diff options
author | Nicolás Reynolds <fauno@kiwwwi.com.ar> | 2010-10-25 15:26:26 -0300 |
---|---|---|
committer | Nicolás Reynolds <fauno@kiwwwi.com.ar> | 2010-10-25 15:26:26 -0300 |
commit | 8463f6933e5c68e9e5bd369339d2898e9dd6a186 (patch) | |
tree | f8572f3ea9b33e90660e770c1738364438c4061f | |
parent | 371d450b6863c240633626d000c3f03843414b71 (diff) |
Default Nginx config
-rw-r--r-- | overlay/etc/nginx/conf/nginx.conf | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/overlay/etc/nginx/conf/nginx.conf b/overlay/etc/nginx/conf/nginx.conf new file mode 100644 index 0000000..6ee28b9 --- /dev/null +++ b/overlay/etc/nginx/conf/nginx.conf @@ -0,0 +1,81 @@ +# Nginx basic configuration +# Features +# * HTTPS only +# * PHP fastcgi + +user http http; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; +#error_log logs/debug.log debug; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + root /srv/http/; + include mime.types; + default_type application/octet-stream; + +# + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + ssl_protocols SSLv2 SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; + ssl_prefer_server_ciphers on; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + +# Redirect insecure connections to secure one + server { + listen 80; + server_name %HOSTNAME%; + + rewrite ^(.*) https://$server_name$1 permanent; + } + + # HTTPS server + # + # Install scripts should change %HOSTNAME% into real hostname + server { + listen 443 default ssl; + server_name %HOSTNAME%; + root /srv/http/%HOSTNAME%; + + #ssl on; + ssl_certificate /etc/ssl/certs/local.crt; + ssl_certificate_key /etc/ssl/private/local.key; + + + location / { + index index.html index.htm index.php; + } + + location ~ \.(php|inc)$ { + include fastcgi_params; + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /srv/http/%HOSTNAME%/$fastcgi_script_name; + } + } +} |