1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
|
# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
### Nginx configuration for using Boost with Drupal. This
### configuration makes use of drush (http:///drupal.org/project/drush)
### for site maintenance and like tasks:
###
### 1. Run the cronjobs.
### 2. Run the DB and code updates: drush up or drush upc followed by
### drush updb to run any DB updates required by the code upgrades
### that were performed.
### 3. Disabling of xmlrpc.xml, install.php (needed only for
### installing the site) and update.php: all updates are now
### handled through drush.
## The 'default' location.
location / {
## Drupal 404 from can impact performance. If using a module like
## search404 then 404's *have *to be handled by Drupal. Uncomment to
## relay the handling of 404's to Drupal.
## error_page 404 /index.php;
## Using a nested location is the 'correct' way to use regexes.
## Regular private file serving (i.e. handled by Drupal).
location ^~ /system/files/ {
## Include the specific FastCGI configuration. This is for a
## FCGI backend like php-cgi or php-fpm.
include apps/drupal/fastcgi_drupal.conf;
fastcgi_pass phpcgi;
## If proxying to apache comment the two lines above and
## uncomment the line below.
#proxy_pass http://phpapache/index.php?q=$uri;
#proxy_set_header Connection '';
## For not signaling a 404 in the error log whenever the
## system/files directory is accessed add the line below.
## Note that the 404 is the intended behavior.
log_not_found off;
}
## Trying to access private files directly returns a 404.
location ^~ /sites/default/files/private/ {
internal;
}
## Support for the file_force module
## http://drupal.org/project/file_force.
location ^~ /system/files_force/ {
## Include the specific FastCGI configuration. This is for a
## FCGI backend like php-cgi or php-fpm.
include apps/drupal/fastcgi_drupal.conf;
fastcgi_pass phpcgi;
## If proxying to apache comment the two lines above and
## uncomment the line below.
#proxy_pass http://phpapache/index.php?q=$no_slash_uri;
#proxy_set_header Connection '';
## For not signaling a 404 in the error log whenever the
## system/files directory is accessed add the line below.
## Note that the 404 is the intended behavior.
log_not_found off;
}
## If accessing an image generated by Drupal 6 imagecache, serve it
## directly if available, if not relay the request to Drupal to (re)generate
## the image.
location ~* /imagecache/ {
## Image hotlinking protection. If you want hotlinking
## protection for your images uncomment the following line.
#include apps/drupal/hotlinking_protection.conf;
access_log off;
expires 30d;
try_files $uri @drupal;
}
## Drupal 7 generated image handling, i.e., imagecache in core. See:
## http://drupal.org/node/371374.
location ~* /files/styles/ {
## Image hotlinking protection. If you want hotlinking
## protection for your images uncomment the following line.
#include apps/drupal/hotlinking_protection.conf;
access_log off;
expires 30d;
try_files $uri @drupal;
}
## Advanced Aggregation module CSS
## support. http://drupal.org/project/advagg.
location ^~ /sites/default/files/advagg_css/ {
expires max;
add_header ETag '';
add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
add_header Accept-Ranges '';
location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ {
access_log off;
try_files $uri @drupal;
}
}
## Advanced Aggregation module JS
## support. http://drupal.org/project/advagg.
location ^~ /sites/default/files/advagg_js/ {
add_header Pragma '';
add_header Cache-Control 'public, max-age=946080000';
add_header Accept-Ranges '';
location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ {
access_log off;
try_files $uri @drupal;
}
}
## All static files will be served directly.
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
access_log off;
expires 30d;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
}
## PDFs and powerpoint files handling.
location ~* ^.+\.(?:pdf|pptx?)$ {
expires 30d;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
}
## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it.
location ^~ /sites/default/files/audio/mp3 {
location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
output_buffers 1 2M;
}
}
location ^~ /sites/default/files/audio/ogg {
location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
output_buffers 1 2M;
}
}
## Pseudo streaming of FLV files:
## http://wiki.nginx.org/HttpFlvStreamModule.
## If pseudo streaming isn't working, try to comment
## out in nginx.conf line with:
## add_header X-Frame-Options SAMEORIGIN;
location ^~ /sites/default/files/video/flv {
location ~* ^/sites/default/files/video/flv/.*\.flv$ {
flv;
}
}
## Pseudo streaming of H264/AAC files. This requires an Nginx
## version greater or equal to 1.0.7 for the stable branch and
## greater or equal to 1.1.3 for the development branch.
## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
location ^~ /sites/default/files/video/mp4 { # videos
location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ {
mp4;
mp4_buffer_size 1M;
mp4_max_buffer_size 5M;
}
}
location ^~ /sites/default/files/audio/m4a { # audios
location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ {
mp4;
mp4_buffer_size 1M;
mp4_max_buffer_size 5M;
}
}
## Advanced Help module makes each module provided README available.
location ^~ /help/ {
location ~* ^/help/[^/]*/README\.txt$ {
## Include the specific FastCGI configuration. This is for a
## FCGI backend like php-cgi or php-fpm.
include apps/drupal/fastcgi_drupal.conf;
fastcgi_pass phpcgi;
## If proxying to apache comment the two lines above and
## uncomment the line below.
#proxy_pass http://phpapache/index.php?q=$uri;
}
}
## Replicate the Apache <FilesMatch> directive of Drupal standard
## .htaccess. Disable access to any code files. Return a 404 to curtail
## information disclosure. Hide also the text files.
location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
return 404;
}
## First we try the URI and relay to the @cache if not found.
try_files $uri @cache;
}
## We define a named location for the cache.
location @cache {
## Boost compresses can the pages so we check it. Comment it out
## if you don't have it enabled in Boost.
gzip_static on;
## Error page handler for the case where $no_cache is 1. POST
## request or authenticated.
error_page 418 = @drupal;
## If $no_cache is 1 then it means that either we have a session
## cookie or that the request method is POST. So serve the dynamic
## page.
if ($no_cache) {
return 418; # I'm a teapot/I can't get no cachifaction
}
## No caching for POST requests.
if ($request_method = POST) {
return 418;
}
# Now for some header tweaking. We use a date that differs
# from stock Drupal. Everyone seems to be using their
# birthdate. Why go against the grain?
add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT";
# We bypass all delays in the post-check and pre-check
# parameters of Cache-Control. Both set to 0.
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
# Funny...perhaps. Egocentric? Damn right!;
add_header X-Header "Boost Helás Avril 1.0";
## Boost doesn't set a charset.
charset utf-8;
# We try each boost URI in succession, if every one of them
# fails then relay to Drupal.
try_files /cache/normal/$host${uri}_${args}.html /cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js /cache/$host/0$uri.html /cache/$host/0${uri}/index.html @drupal;
}
########### Security measures ##########
## Uncomment the line below if you want to enable basic auth for
## access to all /admin URIs. Note that this provides much better
## protection if use HTTPS. Since it can easily be eavesdropped if you
## use HTTP.
#include apps/drupal/admin_basic_auth.conf;
## Restrict access to the strictly necessary PHP files. Reducing the
## scope for exploits. Handling of PHP code and the Drupal event loop.
location @drupal {
## Include the FastCGI config.
include apps/drupal/fastcgi_drupal.conf;
fastcgi_pass phpcgi;
## FCGI microcache for authenticated users also.
include apps/drupal/microcache_fcgi_auth.conf;
## To use Apache for serving PHP uncomment the line bellow and
## comment out the above.
#proxy_pass http://phpapache/index.php?q=$uri&$args;
#proxy_set_header Connection '';
## Proxy microcache for authenticated users also.
#include apps/drupal/microcache_proxy_auth.conf;
## Filefield Upload progress
## http://drupal.org/project/filefield_nginx_progress support
## through the NginxUploadProgress modules.
track_uploads uploads 60s;
}
location @drupal-no-args {
## Include the specific FastCGI configuration. This is for a
## FCGI backend like php-cgi or php-fpm.
include apps/drupal/fastcgi_no_args_drupal.conf;
fastcgi_pass phpcgi;
## FCGI microcache for authenticated users also.
include apps/drupal/microcache_fcgi_auth.conf;
## If proxying to apache comment the two lines above and
## uncomment the line below.
#proxy_pass http://phpapache/index.php?q=$uri;
#proxy_set_header Connection '';
## Proxy microcache for authenticated users also.
#include apps/drupal/microcache_proxy_auth.conf;
}
## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return
## 404 as not to disclose information.
location ^~ /.bzr {
return 404;
}
location ^~ /.git {
return 404;
}
location ^~ /.hg {
return 404;
}
location ^~ /.svn {
return 404;
}
location ^~ /.cvs {
return 404;
}
## Disallow access to patches directory.
location ^~ /patches {
return 404;
}
## Disallow access to drush backup directory.
location ^~ /backup {
return 404;
}
## Disable access logs for robots.txt.
location = /robots.txt {
access_log off;
## Add support for the robotstxt module
## http://drupal.org/project/robotstxt.
try_files $uri @drupal-no-args;
}
## RSS feed support.
location = /rss.xml {
try_files $uri @drupal-no-args;
}
## XML Sitemap support.
location = /sitemap.xml {
try_files $uri @drupal-no-args;
}
## Support for favicon. Return an 1x1 transparent GIF if it doesn't
## exist.
location = /favicon.ico {
expires 30d;
try_files /favicon.ico @empty;
}
## Return an in memory 1x1 transparent GIF.
location @empty {
expires 30d;
empty_gif;
}
## Any other attempt to access PHP files returns a 404.
location ~* ^.+\.php$ {
return 404;
}
## Boost stats.
location = /boost_stats.php {
fastcgi_pass phpcgi;
## To use Apache for serving PHP uncomment the line bellow and
## comment out the above.
#proxy_pass http://phpapache;
}
|
