Nginx with Varnish as a proxy. Phantom Port 80
plutocrat
nginx-forum at forum.nginx.org
Fri Apr 1 05:38:01 UTC 2016
OK, was trying to keep the post relevant and succinct, but here goes with
the config. Its a newly set up server, so pretty much standard.
=============================
# cat nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
# required for letsencrypt verification
server {
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
}
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript
text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
===========================
nothing at all in ./conf.d/
===========================
> cat sites-enabled/default
# Default server configuration
#
server {
# handles anything going to numeric IP address.
listen 80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.php index.htm index.nginx-debian.html;
server_name localhost 16.17.18.19;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
=======================================================
$> cat sites-enabled/domain1.com.
server {
listen 80;
server_name www.domain1.com domain1.com;
root /home/user/domains/domain1.com/public_html/public;
access_log /home/user/domains/domain1.com/logs/access.log;
error_log /home/user/domains/domain1.com/logs/error.log;
index index.php index.html index.htm;
error_page 404 /404.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Pass PHP scripts to PHP-FPM
location ~ \.php$ {
try_files $uri =403;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm-user.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
# Enable browser cache for CSS / JS
location ~* \.(?:css|js)$ {
expires 2d;
add_header Pragma "public";
add_header Cache-Control "public";
add_header Vary "Accept-Encoding";
}
# Enable browser cache for static files
location ~*
\.(?:ico|jpg|jpeg|gif|png|bmp|webp|tiff|svg|svgz|pdf|mp3|flac|ogg|mid|midi|wav|mp4|webm|mkv|ogv|wmv|eot|otf|woff|ttf|rss|atom|zip|7z|tgz|gz|rar|bz2|tar|exe|doc|docx|xls|xlsx|ppt|pptx|rtf|odt|ods|odp)$
{
expires 5d;
add_header Pragma "public";
add_header Cache-Control "public";
}
# Prevent logging of favicon and robot request errors
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
}
server {
listen 443;
server_name www.domain1.com domain1.com;
root /home/user/domains/domain1.com/public_html;
access_log /home/user/domains/domain1.com/logs/access.log;
error_log /home/user/domains/domain1.com/logs/error.log;
index index.php index.html index.htm;
error_page 404 /404.html;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
error_page 404 /404.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Pass PHP scripts to PHP-FPM
location ~ \.php$ {
try_files $uri =403;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm-user.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
# Enable browser cache for CSS / JS
location ~* \.(?:css|js)$ {
expires 2d;
add_header Pragma "public";
add_header Cache-Control "public";
add_header Vary "Accept-Encoding";
}
# Enable browser cache for static files
location ~*
\.(?:ico|jpg|jpeg|gif|png|bmp|webp|tiff|svg|svgz|pdf|mp3|flac|ogg|mid|midi|wav|mp4|webm|mkv|ogv|wmv|eot|otf|woff|ttf|rss|atom|zip|7z|tgz|gz|rar|bz2|tar|exe|doc|docx|xls|xlsx|ppt|pptx|rtf|odt|ods|odp)$
{
expires 5d;
add_header Pragma "public";
add_header Cache-Control "public";
}
# Prevent logging of favicon and robot request errors
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
}
===========
There are three other domains in this directory, all created by copying and
editing the domain1 file. So nothing extra in there. You'll just have to
take my word for it that the listen directives are all the same.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,265791,265795#msg-265795
More information about the nginx
mailing list