/ nginx


This is outdated (this still used wordpress)

Just decided to publish my nginx.conf (yes, this is running on nginx, for those who haven't known) to help newbies, and to collect much stuff into one post, as this meant quite some searching on the interweb.

user                    nginx;
worker_processes        3;
worker_cpu_affinity     10011000 01000100 00100011;

events {
        worker_connections  1024;
        use epoll;

http {
    include             mime.types;
    default_type        application/octet-stream;

    access_log  /home/http/log/access.log;

    client_max_body_size        4M;
    # Do not expose the server version
    server_tokens               off;
    keepalive_timeout           20;

    output_buffers      1 128k;

    sendfile            on;
    tcp_nopush          on;
    #expires            1h;
    expires             off;

    # gzip textfiles
    gzip                on;
    gzip_comp_level     4;
    gzip_static         on;
    gzip_min_length     1000;
    gzip_types          text/xml text/plain text/css text/javascript application/json application/javascript application/x-javascript image/svg+xml;
    gzip_vary           on;

    spdy_headers_comp   4;

    # Protection for BEAST attacks
    ssl_ciphers         ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
    ssl_prefer_server_ciphers on;

    charset             utf-8;

   server {
        listen          *:80 default_server;
        listen          [2a01:4f8:190:33f4::dead]:80 default_server;
        listen          *:443 ssl spdy default_server;
        listen          [2a01:4f8:190:33f4::dead]:443 ssl spdy default_server;
        server_name     ts.unde.re;

        ssl_certificate         .../ts.unde.re.crt;
        ssl_certificate_key     .../ts.unde.re.key;

        root            /home/http/ts.unde.re;
        access_log      /home/http/log/ts.unde.re.access.log; # main;

        index  index.php index.html;
        # Enable this to "redirect" 404 to PHP so to e.g. show wordpress's 404 pages
        # try_files $uri $uri/ /index.php;

        location ~ \.php$ {
                include fastcgi_params;
                # Pass to a fcgi socket
                fastcgi_pass unix:/tmp/php-fpm-kondou.sock;

        location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff|ttf)$ {
                expires         1y;
                access_log      off;

        location /experiments {
                # Make it possible to show source-code as text, first
                default_type    text/plain;
                autoindex       on;
                autoindex_exact_size off;

   # Icecast
   server {
        listen          *:80;
        listen          [2a01:4f8:190:33f4::dead]:80;
        server_name     radio.ts.unde.re;
        access_log      off;
        location / {
                proxy_buffering           off;
                proxy_intercept_errors    on;
                proxy_next_upstream       error timeout invalid_header;
                proxy_redirect            off;
                proxy_set_header          X-Host $http_host;
                proxy_set_header          X-Forwarded-For $remote_addr;
                proxy_set_header          Host $host;
                proxy_send_timeout        6h;
                proxy_read_timeout        6h;
                proxy_pass http://localhost:8000;

   # Django via uwsgi
   server {
        listen          *:80;
        listen          [2a01:4f8:190:33f4::dead]:80;
        server_name     python.ts.unde.re;
        access_log      /home/http/log/ts.unde.re.access.log;

        location / {
                uwsgi_pass      unix:/tmp/python.ts.unde.re-uwsgi.sock;
                include         uwsgi_params;

        location /static {
                alias /home/http/python.ts.unde.re/static/;
                expires 1y;
                access_log off;
        location /media {
                alias /home/http/python.ts.unde.re/media/;
                expires 1y;
                access_log off;

   # ownCloud
   # redirect http to https server sided
   server {
        listen          *:80;
        listen          [2a01:4f8:190:33f4::dead]:80;
        server_name     ...;
        rewrite         ^ https://$server_name$request_uri? permanent;

   server {
        listen          *:443 ssl spdy;
        listen          [2a01:4f8:190:33f4::dead]:443 ssl spdy;
        server_name     ...;
        ssl_certificate         .../ts.unde.re_chain.pem;
        ssl_certificate_key     .../ts.unde.re.key;

        root            /home/http/owncloud;
        access_log      /home/http/log/ownCloud.log;
        # Make uploads larger than 5 MB possible (200MB here)
        client_max_body_size 200M;

        index           index.php;
        # Use ownclouds error-pages
        error_page      403 = /core/templates/403.php;
        error_page      404 = /core/templates/404.php;

        # Necessary to use webdav
        rewrite ^/webdav((/|$).*)$ /remote.php/webdav$1 last;

        # Deny access to internal files
        location ~ ^/(data|config|\.|db_structure\.xml|README|tmp|tests) {
                deny all;

        # Necessary rewrites (these are in .htaccess otherwise)
        location / {
                rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
                rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
                # Enable these to use caldav or carddav
                #rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
                #rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
                rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
                try_files $uri $uri/ index.php;

        # Regex necessary to make php-fpm accept urls like https://example.com/index.php/apps/files
        location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
                try_files $script_name = 404;
                include fastcgi_params;
                fastcgi_param PATH_INFO $path_info;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param HTTPS on;
                # Pass fcgi to a socket
                fastcgi_pass unix:/tmp/php-fpm-cloud.sock;

        location ~* ^.+.(jpg|jpeg|gif|bmp|ico|png|css|js|svg)$ {
                expires 30d;
                access_log off;