web Archives - Memory Dump

Ngnix Magento Example Configs

Attention:

  • Change the values to match you system and check all settings, as some of them might not be want you want.
  • This examples for nginx using php-fpm. You can check the installation tutorial for nginx + php-fpm here. But you don’t want to use php-fpm change the examples accordantly.

Magento Http Example

server {
    ## Limits remote clients to no more than 10 concurrently "open"
    ## connections per remote ip address.
    limit_conn arbeit 10;
    server_name www.domain.com;
    root /var/www/domain.com/public_html/;

    ## Parameterization using hostname of access and log filenames.
    access_log /var/www/domain.com/logs/access.log;
    error_log /var/www/domain.com/logs/error.log;

    ## UNCOMMENT TO DISPLAY MAINTENANCE PAGE
    ## If not ip 111.222.333.444 redirect to error503.html
    #if ($remote_addr != "111.222.333.444") { return 503; }
    #error_page 503 @maintenance;
    #location @maintenance { rewrite ^(.*)$ /error503.html break; }    

    ## Disable all methods besides HEAD, GET and POST.
    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
        return 444;
    }

    ## If no favicon exists return a 204 (no content error).
    location = /favicon.ico {
        try_files $uri =204;
        log_not_found off;
        access_log off;
    }    

    ## Don't log robots.txt requests.
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    ## Magento uses a common front handler
    location @handler {
        rewrite / /index.php;
    }  

    location / {
        index index.php;
        try_files $uri $uri/ @handler;  ## If missing pass the URI to Magento's front handler
        expires 30d; ## Assume all files are cachable
    }

    ## Static files are served directly without passing through the handler.
    location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
        access_log off; ## Do not log access to these files
        expires max;
        log_not_found off;
    }

    ## Keep a tab on the 'big' static files.
    location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
        expires 30d;
    }

    ## RECOMMENDED TO UNCOMMENT
    ## Protect the install.php with password, more info in:
    ## http://httpd.apache.org/docs/2.0/programs/htpasswd.html
    #location = /install.php {
    #    auth_basic "Restricted Access"; # auth realm
    #    auth_basic_user_file .htpasswd-users; # htpasswd file
    #}     

    ## Enable access to certain folders
    location /lib/minify/ {
        allow all;
    }    

    ## Disable .htaccess and other hidden files
    location /. {
        return 404;
    }

    ## Disable access to certain folders located at the root of the fodler
    location ~ ^/(app|includes|media/downloadable|pkginfo|var)/ {
        return 404;
    }

    ## Disable access to specific files
       location ~* (/report/config.xml)$ {
        return 404;
    }

    ## Disable access to certain files matching specified file types
    location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
        return 404;
    }    

    # Deny access based on the User-Agent header.
    if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
	return 444;
    }

    # Deny access based on the Referer header.
    if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo|casino|replica) ) {
	return 444;
    }

    ## Forward paths like /js/index.php/x.js to relevant handler
    location ~ .php/ {
        rewrite ^(.*.php)/ $1 last;
    }    

    ## Execute PHP scripts
    location ~ .php$ { ## Execute PHP scripts
        expires off; ## Do not cache dynamic content
        include /usr/local/nginx/conf/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

Magento Https Example

server {
    ## Limits remote clients to no more than 10 concurrently "open"
    ## connections per remote ip address.
    limit_conn arbeit 10;

    listen 443 default ssl;
    ssl                  on;
    ssl_certificate     /etc/nginx/ssl/domain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/domain.com.key;

    server_name www.domain.com;
    root /var/www/domain.com/public_html/;

    ## Parameterization using hostname of access and log filenames.
    access_log /var/www/domain.com/logs/access.log;
    error_log /var/www/domain.com/logs/error.log;

    ## UNCOMMENT TO DISPLAY MAINTENANCE PAGE
    ## If not ip 111.222.333.444 redirect to error503.html
    #if ($remote_addr != "111.222.333.444") { return 503; }
    #error_page 503 @maintenance;
    #location @maintenance { rewrite ^(.*)$ /error503.html break; }   

    ## Disable all methods besides HEAD, GET and POST.
    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
        return 444;
    }

    ## If no favicon exists return a 204 (no content error).
    location = /favicon.ico {
        try_files $uri =204;
        log_not_found off;
        access_log off;
    }    

    ## Don't log robots.txt requests.
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    ## Magento uses a common front handler
    location @handler {
        rewrite / /index.php;
    } 

    location / {
        index index.php;
        try_files $uri $uri/ @handler;  ## If missing pass the URI to Magento's front handler
        expires 30d; ## Assume all files are cachable
    }

    ## Static files are served directly.
    location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
        access_log off; ## Do not log access to these files
        expires max;
        log_not_found off;
    }

    ## Keep a tab on the 'big' static files.
    location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
        expires 30d;
    }

    ## RECOMMENDED TO UNCOMMENT
    ## Protect the install.php with password, more info in:
    ## http://httpd.apache.org/docs/2.0/programs/htpasswd.html
    #location = /install.php {
    #    auth_basic "Restricted Access"; # auth realm
    #    auth_basic_user_file .htpasswd-users; # htpasswd file
    #} 

    ## Enable access to certain folders
    location /lib/minify/ {
        allow all;
    }   

    ## Disable .htaccess and other hidden files
    location /. {
        return 404;
    }

    ## Disable access to certain folders located at the root of the fodler
    location ~ ^/(app|includes|media/downloadable|pkginfo|var)/ {
        return 404;
    }

    ## Disable access to certain files
       location ~* (/report/config.xml)$ {
        return 404;
    }

    ## Disable access to certain files
    location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
        return 404;
    }   

    # Deny access based on the User-Agent header.
    if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
	return 444;
    }

    # Deny access based on the Referer header.
    if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo|casino|replica) ) {
	return 444;
    }

    ## Forward paths like /js/index.php/x.js to relevant handler
    location ~ .php/ {
        rewrite ^(.*.php)/ $1 last;
    }    

    location ~ .php$ { ## Execute PHP scripts
            expires off; ## Do not cache dynamic content
            include /usr/local/nginx/conf/fastcgi_params;
            fastcgi_pass 127.0.0.1:9000;

            fastcgi_param HTTPS $fastcgi_https;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        }
}
server {
## limits remote clients to no more than 10 concurrently “open”
## connections per remote ip address being processed by Nginx.
limit_conn arbeit 10;
server_name www.contactlenseseurope.com;
root /var/www/contactlenseseurope.com/public_html/; 

## Parameterization using hostname of access and log filenames.
access_log /var/www/contactlenseseurope.com/logs/access.log;
error_log /var/www/contactlenseseurope.com/logs/error.log;

## UNCOMENT TO DISPLAY MAINTENANCE PAGE
## If not ip 111.222.333.444 redirect to error503.html
#if ($remote_addr != “111.222.333.444″) { return 503; }
#error_page 503 @maintenance;
#location @maintenance { rewrite ^(.*)$ /error503.html break; }

## Disable all methods besides HEAD, GET and POST.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}

## If no favicon exists return a 204 (no content error).
location = /favicon.ico {
try_files $uri =204;
log_not_found off;
access_log off;
}

## Don’t log robots.txt requests.
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

## Magento uses a common front handler
location @handler {
rewrite / /index.php;
}

location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento’s front handler
expires 30d; ## Assume all files are cachable
}

## Static files are served directly.
location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
access_log off; ## Do not log access to these files
expires max;
log_not_found off;
}

## Keep a tab on the ‘big’ static files.
location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
expires 30d;
}

## UNCOMENT AFTER INSTALL
## Protect the install.php, request password, check
## http://httpd.apache.org/docs/2.0/programs/htpasswd.html
## for more info
#location = /install.php {
# auth_basic “Restricted Access”; # auth realm
# auth_basic_user_file .htpasswd-users; # htpasswd file
#}

## Enable access to certain folders
location /lib/minify/ {
allow all;
}

## Disable .htaccess and other hidden files
location /. {
return 404;
}

## Disable access to certain folders located at the root of the fodler
location ~ ^/(app|includes|media/downloadable|pkginfo|var|custom/dompdf)/ {
return 404;
}

## Disable access to specific files
location ~* (/report/config.xml|/livezilla/api.php|/livezilla/track.php|/livezilla/extern.php|/livezilla/intern.php)$ {
return 404;
}

## Disable access to certain files matching specified file types
location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
return 404;
}

## Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}

## Execute PHP scripts
location ~ .php$ { ## Execute PHP scripts
expires off; ## Do not cache dynamic content
include /usr/local/nginx/conf/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_param SCRIPT_FILENAME /var/www/contactlenseseurope.com/public_html/$fastcgi_script_name;
}
}

Sources

Share
By Marco Constâncio on April 15, 2011 | Linux | A comment?
Tags:

htaccess examples

  • Redirect main domain to sub-folder, ignoring sub-domains
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/domain.com/
RewriteRule ^(.*)$ sub-folder/$1 [L]
  • Recommended for WordPress
# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

#Protect .htaccess
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

# disable the server signature
ServerSignature Off

# limit file uploads to 10mb
LimitRequestBody 10240000

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

#who has access who doesnt
order allow,deny
#deny from 000.000.000.000
allow from all

#custom error docs
#ErrorDocument 404 /notfound.php
#ErrorDocument 403 /forbidden.php
#ErrorDocument 500 /error.php

# disable directory browsing
Options All -Indexes

#block referring domains
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} digg\.com [NC]
#RewriteRule .* – [F]

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
RewriteRule  \.(jpe?g|gif|bmp|png)$ http://www.domain.com/stealingisbad.gif [R,L]

# set the canonical url
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

# protect from spam comments
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*domain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

# END WordPress
  • Redirect to Maintenance Page
# MAINTENANCE-PAGE REDIRECT
#Replace 123.456.789.000 with your ip adress
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteRule .* /maintenance.html [R=302,L]

Sources

Share
By Marco Constâncio on | Web | A comment?
Tags: