taler-deployment

drupal_boost_escaped.conf (12895B)

---

 # -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
 ### Nginx configuration for using Boost with Drupal. This
 ### configuration makes use of drush (http:///drupal.org/project/drush)
 ### for site maintenance and like tasks:
 ###
 ### 1. Run the cronjobs.
 ### 2. Run the DB and code updates: drush up or drush upc followed by
 ###    drush updb to run any DB updates required by the code upgrades
 ###    that were performed.
 ### 3. Disabling of xmlrpc.xml, install.php (needed only for
 ###    installing the site) and update.php: all updates are now
 ###    handled through drush.
 
 ## To avoid the ugly rewrite we use Lua to escape the URI.
 set_by_lua $escaped_uri 'return ngx.escape_uri(ngx.var.uri)';
 
 ## The 'default' location.
 location / {
 
     ## Drupal 404 from can impact performance. If using a module like
     ## search404 then 404's *have *to be handled by Drupal. Uncomment to
     ## relay the handling of 404's to Drupal.
     ## error_page 404 /index.php;
 
     ## Using a nested location is the 'correct' way to use regexes.
 
     ## Regular private file serving (i.e. handled by Drupal).
     location ^~ /system/files/ {
         ## Include the specific FastCGI configuration. This is for a
         ## FCGI backend like php-cgi or php-fpm.
         include apps/drupal/fastcgi_drupal.conf;
         fastcgi_pass phpcgi;
 
         ## If proxying to apache comment the two lines above and
         ## uncomment the line below.
         #proxy_pass http://phpapache/index.php?q=$escaped_uri;
         #proxy_set_header Connection '';
 
         ## For not signaling a 404 in the error log whenever the
         ## system/files directory is accessed add the line below.
         ## Note that the 404 is the intended behavior.
         log_not_found off;
     }
 
     ## Trying to access private files directly returns a 404.
     location ^~ /sites/default/files/private/ {
         internal;
     }
 
     ## Support for the file_force module
     ## http://drupal.org/project/file_force.
     location ^~ /system/files_force/ {
         ## Include the specific FastCGI configuration. This is for a
         ## FCGI backend like php-cgi or php-fpm.
         include apps/drupal/fastcgi_drupal.conf;
         fastcgi_pass phpcgi;
 
         ## If proxying to apache comment the two lines above and
         ## uncomment the line below.
         #proxy_pass http://phpapache/index.php?q=$no_slash_uri;
         #proxy_set_header Connection '';
 
         ## For not signaling a 404 in the error log whenever the
         ## system/files directory is accessed add the line below.
         ## Note that the 404 is the intended behavior.
         log_not_found off;
     }
 
     ## If accessing an image generated by Drupal 6 imagecache, serve it
     ## directly if available, if not relay the request to Drupal to (re)generate
     ## the image.
     location ~* /imagecache/ {
         ## Image hotlinking protection. If you want hotlinking
         ## protection for your images uncomment the following line.
         #include apps/drupal/hotlinking_protection.conf;
 
         access_log off;
         expires 30d;
         try_files $escaped_uri @drupal;
     }
 
     ## Drupal 7 generated image handling, i.e., imagecache in core. See:
     ## http://drupal.org/node/371374.
     location ~* /files/styles/ {
         ## Image hotlinking protection. If you want hotlinking
         ## protection for your images uncomment the following line.
         #include apps/drupal/hotlinking_protection.conf;
 
         access_log off;
         expires 30d;
         try_files $escaped_uri @drupal;
     }
 
     ## Advanced Aggregation module CSS
     ## support. http://drupal.org/project/advagg.
     location ^~ /sites/default/files/advagg_css/ {
         expires max;
         add_header ETag '';
         add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
         add_header Accept-Ranges '';
 
         location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ {
             access_log off;
             try_files $escaped_uri @drupal;
         }
     }
 
     ## Advanced Aggregation module JS
     ## support. http://drupal.org/project/advagg.
     location ^~ /sites/default/files/advagg_js/ {
         add_header Pragma '';
         add_header Cache-Control 'public, max-age=946080000';
         add_header Accept-Ranges '';
 
         location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ {
             access_log off;
             try_files $escaped_uri @drupal;
         }
     }
 
     ## All static files will be served directly.
     location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
         access_log off;
         expires 30d;
         ## No need to bleed constant updates. Send the all shebang in one
         ## fell swoop.
         tcp_nodelay off;
     }
 
     ## PDFs and powerpoint files handling.
     location ~* ^.+\.(?:pdf|pptx?)$ {
         expires 30d;
         ## No need to bleed constant updates. Send the all shebang in one
         ## fell swoop.
         tcp_nodelay off;
     }
 
     ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it.
     location ^~ /sites/default/files/audio/mp3 {
         location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
             directio 4k; # for XFS
             ## If you're using ext3 or similar uncomment the line below and comment the above.
             #directio 512; # for ext3 or similar (block alignments)
             tcp_nopush off;
             aio on;
             output_buffers 1 2M;
         }
     }
 
     location ^~ /sites/default/files/audio/ogg {
         location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
             directio 4k; # for XFS
             ## If you're using ext3 or similar uncomment the line below and comment the above.
             #directio 512; # for ext3 or similar (block alignments)
             tcp_nopush off;
             aio on;
             output_buffers 1 2M;
         }
     }
 
     ## Pseudo streaming of FLV files:
     ## http://wiki.nginx.org/HttpFlvStreamModule.
     ## If pseudo streaming isn't working, try to comment
     ## out in nginx.conf line with:
     ## add_header X-Frame-Options SAMEORIGIN;
     location ^~ /sites/default/files/video/flv {
         location ~* ^/sites/default/files/video/flv/.*\.flv$ {
             flv;
         }
     }
 
     ## Pseudo streaming of H264/AAC files. This requires an Nginx
     ## version greater or equal to 1.0.7 for the stable branch and
     ## greater or equal to 1.1.3 for the development branch.
     ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
     location ^~ /sites/default/files/video/mp4 { # videos
         location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ {
             mp4;
             mp4_buffer_size 1M;
             mp4_max_buffer_size 5M;
         }
     }
 
     location ^~ /sites/default/files/audio/m4a { # audios
         location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ {
             mp4;
             mp4_buffer_size 1M;
             mp4_max_buffer_size 5M;
         }
     }
 
     ## Advanced Help module makes each module provided README available.
     location ^~ /help/ {
         location ~* ^/help/[^/]*/README\.txt$ {
             ## Include the specific FastCGI configuration. This is for a
             ## FCGI backend like php-cgi or php-fpm.
             include apps/drupal/fastcgi_drupal.conf;
             fastcgi_pass phpcgi;
 
             ## If proxying to apache comment the two lines above and
             ## uncomment the line below.
             #proxy_pass http://phpapache/index.php?q=$escaped_uri;
             #proxy_set_header Connection '';
         }
     }
 
     ## Replicate the Apache <FilesMatch> directive of Drupal standard
     ## .htaccess. Disable access to any code files. Return a 404 to curtail
     ## information disclosure. Hide also the text files.
     location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
         return 404;
     }
 
     ## First we try the URI and relay to the @cache if not found.
     try_files $escaped_uri @cache;
 }
 
 ## We define a named location for the cache.
 location @cache {
     ## Boost compresses can the pages so we check it. Comment it out
     ## if you don't have it enabled in Boost.
     gzip_static on;
 
     ## Error page handler for the case where $no_cache is 1. POST
     ## request or authenticated.
     error_page 418 = @drupal;
 
     ## If $no_cache is 1 then it means that either we have a session
     ## cookie or that the request method is POST. So serve the dynamic
     ## page.
     if ($no_cache) {
         return 418; # I'm a teapot/I can't get no cachifaction
     }
 
     ## No caching for POST requests.
     if ($request_method = POST) {
         return 418;
     }
 
     # Now for some header tweaking. We use a date that differs
     # from stock Drupal. Everyone seems to be using their
     # birthdate. Why go against the grain?
     add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT";
     # We bypass all delays in the post-check and pre-check
     # parameters of Cache-Control. Both set to 0.
     add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
     # Funny...perhaps. Egocentric? Damn right!;
     add_header X-Header "Boost Helás Avril 1.0";
     ## Boost doesn't set a charset.
     charset utf-8;
 
     # We try each boost URI in succession, if every one of them
     # fails then relay to Drupal.
     try_files /cache/normal/$host${uri}_${args}.html /cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js /cache/$host/0$escaped_uri.html /cache/$host/0${uri}/index.html @drupal;
 }
 
 ########### Security measures ##########
 
 ## Uncomment the line below if you want to enable basic auth for
 ## access to all /admin URIs. Note that this provides much better
 ## protection if use HTTPS. Since it can easily be eavesdropped if you
 ## use HTTP.
 #include apps/drupal/admin_basic_auth.conf;
 
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location @drupal {
     ## Include the FastCGI config.
     include apps/drupal/fastcgi_drupal.conf;
     fastcgi_pass phpcgi;
 
     ## FCGI microcache for authenticated users also.
     include apps/drupal/microcache_fcgi_auth.conf;
 
     ## To use Apache for serving PHP uncomment the line bellow and
     ## comment out the above.
     #proxy_pass http://phpapache/index.php?q=$escaped_uri&$args;
     #proxy_set_header Connection '';
     ## Proxy microcache for authenticated users also.
     #include apps/drupal/microcache_proxy_auth.conf;
 
     ## Filefield Upload progress
     ## http://drupal.org/project/filefield_nginx_progress support
     ## through the NginxUploadProgress modules.
     track_uploads uploads 60s;
 }
 
 location @drupal-no-args {
     ## Include the specific FastCGI configuration. This is for a
     ## FCGI backend like php-cgi or php-fpm.
     include apps/drupal/fastcgi_no_args_drupal.conf;
     fastcgi_pass phpcgi;
 
     ## FCGI microcache for authenticated users also.
     include apps/drupal/microcache_fcgi_auth.conf;
 
     ## If proxying to apache comment the two lines above and
     ## uncomment the line below.
     #proxy_pass http://phpapache/index.php?q=$escaped_uri;
     #proxy_set_header Connection '';
 
     ## Proxy microcache for authenticated users also.
     #include apps/drupal/microcache_proxy_auth.conf;
 }
 
 ## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return
 ## 404 as not to disclose information.
 location ^~ /.bzr {
     return 404;
 }
 
 location ^~ /.git {
     return 404;
 }
 
 location ^~ /.hg {
     return 404;
 }
 
 location ^~ /.svn {
     return 404;
 }
 
 location ^~ /.cvs {
     return 404;
 }
 
 ## Disallow access to patches directory.
 location ^~ /patches {
     return 404;
 }
 
 ## Disallow access to drush backup directory.
 location ^~ /backup {
     return 404;
 }
 
 ## Disable access logs for robots.txt.
 location = /robots.txt {
     access_log off;
     ## Add support for the robotstxt module
     ## http://drupal.org/project/robotstxt.
     try_files $uri @drupal-no-args;
 }
 
 ## RSS feed support.
 location = /rss.xml {
     try_files $escaped_uri @drupal-no-args;
 }
 
 ## XML Sitemap support.
 location = /sitemap.xml {
     try_files $escaped_uri @drupal-no-args;
 }
 
 ## Support for favicon. Return an 1x1 transparent GIF if it doesn't
 ## exist.
 location = /favicon.ico {
     expires 30d;
     try_files /favicon.ico @empty;
 }
 
 ## Return an in memory 1x1 transparent GIF.
 location @empty {
     expires 30d;
     empty_gif;
 }
 
 ## Any other attempt to access PHP files returns a 404.
 location ~* ^.+\.php$ {
     return 404;
 }
 
 ## Boost stats.
 location = /boost_stats.php {
     fastcgi_pass phpcgi;
     ## To use Apache for serving PHP uncomment the line bellow and
     ## comment out the above.
     #proxy_pass http://phpapache;
     #proxy_set_header Connection '';
 }