docs/nginx-full.conf
upstream hhvm_default {
#server unix:/var/run/php5-fpm.sock;
server localhost:9001;
}
server {
listen 80;
add_header Strict-Transport-Security max-age=31536000;
server_name muenchen-transparent.de www.muenchen-transparent.de xn--mnchen-transparent-m6b.de www.xn--mnchen-transparent-m6b.de ratsinformant.de www.ratsinformant.de;
rewrite ^ https://www.muenchen-transparent.de$request_uri? permanent;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/ssl-muenchen-transparent/certchain.pem;
ssl_certificate_key /etc/nginx/ssl-muenchen-transparent/myserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
server_name muenchen-transparent.de;
rewrite ^ https://www.muenchen-transparent.de$request_uri? permanent;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/www_ratsinformant_de-201403.crt;
ssl_certificate_key /etc/nginx/www_ratsinformant_de-201403.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
server_name ratsinformant.de www.ratsinformant.de;
rewrite ^ https://www.muenchen-transparent.de$request_uri? permanent;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/ssl-muenchen-transparent/certchain.pem;
ssl_certificate_key /etc/nginx/ssl-muenchen-transparent/myserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
server_name www.muenchen-transparent.de;
root /var/www/ris3/html;
set $yii_bootstrap "index.php";
charset utf-8;
access_log /var/log/nginx/access_ris.log;
error_log /var/log/nginx/error_ris.log;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
fastcgi_send_timeout 600s;
fastcgi_read_timeout 600s;
location /solr {
proxy_pass http://127.0.0.1:8983/;
rewrite /solr/(.*) /solr/$1 break;
proxy_redirect / /solr/;
#proxy_set_header Host $host;
proxy_buffering off;
auth_basic "Solr Auth";
auth_basic_user_file /var/www/intern/ris-solr-users;
}
location @ris_tiles_notfound {
root /var/www/ris3/html;
fastcgi_split_path_info ^(.+\.php)(.*)$;
# Yii soll Aufrufe von nicht existierenden PHP-Dateien abfangen
set $fsn /$yii_bootstrap;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass hhvm_default;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
# PATH_INFO und PATH_TRANSLATED müssen nicht angegeben werden,
# sind aber in RFC 3875 für CGI definiert:
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
location /tiles {
root /var/www/ris3-data/tile-cache/;
expires 1w;
error_page 404 = @ris_tiles_notfound;
}
location /pdf_proxy {
resolver 127.0.0.1 ipv6=off;
proxy_pass http://www.ris-muenchen.de/;
proxy_redirect http://www.ris-muenchen.de/ /pdf_proxy/;
}
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /$yii_bootstrap?$args;
}
location ~ \/assets\/.*(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar|woff|svg)$ {
try_files $uri =404;
expires 7d;
}
location /css/ {
expires 7d;
}
location /js/ {
expires 7d;
}
location /bower/ {
expires 7d;
}
location /images/ {
expires 7d;
}
location /fonts/ {
expires 31d;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
# Yii soll Aufrufe von nicht existierenden PHP-Dateien abfangen
set $fsn /$yii_bootstrap;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass hhvm_default;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
# PATH_INFO und PATH_TRANSLATED müssen nicht angegeben werden,
# sind aber in RFC 3875 für CGI definiert:
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
location ~ /\.ht {
deny all;
}
}