ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)相关的知识,希望对你有一定的参考价值。
# This is an annotated subset of the Nginx configuration from our Magento production platform @ www.hypernode.com
# See https://www.byte.nl/blog/magento-cacheleak-issue
user app;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# allows big media uploads
client_max_body_size 120m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# GeoIP support is included in the Ubuntu 12.04 Nginx.
# This enables logging, and the following:
# if ($geoip_country_code ~ (CN|ZW) ) {
# return 403;
# }
geoip_country /usr/share/GeoIP/GeoIP.dat;
gzip on;
gzip_disable "msie6";
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html application/json application/xml text/css text/js application/x-javascript;
# Determine whether a request comes from a human, a search crawler or another bot.
map $http_user_agent $is_non_search_bot {
default '';
~*(google|bing|pingdom|monitis.com|Zend_Http_Client) '';
~*(http|crawler|spider|bot|search|ForusP|Wget/|Python-urllib|PHPCrawl|bGenius) 'bot';
}
# Rate limit bots (that are not search spiders) to one PHP request per second.
# An empty '$limit_bots' would disable rate limiting for this requests
limit_req_zone $is_non_search_bot zone=bots:1m rate=1r/s;
limit_req_log_level error;
index index.html index.php;
server {
listen 80 default_server;
root /var/www;
# Android dupe request bug, https://www.byte.nl/blog/android-bug-can-kill-site-duplicate-requests
set $request_url "$scheme://$http_host$request_uri";
if ($request_url = $http_referer) {
set $request_is_referer 1;
}
if ($http_user_agent ~ 'Android ([23]|4\.[0123])') {
set $android_buggy_ua 1;
}
set $android_dupe_bug "${request_method}${android_buggy_ua}${request_is_referer}";
if ($android_dupe_bug = 'GET11') {
# http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
return 429;
}
# Denied locations require a "^~" to prevent regexes (such as the PHP handler below) from matching
# http://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /app/ { return 403; }
location ^~ /includes/ { return 403; }
location ^~ /media/downloadable/ { return 403; }
location ^~ /pkginfo/ { return 403; }
location ^~ /report/config.xml { return 403; }
location ^~ /var/ { return 403; }
location ^~ /lib/ { return 403; }
location ^~ /dev/ { return 403; }
location ^~ /RELEASE_NOTES.txt { return 403; }
location ^~ /downloader/pearlib { return 403; }
location ^~ /downloader/template { return 403; }
location ^~ /downloader/Maged { return 403; }
location ~* ^/errors/.+\.xml { return 403; }
# CVE-2015-3428 / AW_Blog vulnerability
# Note the .+ at the start: We want to allow url's like
# order=create_date, which would otherwise match.
if ($arg_order ~* .+(select|create|insert|update|drop|delete|concat|alter|load)) {
return 403;
}
# Don't skip .thumbs, this is a default directory where Magento places thumbnails
# Nginx cannot "not" match something, instead the target is matched with an empty block
# http://stackoverflow.com/a/16304073
location ~ /\.thumbs {
}
# Skip .git, .htpasswd etc
location ~ /\. {
return 404;
}
set $fastcgi_root $document_root;
location / {
try_files $uri $uri/ @handler;
expires 30d;
}
# SUPEE 6285
# Only allow the new url case sensitive lowercase, deny case insensitive
location ^~ /rss/order/new {
echo_exec @handler;
}
location ^~ /rss/catalog/notifystock {
echo_exec @handler;
}
location ^~ /rss/catalog/review {
echo_exec @handler;
}
location ~* /rss/order/new {
return 403;
}
location ~* /rss/catalog/notifystock {
return 403;
}
location ~* /rss/catalog/review {
return 403;
}
## Order IS important! this is required BEFORE the PHP regex
## Allow PHP scripts in skin and JS, but render static 404 pages when skin or js file is missing
## Magento has RewriteCond %{REQUEST_URI} !^/(media|skin|js)/ in default htaccess
location ~ ^/(skin|js)/ {
location ~ \.php$ {
echo_exec @phpfpm;
}
try_files $uri $uri/ =404;
expires 30d;
}
# Disallow PHP scripts in /media/
# Also render static 404 pages for missing media
location ~ ^/media/ {
location ~ \.php$ {
return 403;
}
try_files $uri $uri/ =404;
expires 30d;
}
location @handler {
rewrite / /index.php;
}
location @fastcgi_backend {
# Bot rate limit, https://gist.github.com/supairish/2951524
# Burst=0 (default) --WdG
limit_req zone=bots;
# server_name is read-only, so we need a temp var
set $my_server_name $server_name;
if ($my_server_name = "") {
set $my_server_name $http_host;
}
try_files $uri =404;
expires off;
root $fastcgi_root;
fastcgi_read_timeout 900s;
fastcgi_index index.php;
fastcgi_pass $fastcgi_pass;
include /etc/nginx/fastcgi_params;
fastcgi_param HTTP_AUTHORIZATION $http_authorization;
fastcgi_param SERVER_NAME $my_server_name;
fastcgi_param NGINX_REQUEST_TIME $date_gmt;
# If these variables are unset, set them to an empty value here
# so they are al least defined when fastcgi_param directives are called
if ($storecode = "") {
set $storecode "";
}
if ($storetype = "") {
set $storetype "";
}
# These are set in http.magerunmaps
fastcgi_param MAGE_RUN_CODE $storecode if_not_empty;
fastcgi_param MAGE_RUN_TYPE $storetype if_not_empty;
}
location @phpfpm {
set $log_handler phpfpm;
set $fastcgi_pass 127.0.0.1:9000;
echo_exec @fastcgi_backend;
}
location @hhvm {
set $log_handler hhvm;
set $fastcgi_pass 127.0.0.1:9001;
echo_exec @fastcgi_backend;
}
# Protection against unsecured magmi installs. User-editable
# so user may set it up as they want. Must be included here
# to catch and redirect PHP files, if this was loaded in later
# (after the default php-fpm handler for .php files) then we
# would not be able to redirect the magmi .php files (which are
# the ones we really MUST redirect).
location ~* /magmi($|/) {
return https://support.hypernode.com/knowledgebase/securing-access-to-magmi/;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
# always execute our own handler for php-fpm, to prevent serving raw php code and to have
# a default when user removes configuration from ~/nginx/
location ~ \.php$ {
echo_exec @phpfpm;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
location /lib/minify/ { allow all; }
}
}ini nginx下magento的配置文件。
#####################################################
#
# Provided by the Magento Support Center
# http://magentosupport.help/knowledgebase/configuring-nginx-to-work-with-magento-advanced/
#
# Your Magento Tutorial specialists
#
server {
listen *:8080;
server_name fanatik.redrokk.com www.fanatikbike.com fanatikbike.com;
root /home/production/www.fanatikbike.com/web/webroot/;
##
# redirect to www
##
#if ($host !~* ^www\.) {
# rewrite ^(.*)$ http://www.$host$1 permanent;
#}
##
# dont log robots.txt requests
##
location /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ { deny all; }
# deny htaccess files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
##
# Rewrite for versioned CSS+JS via filemtime
##
location ~* ^.+\.(css|js)$ {
rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
##
# Aggressive caching for static files
# If you alter static files often, please use
# add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
##
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
# error pages
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
try_files /maintenance.html $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
location @handler { ## Magento uses a common front handler
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
##
# pass the PHP scripts to FastCGI server listening at unix:/tmp/php5-fpm.sock
##
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SERVER_PORT 80;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
fastcgi_param MAGE_RUN_TYPE store;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
}以上是关于ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)的主要内容,如果未能解决你的问题,请参考以下文章
ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
ini 为Magento进行经过实战考验的Nginx配置(来源:www.hypernode.com)
ini PHP 5.5.14上Magento的OpCache设置。将此文件存储为/etc/php.d/opcache.ini