drupal_boost.conf (12595B)
1 # -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- 2 ### Nginx configuration for using Boost with Drupal. This 3 ### configuration makes use of drush (http:///drupal.org/project/drush) 4 ### for site maintenance and like tasks: 5 ### 6 ### 1. Run the cronjobs. 7 ### 2. Run the DB and code updates: drush up or drush upc followed by 8 ### drush updb to run any DB updates required by the code upgrades 9 ### that were performed. 10 ### 3. Disabling of xmlrpc.xml, install.php (needed only for 11 ### installing the site) and update.php: all updates are now 12 ### handled through drush. 13 14 ## The 'default' location. 15 location / { 16 17 ## Drupal 404 from can impact performance. If using a module like 18 ## search404 then 404's *have *to be handled by Drupal. Uncomment to 19 ## relay the handling of 404's to Drupal. 20 ## error_page 404 /index.php; 21 22 ## Using a nested location is the 'correct' way to use regexes. 23 24 ## Regular private file serving (i.e. handled by Drupal). 25 location ^~ /system/files/ { 26 ## Include the specific FastCGI configuration. This is for a 27 ## FCGI backend like php-cgi or php-fpm. 28 include apps/drupal/fastcgi_drupal.conf; 29 fastcgi_pass phpcgi; 30 31 ## If proxying to apache comment the two lines above and 32 ## uncomment the line below. 33 #proxy_pass http://phpapache/index.php?q=$uri; 34 #proxy_set_header Connection ''; 35 36 ## For not signaling a 404 in the error log whenever the 37 ## system/files directory is accessed add the line below. 38 ## Note that the 404 is the intended behavior. 39 log_not_found off; 40 } 41 42 ## Trying to access private files directly returns a 404. 43 location ^~ /sites/default/files/private/ { 44 internal; 45 } 46 47 ## Support for the file_force module 48 ## http://drupal.org/project/file_force. 49 location ^~ /system/files_force/ { 50 ## Include the specific FastCGI configuration. This is for a 51 ## FCGI backend like php-cgi or php-fpm. 52 include apps/drupal/fastcgi_drupal.conf; 53 fastcgi_pass phpcgi; 54 55 ## If proxying to apache comment the two lines above and 56 ## uncomment the line below. 57 #proxy_pass http://phpapache/index.php?q=$no_slash_uri; 58 #proxy_set_header Connection ''; 59 60 ## For not signaling a 404 in the error log whenever the 61 ## system/files directory is accessed add the line below. 62 ## Note that the 404 is the intended behavior. 63 log_not_found off; 64 } 65 66 ## If accessing an image generated by Drupal 6 imagecache, serve it 67 ## directly if available, if not relay the request to Drupal to (re)generate 68 ## the image. 69 location ~* /imagecache/ { 70 ## Image hotlinking protection. If you want hotlinking 71 ## protection for your images uncomment the following line. 72 #include apps/drupal/hotlinking_protection.conf; 73 74 access_log off; 75 expires 30d; 76 try_files $uri @drupal; 77 } 78 79 ## Drupal 7 generated image handling, i.e., imagecache in core. See: 80 ## http://drupal.org/node/371374. 81 location ~* /files/styles/ { 82 ## Image hotlinking protection. If you want hotlinking 83 ## protection for your images uncomment the following line. 84 #include apps/drupal/hotlinking_protection.conf; 85 86 access_log off; 87 expires 30d; 88 try_files $uri @drupal; 89 } 90 91 ## Advanced Aggregation module CSS 92 ## support. http://drupal.org/project/advagg. 93 location ^~ /sites/default/files/advagg_css/ { 94 expires max; 95 add_header ETag ''; 96 add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; 97 add_header Accept-Ranges ''; 98 99 location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { 100 access_log off; 101 try_files $uri @drupal; 102 } 103 } 104 105 ## Advanced Aggregation module JS 106 ## support. http://drupal.org/project/advagg. 107 location ^~ /sites/default/files/advagg_js/ { 108 add_header Pragma ''; 109 add_header Cache-Control 'public, max-age=946080000'; 110 add_header Accept-Ranges ''; 111 112 location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { 113 access_log off; 114 try_files $uri @drupal; 115 } 116 } 117 118 ## All static files will be served directly. 119 location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { 120 access_log off; 121 expires 30d; 122 ## No need to bleed constant updates. Send the all shebang in one 123 ## fell swoop. 124 tcp_nodelay off; 125 } 126 127 ## PDFs and powerpoint files handling. 128 location ~* ^.+\.(?:pdf|pptx?)$ { 129 expires 30d; 130 ## No need to bleed constant updates. Send the all shebang in one 131 ## fell swoop. 132 tcp_nodelay off; 133 } 134 135 ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. 136 location ^~ /sites/default/files/audio/mp3 { 137 location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ { 138 directio 4k; # for XFS 139 ## If you're using ext3 or similar uncomment the line below and comment the above. 140 #directio 512; # for ext3 or similar (block alignments) 141 tcp_nopush off; 142 aio on; 143 output_buffers 1 2M; 144 } 145 } 146 147 location ^~ /sites/default/files/audio/ogg { 148 location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ { 149 directio 4k; # for XFS 150 ## If you're using ext3 or similar uncomment the line below and comment the above. 151 #directio 512; # for ext3 or similar (block alignments) 152 tcp_nopush off; 153 aio on; 154 output_buffers 1 2M; 155 } 156 } 157 158 ## Pseudo streaming of FLV files: 159 ## http://wiki.nginx.org/HttpFlvStreamModule. 160 ## If pseudo streaming isn't working, try to comment 161 ## out in nginx.conf line with: 162 ## add_header X-Frame-Options SAMEORIGIN; 163 location ^~ /sites/default/files/video/flv { 164 location ~* ^/sites/default/files/video/flv/.*\.flv$ { 165 flv; 166 } 167 } 168 169 ## Pseudo streaming of H264/AAC files. This requires an Nginx 170 ## version greater or equal to 1.0.7 for the stable branch and 171 ## greater or equal to 1.1.3 for the development branch. 172 ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. 173 location ^~ /sites/default/files/video/mp4 { # videos 174 location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { 175 mp4; 176 mp4_buffer_size 1M; 177 mp4_max_buffer_size 5M; 178 } 179 } 180 181 location ^~ /sites/default/files/audio/m4a { # audios 182 location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { 183 mp4; 184 mp4_buffer_size 1M; 185 mp4_max_buffer_size 5M; 186 } 187 } 188 189 ## Advanced Help module makes each module provided README available. 190 location ^~ /help/ { 191 location ~* ^/help/[^/]*/README\.txt$ { 192 ## Include the specific FastCGI configuration. This is for a 193 ## FCGI backend like php-cgi or php-fpm. 194 include apps/drupal/fastcgi_drupal.conf; 195 fastcgi_pass phpcgi; 196 197 ## If proxying to apache comment the two lines above and 198 ## uncomment the line below. 199 #proxy_pass http://phpapache/index.php?q=$uri; 200 } 201 } 202 203 ## Replicate the Apache <FilesMatch> directive of Drupal standard 204 ## .htaccess. Disable access to any code files. Return a 404 to curtail 205 ## information disclosure. Hide also the text files. 206 location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { 207 return 404; 208 } 209 210 ## First we try the URI and relay to the @cache if not found. 211 try_files $uri @cache; 212 } 213 214 ## We define a named location for the cache. 215 location @cache { 216 ## Boost compresses can the pages so we check it. Comment it out 217 ## if you don't have it enabled in Boost. 218 gzip_static on; 219 220 ## Error page handler for the case where $no_cache is 1. POST 221 ## request or authenticated. 222 error_page 418 = @drupal; 223 224 ## If $no_cache is 1 then it means that either we have a session 225 ## cookie or that the request method is POST. So serve the dynamic 226 ## page. 227 if ($no_cache) { 228 return 418; # I'm a teapot/I can't get no cachifaction 229 } 230 231 ## No caching for POST requests. 232 if ($request_method = POST) { 233 return 418; 234 } 235 236 # Now for some header tweaking. We use a date that differs 237 # from stock Drupal. Everyone seems to be using their 238 # birthdate. Why go against the grain? 239 add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT"; 240 # We bypass all delays in the post-check and pre-check 241 # parameters of Cache-Control. Both set to 0. 242 add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; 243 # Funny...perhaps. Egocentric? Damn right!; 244 add_header X-Header "Boost Helás Avril 1.0"; 245 ## Boost doesn't set a charset. 246 charset utf-8; 247 248 # We try each boost URI in succession, if every one of them 249 # fails then relay to Drupal. 250 try_files /cache/normal/$host${uri}_${args}.html /cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js /cache/$host/0$uri.html /cache/$host/0${uri}/index.html @drupal; 251 } 252 253 ########### Security measures ########## 254 255 ## Uncomment the line below if you want to enable basic auth for 256 ## access to all /admin URIs. Note that this provides much better 257 ## protection if use HTTPS. Since it can easily be eavesdropped if you 258 ## use HTTP. 259 #include apps/drupal/admin_basic_auth.conf; 260 261 ## Restrict access to the strictly necessary PHP files. Reducing the 262 ## scope for exploits. Handling of PHP code and the Drupal event loop. 263 location @drupal { 264 ## Include the FastCGI config. 265 include apps/drupal/fastcgi_drupal.conf; 266 fastcgi_pass phpcgi; 267 268 ## FCGI microcache for authenticated users also. 269 include apps/drupal/microcache_fcgi_auth.conf; 270 271 ## To use Apache for serving PHP uncomment the line bellow and 272 ## comment out the above. 273 #proxy_pass http://phpapache/index.php?q=$uri&$args; 274 #proxy_set_header Connection ''; 275 ## Proxy microcache for authenticated users also. 276 #include apps/drupal/microcache_proxy_auth.conf; 277 278 ## Filefield Upload progress 279 ## http://drupal.org/project/filefield_nginx_progress support 280 ## through the NginxUploadProgress modules. 281 track_uploads uploads 60s; 282 } 283 284 location @drupal-no-args { 285 ## Include the specific FastCGI configuration. This is for a 286 ## FCGI backend like php-cgi or php-fpm. 287 include apps/drupal/fastcgi_no_args_drupal.conf; 288 fastcgi_pass phpcgi; 289 290 ## FCGI microcache for authenticated users also. 291 include apps/drupal/microcache_fcgi_auth.conf; 292 293 ## If proxying to apache comment the two lines above and 294 ## uncomment the line below. 295 #proxy_pass http://phpapache/index.php?q=$uri; 296 #proxy_set_header Connection ''; 297 298 ## Proxy microcache for authenticated users also. 299 #include apps/drupal/microcache_proxy_auth.conf; 300 } 301 302 ## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return 303 ## 404 as not to disclose information. 304 location ^~ /.bzr { 305 return 404; 306 } 307 308 location ^~ /.git { 309 return 404; 310 } 311 312 location ^~ /.hg { 313 return 404; 314 } 315 316 location ^~ /.svn { 317 return 404; 318 } 319 320 location ^~ /.cvs { 321 return 404; 322 } 323 324 ## Disallow access to patches directory. 325 location ^~ /patches { 326 return 404; 327 } 328 329 ## Disallow access to drush backup directory. 330 location ^~ /backup { 331 return 404; 332 } 333 334 ## Disable access logs for robots.txt. 335 location = /robots.txt { 336 access_log off; 337 ## Add support for the robotstxt module 338 ## http://drupal.org/project/robotstxt. 339 try_files $uri @drupal-no-args; 340 } 341 342 ## RSS feed support. 343 location = /rss.xml { 344 try_files $uri @drupal-no-args; 345 } 346 347 ## XML Sitemap support. 348 location = /sitemap.xml { 349 try_files $uri @drupal-no-args; 350 } 351 352 ## Support for favicon. Return an 1x1 transparent GIF if it doesn't 353 ## exist. 354 location = /favicon.ico { 355 expires 30d; 356 try_files /favicon.ico @empty; 357 } 358 359 ## Return an in memory 1x1 transparent GIF. 360 location @empty { 361 expires 30d; 362 empty_gif; 363 } 364 365 ## Any other attempt to access PHP files returns a 404. 366 location ~* ^.+\.php$ { 367 return 404; 368 } 369 370 ## Boost stats. 371 location = /boost_stats.php { 372 fastcgi_pass phpcgi; 373 ## To use Apache for serving PHP uncomment the line bellow and 374 ## comment out the above. 375 #proxy_pass http://phpapache; 376 } 377