Webservers
Vhost Apache
<VirtualHost *:80> DocumentRoot "/var/www/html" ServerName domain.com ServerAlias www.domain.com LogLevel error ErrorLog logs/domain-error_log CustomLog logs/domain-access_log combined #Redirect http to https RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] #Redirect any url to new domain homepage RewriteEngine on RewriteRule (.*) https://site.com/ [R=301,L] #Port Forwarding #ProxyPass / http://localhost:5000/ #ProxyPassReverse / http://localhost:5000/ #Use https on Wordpress with load balancer (https) when Wordpress server uses http #Make sure that X-FORWARDED-PROTO is set on LoadBalancer. #Then, add the following to wp-config.php #if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) #$_SERVER['HTTPS']='on'; <Directory "/var/www/html"> Options All -Indexes AllowOverride All Order allow,deny Allow from all #Order deny,allow #Deny from all #Allow from 127.1.0.0/16 #AuthType Basic #AuthName "Auth required" #AuthUserFile /etc/httpd/user #Require valid-user #Satisfy any DirectoryIndex index.html index.php #Enable compression AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/x-component AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript #Expire headers <IfModule mod_expires.c> ExpiresActive On ExpiresDefault "access plus 10 days" ExpiresByType text/css "access plus 1 week" ExpiresByType text/plain "access plus 1 day" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType application/javascript "access plus 1 week" ExpiresByType application/x-icon "access plus 1 year" </IfModule> </Directory> </VirtualHost>
Vhost Apache SSL
<VirtualHost *:443> DocumentRoot "/var/www/html/domain/" ServerName domain.com ServerAlias domain.com LogLevel error ErrorLog logs/domain-ssl-error_log CustomLog logs/domain-ssl-access_log combined SSLEngine on SSLCertificateFile "/etc/httpd/conf/cert/domain.com.crt" SSLCertificateChainFile "/etc/httpd/conf/cert/domain-bundle.crt" SSLCertificateKeyFile "/etc/httpd/conf/sslkey/domain.key" SSLCipherSuite ALL:-ADH:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXP <Directory "/var/www/html"> Options All -Indexes AllowOverride All Order allow,deny Allow from all #Order deny,allow #Deny from all #Allow from 127.22.0.0/16 #AuthType Basic #AuthName "Access required" #AuthUserFile /etc/httpd/user #Require valid-user #Satisfy any DirectoryIndex index.html index.php </Directory> </VirtualHost>
Vhost Nginx + PHP-FPM
# # A virtual host using mix of IP-, name-, and port-based configuration # server { listen 80; server_name test.com www.test.com; #Redirect to https return 301 https://test.com$request_uri; } #HTTPS Vhost server { listen 443 ssl; server_name test.com; root /var/www/html; index index.php; access_log /var/log/nginx/test-access.log main; error_log /var/log/nginx/test-error.log; ssl_certificate /etc/certs/test.com.crt; ssl_certificate_key /etc/certs/test.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #PHP-FPM location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; try_files $uri =404; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; #Set custom php values fastcgi_param PHP_VALUE max_execution_time=180; fastcgi_param PHP_VALUE max_input_vars=1600; #Set expires location ~* \.(htm|css|js|txt|swf|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gz|gzip|ico|png|gif|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|webm|htc|ttf|woff2|woff)$ { access_log off; log_not_found off; expires 1y; add_header Cache-Control "max-age=31536000, public"; add_header 'X-Frame-Options' 'ALLOW-FROM *'; add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } #Enable gzip compression gzip on; gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-javascript application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/javascript text/x-component; } # Forward real IP http { charset UTF-8; set_real_ip_from 192.168.255.0/24; real_ip_header X-Forwarded-For; real_ip_recursive on; } #Restrict access to IP / use auth #location / { # satisfy any; # allow 192.168.1.0/24; # deny all; # auth_basic "closed site"; # auth_basic_user_file conf/htpasswd; # } }
Vhost Nginx + PHP-FPM + Magento
server { listen 80; server_name DOMAIN.com; rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www } server { listen 80 default; ## SSL directives might go here server_name www.DOMAIN.com *.DOMAIN.com; ## Domain is here twice so server_name_in_redirect will favour the www root /var/www/vhosts/DOMAIN.com; location / { index index.html index.php; ## Allow a static html file to be shown first try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler expires 30d; ## Assume all files are cachable } ## These locations would be hidden by .htaccess normally location ^~ /app/ { deny all; } location ^~ /includes/ { deny all; } location ^~ /lib/ { deny all; } location ^~ /media/downloadable/ { deny all; } location ^~ /pkginfo/ { deny all; } location ^~ /report/config.xml { deny all; } location ^~ /var/ { deny all; } location /var/export/ { ## Allow admins only to view export folder auth_basic "Restricted"; ## Message shown in login window auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword autoindex on; } location /. { ## Disable .htaccess and other hidden files return 404; } location @handler { ## Magento uses a common front handler rewrite / /index.php; } location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler rewrite ^(.*.php)/ $1 last; } location ~ .php$ { ## Execute PHP scripts if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss expires off; ## Do not cache dynamic content fastcgi_pass 127.0.0.1:9000; fastcgi_param HTTPS $fastcgi_https; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores fastcgi_param MAGE_RUN_TYPE store; include fastcgi_params; ## See /etc/nginx/fastcgi_params } } location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler rewrite ^(.*.php)/ $1 last; } location ~ .php$ { ## Execute PHP scripts if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss expires off; ## Do not cache dynamic content fastcgi_pass 127.0.0.1:9000; fastcgi_param HTTPS $fastcgi_https; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores fastcgi_param MAGE_RUN_TYPE store; include fastcgi_params; ## See /etc/nginx/fastcgi_params } }