Virtualhost Nginx + php-fpm

Exemplu de virtual host Nginx cu php-fpm, ssl, compresie gzip si forward IP real in caz ca suntem in spatele unui proxy. De asemenea, configul contine si un exemplu de basic auth.

#
# A virtual host using mix of IP-, name-, and port-based configuration
#

server {
    listen       80;
    server_name  test.com www.test.com;
    #Redirect to https
    return 301 https://test.com$request_uri;
}

#HTTPS Vhost
server {
    listen       443 ssl;
    server_name  test.com;
    root         /var/www/html;
    index  index.php;
    access_log  /var/log/nginx/test-access.log  main;
    error_log   /var/log/nginx/test-error.log;
    ssl_certificate      /etc/certs/test.com.crt;
    ssl_certificate_key  /etc/certs/test.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    
    #PHP-FPM    
    location ~ \.php$ {
    fastcgi_pass 127.0.0.1:9000;
    try_files $uri =404;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    #Set custom php values
    fastcgi_param PHP_VALUE max_execution_time=180;
    fastcgi_param PHP_VALUE max_input_vars=1600;
    
#Set expires
location ~* \.(htm|css|js|txt|swf|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gz|gzip|ico|png|gif|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|webm|htc|ttf|woff2|woff)$ {
    access_log off;
    log_not_found off;
    expires         1y;
    add_header      Cache-Control "max-age=31536000, public";
    add_header 'X-Frame-Options' 'ALLOW-FROM *';
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    }

#Enable gzip compression
    gzip on;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/rss+xml
        application/vnd.ms-fontobject
        application/x-javascript
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/svg+xml
        image/x-icon
        text/css
        text/plain
        text/javascript
        text/x-component;

     }
     
# Forward real IP
http {
        charset             UTF-8;
        set_real_ip_from   192.168.255.0/24;
        real_ip_header     X-Forwarded-For;
        real_ip_recursive  on;

}

#Restrict access to IP / use auth
#location / {
#    satisfy any;
#    allow 192.168.1.0/24;
#    deny  all;

#    auth_basic           "closed site";
#    auth_basic_user_file conf/htpasswd;
#   }

}