nginx配置文件模板
nginx配置文件模板
http://www.315ok.org/blogfolder/271
http://www.315ok.org/logo.png
nginx配置文件模板
nginx配置文件模板
# This is the default nginx configuration for the front-most web server,
# typically running on port 80 (HTTP) and 443 (HTTPS).
# It is mainly responsible for proxying to the Varnish cache.
# Process control
pid ${buildout:directory}/var/nginx.pid;
lock_file ${buildout:directory}/var/nginx.lock;
user ${users:nginx};
worker_processes 1;
daemon off;
# This is limited related to the number of file descriptors available
events {
worker_connections ${limits:open-files};
}
# Logging
error_log ${buildout:directory}/var/log/nginx-error.log warn;
# HTTP server
http {
# Define Varnish upstream - we proxy to this below
upstream cache {
server ${hosts:nginx-backend}:${ports:nginx-backend};
}
# Allow big files
client_max_body_size 128m;
# HTTP server
server {
listen *:${ports:http};
server_name ${hosts:public};
access_log ${buildout:directory}/var/log/main-access.log;
# Enable gzip compression of responses
gzip on;
gzip_min_length 1000;
# Show status information on /_nginx_status_
location = /_nginx_status_ {
stub_status on;
allow 127.0.0.1;
deny all;
}
# This is the 'panic' error message page. HAProxy will redirect here
# if all nodes are down. Other parts of the stack may choose to
# redirect to this URL as well.
location ${urls:fallback} {
root ${buildout:directory}/htdocs;
index index.html index.htm;
break;
}
# Rewrites/proxying that applies to all URLs not matched above
location / {
# Content author users (authenticatd with the Plone login cookie)
# are forced to SSL always
if ($http_cookie ~* "__ac") {
rewrite ^/(.*)$ https://${hosts:public}:${ports:https}/$1 redirect;
}
# The content author login form requires SSL
rewrite ^(.*/login_form)$ https://${hosts:public}:${ports:https}$1 redirect;
rewrite ^(.*/require_login)$ https://${hosts:public}:${ports:https}$1 redirect;
# Other pages are served from http, using virtual hosting
rewrite ^/(.*)$ /VirtualHostBase/http/${hosts:public}:${ports:http}/${sites:main}/VirtualHostRoot/$1 break;
proxy_pass http://cache;
proxy_set_header Host $host;
proxy_connect_timeout 75;
proxy_read_timeout 185;
}
}
# HTTPS server
server {
listen *:${ports:https};
server_name ${hosts:public};
access_log ${buildout:directory}/var/log/main-access.log;
ssl on;
ssl_certificate ${ssl:certificate};
ssl_certificate_key ${ssl:key};
keepalive_timeout 70;
# Enable gzip compression of responses
gzip on;
gzip_min_length 1000;
location / {
# Admin users are always managed over SSL
if ($http_cookie ~* "__ac" ) {
rewrite ^/(.*)$ /VirtualHostBase/https/${hosts:public}:${ports:https}/${sites:main}/VirtualHostRoot/$1 break;
}
# The content author login form requires SSL
rewrite ^(.*/login_form)$ /VirtualHostBase/https/${hosts:public}:${ports:https}/${sites:main}/VirtualHostRoot$1 break;
rewrite ^(.*/require_login)$ /VirtualHostBase/https/${hosts:public}:${ports:https}/${sites:main}/VirtualHostRoot$1 break;
# Resources are allowed over SSL
rewrite ^/(.*\.(css|kss|js|jpg|jpeg|gif|png))$ /VirtualHostBase/https/${hosts:public}:${ports:https}/${sites:main}/VirtualHostRoot/$1 break;
# Everything else is redirected back to http
rewrite ^/(.*)$ http://${hosts:public}:${ports:http}/$1 permanent;
# Back end (for SSL content)
proxy_pass http://cache;
proxy_set_header Host $host;
proxy_connect_timeout 75;
proxy_read_timeout 185;
}
}
}