Skip to content

Instantly share code, notes, and snippets.

@ekandreas

ekandreas/nginx

Last active April 21, 2018 12:40
Show Gist options
  • Save ekandreas/0879d8cbcb5320d6bc9e127ce69a92e1 to your computer and use it in GitHub Desktop.
Save ekandreas/0879d8cbcb5320d6bc9e127ce69a92e1 to your computer and use it in GitHub Desktop.
Download ZIP
nginx-laravel-forge
Raw
nginx
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/mwb.digital/before/*;
#ADDED
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MWBROOT:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
#/ADDED
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _ mwb.digital www.mwb.digital;
root /home/forge/mwb.digital/web;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/mwb.digital/338250/server.crt;
ssl_certificate_key /etc/nginx/ssl/mwb.digital/338250/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
#ADDED
add_header X-Cache $upstream_cache_status;
#/ADDED
# browser caching of static assets
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
}
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/mwb.digital/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/mwb.digital-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
#ADDED
fastcgi_cache MWBROOT;
fastcgi_cache_valid 200 1m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_cache_lock on;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
#/ADDED
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
#ADDED
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(wp/)")
{
set $no_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $no_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
#/ADDED
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/mwb.digital/after/*;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment