web - Memory Dump
Ngnix Magento Example Configs
Attention:
- Change the values to match you system and check all settings, as some of them might not be want you want.
- This examples for nginx using php-fpm. You can check the installation tutorial for nginx + php-fpm here. But you don’t want to use php-fpm change the examples accordantly.
Magento Http Example
server {
## Limits remote clients to no more than 10 concurrently "open"
## connections per remote ip address.
limit_conn arbeit 10;
server_name www.domain.com;
root /var/www/domain.com/public_html/;
## Parameterization using hostname of access and log filenames.
access_log /var/www/domain.com/logs/access.log;
error_log /var/www/domain.com/logs/error.log;
## UNCOMMENT TO DISPLAY MAINTENANCE PAGE
## If not ip 111.222.333.444 redirect to error503.html
#if ($remote_addr != "111.222.333.444") { return 503; }
#error_page 503 @maintenance;
#location @maintenance { rewrite ^(.*)$ /error503.html break; }
## Disable all methods besides HEAD, GET and POST.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
## If no favicon exists return a 204 (no content error).
location = /favicon.ico {
try_files $uri =204;
log_not_found off;
access_log off;
}
## Don't log robots.txt requests.
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Magento uses a common front handler
location @handler {
rewrite / /index.php;
}
location / {
index index.php;
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
## Static files are served directly without passing through the handler.
location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
access_log off; ## Do not log access to these files
expires max;
log_not_found off;
}
## Keep a tab on the 'big' static files.
location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
expires 30d;
}
## RECOMMENDED TO UNCOMMENT
## Protect the install.php with password, more info in:
## http://httpd.apache.org/docs/2.0/programs/htpasswd.html
#location = /install.php {
# auth_basic "Restricted Access"; # auth realm
# auth_basic_user_file .htpasswd-users; # htpasswd file
#}
## Enable access to certain folders
location /lib/minify/ {
allow all;
}
## Disable .htaccess and other hidden files
location /. {
return 404;
}
## Disable access to certain folders located at the root of the fodler
location ~ ^/(app|includes|media/downloadable|pkginfo|var)/ {
return 404;
}
## Disable access to specific files
location ~* (/report/config.xml)$ {
return 404;
}
## Disable access to certain files matching specified file types
location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
return 404;
}
# Deny access based on the User-Agent header.
if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
return 444;
}
# Deny access based on the Referer header.
if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo|casino|replica) ) {
return 444;
}
## Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
## Execute PHP scripts
location ~ .php$ { ## Execute PHP scripts
expires off; ## Do not cache dynamic content
include /usr/local/nginx/conf/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
Magento Https Example
server {
## Limits remote clients to no more than 10 concurrently "open"
## connections per remote ip address.
limit_conn arbeit 10;
listen 443 default ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.com.key;
server_name www.domain.com;
root /var/www/domain.com/public_html/;
## Parameterization using hostname of access and log filenames.
access_log /var/www/domain.com/logs/access.log;
error_log /var/www/domain.com/logs/error.log;
## UNCOMMENT TO DISPLAY MAINTENANCE PAGE
## If not ip 111.222.333.444 redirect to error503.html
#if ($remote_addr != "111.222.333.444") { return 503; }
#error_page 503 @maintenance;
#location @maintenance { rewrite ^(.*)$ /error503.html break; }
## Disable all methods besides HEAD, GET and POST.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
## If no favicon exists return a 204 (no content error).
location = /favicon.ico {
try_files $uri =204;
log_not_found off;
access_log off;
}
## Don't log robots.txt requests.
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Magento uses a common front handler
location @handler {
rewrite / /index.php;
}
location / {
index index.php;
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
## Static files are served directly.
location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
access_log off; ## Do not log access to these files
expires max;
log_not_found off;
}
## Keep a tab on the 'big' static files.
location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
expires 30d;
}
## RECOMMENDED TO UNCOMMENT
## Protect the install.php with password, more info in:
## http://httpd.apache.org/docs/2.0/programs/htpasswd.html
#location = /install.php {
# auth_basic "Restricted Access"; # auth realm
# auth_basic_user_file .htpasswd-users; # htpasswd file
#}
## Enable access to certain folders
location /lib/minify/ {
allow all;
}
## Disable .htaccess and other hidden files
location /. {
return 404;
}
## Disable access to certain folders located at the root of the fodler
location ~ ^/(app|includes|media/downloadable|pkginfo|var)/ {
return 404;
}
## Disable access to certain files
location ~* (/report/config.xml)$ {
return 404;
}
## Disable access to certain files
location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
return 404;
}
# Deny access based on the User-Agent header.
if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
return 444;
}
# Deny access based on the Referer header.
if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo|casino|replica) ) {
return 444;
}
## Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ { ## Execute PHP scripts
expires off; ## Do not cache dynamic content
include /usr/local/nginx/conf/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
## limits remote clients to no more than 10 concurrently “open”
## connections per remote ip address being processed by Nginx.
limit_conn arbeit 10;
server_name www.contactlenseseurope.com;
root /var/www/contactlenseseurope.com/public_html/;
## Parameterization using hostname of access and log filenames.
access_log /var/www/contactlenseseurope.com/logs/access.log;
error_log /var/www/contactlenseseurope.com/logs/error.log;
## UNCOMENT TO DISPLAY MAINTENANCE PAGE
## If not ip 111.222.333.444 redirect to error503.html
#if ($remote_addr != “111.222.333.444″) { return 503; }
#error_page 503 @maintenance;
#location @maintenance { rewrite ^(.*)$ /error503.html break; }
## Disable all methods besides HEAD, GET and POST.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
## If no favicon exists return a 204 (no content error).
location = /favicon.ico {
try_files $uri =204;
log_not_found off;
access_log off;
}
## Don’t log robots.txt requests.
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Magento uses a common front handler
location @handler {
rewrite / /index.php;
}
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento’s front handler
expires 30d; ## Assume all files are cachable
}
## Static files are served directly.
location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
access_log off; ## Do not log access to these files
expires max;
log_not_found off;
}
## Keep a tab on the ‘big’ static files.
location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
expires 30d;
}
## UNCOMENT AFTER INSTALL
## Protect the install.php, request password, check
## http://httpd.apache.org/docs/2.0/programs/htpasswd.html
## for more info
#location = /install.php {
# auth_basic “Restricted Access”; # auth realm
# auth_basic_user_file .htpasswd-users; # htpasswd file
#}
## Enable access to certain folders
location /lib/minify/ {
allow all;
}
## Disable .htaccess and other hidden files
location /. {
return 404;
}
## Disable access to certain folders located at the root of the fodler
location ~ ^/(app|includes|media/downloadable|pkginfo|var|custom/dompdf)/ {
return 404;
}
## Disable access to specific files
location ~* (/report/config.xml|/livezilla/api.php|/livezilla/track.php|/livezilla/extern.php|/livezilla/intern.php)$ {
return 404;
}
## Disable access to certain files matching specified file types
location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
return 404;
}
## Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
## Execute PHP scripts
location ~ .php$ { ## Execute PHP scripts
expires off; ## Do not cache dynamic content
include /usr/local/nginx/conf/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_param SCRIPT_FILENAME /var/www/contactlenseseurope.com/public_html/$fastcgi_script_name;
}
}
Sources
htaccess examples
-
Redirect main domain to sub-folder, ignoring sub-domains
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/domain.com/
RewriteRule ^(.*)$ sub-folder/$1 [L]
-
Recommended for WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
#Protect .htaccess
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>
# disable the server signature
ServerSignature Off
# limit file uploads to 10mb
LimitRequestBody 10240000
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
#who has access who doesnt
order allow,deny
#deny from 000.000.000.000
allow from all
#custom error docs
#ErrorDocument 404 /notfound.php
#ErrorDocument 403 /forbidden.php
#ErrorDocument 500 /error.php
# disable directory browsing
Options All -Indexes
#block referring domains
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} digg\.com [NC]
#RewriteRule .* – [F]
#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
RewriteRule \.(jpe?g|gif|bmp|png)$ http://www.domain.com/stealingisbad.gif [R,L]
# set the canonical url
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
# protect from spam comments
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*domain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
# END WordPress
-
Redirect to Maintenance Page
# MAINTENANCE-PAGE REDIRECT
#Replace 123.456.789.000 with your ip adress
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteRule .* /maintenance.html [R=302,L]
Sources