user www www; worker_processes auto; #error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; worker_rlimit_nofile 1024; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] $request ' # '"$status" $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #log_format IP .$remote_addr.; access_log off; server_tokens off; reset_timedout_connection on; sendfile on; # http://en.wikipedia.org/wiki/Asynchronous_I/O # aio sendfile; output_buffers 1 64k; tcp_nopush on; tcp_nodelay on; send_lowat 12000; log_not_found off; keepalive_timeout 65; limit_req_zone $binary_remote_addr zone=one:16m rate=5r/s; gzip on; gzip_vary on; gzip_min_length 2048; gzip_comp_level 5; gzip_http_version 1.0; gzip_proxied any; gzip_disable "msie6"; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; client_max_body_size 10m; large_client_header_buffers 4 8k; client_body_temp_path /tmp/nginx/client_temp 1 2; server { #listen 80 default sndbuf=32k rcvbuf=8k accept_filter=httpready; #listen [::]:80 default sndbuf=32k rcvbuf=8k accept_filter=httpready; listen 80 default sndbuf=32k rcvbuf=8k; server_name sitedomain.ru; charset utf8; access_log off; location / { root /var/www; index index.php index.html index.htm; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; # pass the PHP scripts to FastCGI server listening on /tmp/php.sock location ~ \.php$ { #limit_req zone=one burst=20 nodelay; #limit_req_log_level info; root /var/www; fastcgi_index index.php; fastcgi_pass unix:/tmp/php.sock; # 127.0.0.1:9000; fastcgi_intercept_errors on; # FreeBSD Optimization fastcgi_pass_request_body off; client_body_in_file_only clean; fastcgi_param REQUEST_BODY_FILE $request_body_file; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name; include fastcgi_params; } # rewrite to XBTT (old) # location ^~ /bt/ { # access_log off; # if ( $query_string ~ "^uk=([^&?]{10})[&?]+(.*)$" ) { # set $uk $1; # set $qs $2&ip=$remote_addr; # } # if ( $query_string ~ "^uk=([^&?]{10})[&?]+((.*&|)ip=.*)$" ) { # set $uk $1; # set $qs $2; # } # if ( $qs ) { # rewrite ^.*/([a-z]+)(\.php|)$ /$uk/$1?$qs break; # } # rewrite ^/?(.*)$ /$1?ip=$remote_addr&$query_string break; # proxy_pass http://127.0.0.1:2710/; # } # cache static files location ~* \.(jpg|jpeg|gif|png|webp|bmp|css|js|ico)$ { root /var/www; access_log off; expires 30d; add_header Cache-Control public; } # sitemap rewrite rewrite ^/sitemap.xml$ /internal_data/sitemap/sitemap.xml; # deny access to admin folder location ~ \/admin|backup\/ { deny all; #allow YOUR_IP; } # deny access to system folder location ~ \/(install|internal_data|library)\/ { deny all; } # deny access to git folder location ~ /\.git { deny all; } # deny access to .htaccess, if apache's document root concurs with nginx's one location ~ /\.ht { deny all; } # deny access to critical files location ~ \.(.*sql|tpl|db|inc|log|md)$ { deny all; } } }