ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)相关的知识,希望对你有一定的参考价值。
# This is an annotated subset of the Nginx configuration from our Magento production platform @ www.hypernode.com
# See https://www.byte.nl/blog/magento-cacheleak-issue
user app;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# allows big media uploads
client_max_body_size 120m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# GeoIP support is included in the Ubuntu 12.04 Nginx.
# This enables logging, and the following:
# if ($geoip_country_code ~ (CN|ZW) ) {
# return 403;
# }
geoip_country /usr/share/GeoIP/GeoIP.dat;
gzip on;
gzip_disable "msie6";
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html application/json application/xml text/css text/js application/x-javascript;
# Determine whether a request comes from a human, a search crawler or another bot.
map $http_user_agent $is_non_search_bot {
default '';
~*(google|bing|pingdom|monitis.com|Zend_Http_Client) '';
~*(http|crawler|spider|bot|search|ForusP|Wget/|Python-urllib|PHPCrawl|bGenius) 'bot';
}
# Rate limit bots (that are not search spiders) to one PHP request per second.
# An empty '$limit_bots' would disable rate limiting for this requests
limit_req_zone $is_non_search_bot zone=bots:1m rate=1r/s;
limit_req_log_level error;
index index.html index.php;
server {
listen 80 default_server;
root /var/www;
# Android dupe request bug, https://www.byte.nl/blog/android-bug-can-kill-site-duplicate-requests
set $request_url "$scheme://$http_host$request_uri";
if ($request_url = $http_referer) {
set $request_is_referer 1;
}
if ($http_user_agent ~ 'Android ([23]|4\.[0123])') {
set $android_buggy_ua 1;
}
set $android_dupe_bug "${request_method}${android_buggy_ua}${request_is_referer}";
if ($android_dupe_bug = 'GET11') {
# http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
return 429;
}
# Denied locations require a "^~" to prevent regexes (such as the PHP handler below) from matching
# http://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /app/ { return 403; }
location ^~ /includes/ { return 403; }
location ^~ /media/downloadable/ { return 403; }
location ^~ /pkginfo/ { return 403; }
location ^~ /report/config.xml { return 403; }
location ^~ /var/ { return 403; }
location ^~ /lib/ { return 403; }
location ^~ /dev/ { return 403; }
location ^~ /RELEASE_NOTES.txt { return 403; }
location ^~ /downloader/pearlib { return 403; }
location ^~ /downloader/template { return 403; }
location ^~ /downloader/Maged { return 403; }
location ~* ^/errors/.+\.xml { return 403; }
# CVE-2015-3428 / AW_Blog vulnerability
# Note the .+ at the start: We want to allow url's like
# order=create_date, which would otherwise match.
if ($arg_order ~* .+(select|create|insert|update|drop|delete|concat|alter|load)) {
return 403;
}
# Don't skip .thumbs, this is a default directory where Magento places thumbnails
# Nginx cannot "not" match something, instead the target is matched with an empty block
# http://stackoverflow.com/a/16304073
location ~ /\.thumbs {
}
# Skip .git, .htpasswd etc
location ~ /\. {
return 404;
}
set $fastcgi_root $document_root;
location / {
try_files $uri $uri/ @handler;
expires 30d;
}
# SUPEE 6285
# Only allow the new url case sensitive lowercase, deny case insensitive
location ^~ /rss/order/new {
echo_exec @handler;
}
location ^~ /rss/catalog/notifystock {
echo_exec @handler;
}
location ^~ /rss/catalog/review {
echo_exec @handler;
}
location ~* /rss/order/new {
return 403;
}
location ~* /rss/catalog/notifystock {
return 403;
}
location ~* /rss/catalog/review {
return 403;
}
## Order IS important! this is required BEFORE the PHP regex
## Allow PHP scripts in skin and JS, but render static 404 pages when skin or js file is missing
## Magento has RewriteCond %{REQUEST_URI} !^/(media|skin|js)/ in default htaccess
location ~ ^/(skin|js)/ {
location ~ \.php$ {
echo_exec @phpfpm;
}
try_files $uri $uri/ =404;
expires 30d;
}
# Disallow PHP scripts in /media/
# Also render static 404 pages for missing media
location ~ ^/media/ {
location ~ \.php$ {
return 403;
}
try_files $uri $uri/ =404;
expires 30d;
}
location @handler {
rewrite / /index.php;
}
location @fastcgi_backend {
# Bot rate limit, https://gist.github.com/supairish/2951524
# Burst=0 (default) --WdG
limit_req zone=bots;
# server_name is read-only, so we need a temp var
set $my_server_name $server_name;
if ($my_server_name = "") {
set $my_server_name $http_host;
}
try_files $uri =404;
expires off;
root $fastcgi_root;
fastcgi_read_timeout 900s;
fastcgi_index index.php;
fastcgi_pass $fastcgi_pass;
include /etc/nginx/fastcgi_params;
fastcgi_param HTTP_AUTHORIZATION $http_authorization;
fastcgi_param SERVER_NAME $my_server_name;
fastcgi_param NGINX_REQUEST_TIME $date_gmt;
# If these variables are unset, set them to an empty value here
# so they are al least defined when fastcgi_param directives are called
if ($storecode = "") {
set $storecode "";
}
if ($storetype = "") {
set $storetype "";
}
# These are set in http.magerunmaps
fastcgi_param MAGE_RUN_CODE $storecode if_not_empty;
fastcgi_param MAGE_RUN_TYPE $storetype if_not_empty;
}
location @phpfpm {
set $log_handler phpfpm;
set $fastcgi_pass 127.0.0.1:9000;
echo_exec @fastcgi_backend;
}
location @hhvm {
set $log_handler hhvm;
set $fastcgi_pass 127.0.0.1:9001;
echo_exec @fastcgi_backend;
}
# Protection against unsecured magmi installs. User-editable
# so user may set it up as they want. Must be included here
# to catch and redirect PHP files, if this was loaded in later
# (after the default php-fpm handler for .php files) then we
# would not be able to redirect the magmi .php files (which are
# the ones we really MUST redirect).
location ~* /magmi($|/) {
return https://support.hypernode.com/knowledgebase/securing-access-to-magmi/;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
# always execute our own handler for php-fpm, to prevent serving raw php code and to have
# a default when user removes configuration from ~/nginx/
location ~ \.php$ {
echo_exec @phpfpm;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
location /lib/minify/ { allow all; }
}
}ini Magento Nginx VPS配置
server {
listen 80;
server_name localhost;
root /var/www/cabocla;
autoindex off;
location /app/ { deny all; }
location /includes/ { deny all; }
location /lib/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }
location = /RELEASE_NOTES.txt { deny all; }
location = /LICENSE_AFL.txt { deny all; }
location = /LICENSE.html { deny all; }
location = /LICENSE.txt { deny all; }
location = /php.ini.sample { deny all; }
location = /index.php.sample { deny all; }
location /. { return 404; }
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip)$ {
access_log off;
expires 30d;
}
location ~* ^(/downloader|/js|/404|/report)(.*) {
include /usr/local/etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$1/index.php$1;
fastcgi_read_timeout 600;
fastcgi_pass fpm_backend;
}
location @handler { ## Magento uses a common front handler
rewrite / /index.php;
}
location ~ \.php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*\.php)/ $1 last;
}
location ~ \.php$ { ## Execute PHP scripts
expires off; ## Do not cache dynamic content
fastcgi_pass fpm_backend;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
if ($request_uri ~* "\.(png|gif|jpg|jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip)$") {
expires max;
}
# set fastcgi settings, not allowed in the "if" block
include /usr/local/etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$; #this line
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
# rewrite - if file not found, pass it to the backend
if (!-f $request_filename) {
fastcgi_pass fpm_backend;
break;
}
}
}以上是关于ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)的主要内容,如果未能解决你的问题,请参考以下文章
ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
ini PHP 5.5.14上Magento的OpCache设置。将此文件存储为/etc/php.d/opcache.ini