_auth.conf; - -## Restrict access to the strictly necessary PHP files. Reducing the -## scope for exploits. Handling of PHP code and the Drupal event loop. -location @drupal { - ## Include the FastCGI config. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## FastCGI microcache. -# include apps/drupal/microcache_fcgi.conf; - ## FCGI microcache for authenticated users also. - #include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## Proxy microcache. - #include apps/drupal/microcache_proxy.conf; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; - - ## Filefield Upload progress - ## http://drupal.org/project/filefield_nginx_progress support - ## through the NginxUploadProgress modules. -# track_uploads uploads 60s; -} - -location @drupal-no-args { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_no_args_drupal.conf; - fastcgi_pass phpcgi; - - ## FastCGI microcache. -# include apps/drupal/microcache_fcgi.conf; - ## FCGI microcache for authenticated users also. - #include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## Proxy microcache. - #include apps/drupal/microcache_proxy.conf; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; -} - -## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return -## 404 as not to disclose information. -location ^~ /.bzr { - return 404; -} - -location ^~ /.git { - return 404; -} - -location ^~ /.hg { - return 404; -} - -location ^~ /.svn { - return 404; -} - -location ^~ /.cvs { - return 404; -} - -## Disallow access to patches directory. -location ^~ /patches { - return 404; -} - -## Disallow access to drush backup directory. -location ^~ /backup { - return 404; -} - -## Disable access logs for robots.txt. -location = /robots.txt { - access_log off; - ## Add support for the robotstxt module - ## http://drupal.org/project/robotstxt. - try_files $uri @drupal-no-args; -} - -## RSS feed support. -location = /rss.xml { - try_files $uri @drupal-no-args; -} - -## XML Sitemap support. -location = /sitemap.xml { - try_files $uri @drupal-no-args; -} - -## Support for favicon. Return an 1x1 transparent GIF if it doesn't -## exist. -location = /favicon.ico { - expires 30d; - try_files /favicon.ico @empty; -} - -## Return an in memory 1x1 transparent GIF. -location @empty { - expires 30d; - empty_gif; -} - -## Any other attempt to access PHP files returns a 404. -location ~* ^.+\.php$ { - return 404; -} - |