Page tree
Skip to end of metadata
Go to start of metadata

Global configuration

 

The default config file is “/etc/nginx/nginx.conf” which achieves the main task of including more config files in “/etc/nginx/conf.d/”. This example has a few other common sense additions and serves as a handy reference.

user              nginx;
worker_processes  1;
error_log         /var/log/nginx/error.log;
pid               /var/run/nginx.pid;
 
events {
    worker_connections  1024;
}
 
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request "'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
 
    sendfile        on;
    autoindex off;
    map $scheme $fastcgi_https { ## Detect when HTTPS is used
        default off;
        https on;
    }
 
    keepalive_timeout  10;
 
    gzip  on;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_types      text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
    # Load config files from the /etc/nginx/conf.d directory
    include /etc/nginx/conf.d/*.conf;
 
} 

Individual sites

 

For each site with it’s own domain (in the examples will be called DOMAIN) create a file “/etc/nginx/conf.d/DOMAIN.conf” and copy the following into it.

server {
    listen 80;
    server_name DOMAIN.com;
    rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www
}
 
server {
    listen 80 default;
## SSL directives might go here
    server_name www.DOMAIN.com *.DOMAIN.com; ## Domain is here twice so server_name_in_redirect will favour the www
    root /var/www/vhosts/DOMAIN.com;
 
    location / {
        index index.html index.php; ## Allow a static html file to be shown first
        try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
        expires 30d; ## Assume all files are cachable
    }
 
    ## These locations would be hidden by .htaccess normally
    location ^~ /app/                { deny all; }
    location ^~ /includes/           { deny all; }
    location ^~ /lib/                { deny all; }
    location ^~ /media/downloadable/ { deny all; }
    location ^~ /pkginfo/            { deny all; }
    location ^~ /report/config.xml   { deny all; }
    location ^~ /var/                { deny all; }
 
    location /var/export/ { ## Allow admins only to view export folder
        auth_basic           "Restricted"; ## Message shown in login window
        auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
        autoindex            on;
    }
 
    location  /. { ## Disable .htaccess and other hidden files
        return 404;
    }
 
    location @handler { ## Magento uses a common front handler
        rewrite / /index.php;
    }
 
    location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
        rewrite ^(.*.php)/ $1 last;
    }
 
    location ~ .php$ { ## Execute PHP scripts
        if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
 
        expires        off; ## Do not cache dynamic content
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_param  HTTPS $fastcgi_https;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
        fastcgi_param  MAGE_RUN_TYPE store;
        include        fastcgi_params; ## See /etc/nginx/fastcgi_params
    }
}

 

    location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler

        rewrite ^(.*.php)/ $1 last;

    }

 

    location ~ .php$ { ## Execute PHP scripts

        if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss

 

        expires        off; ## Do not cache dynamic content

        fastcgi_pass   127.0.0.1:9000;

        fastcgi_param  HTTPS $fastcgi_https;

        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        fastcgi_param  MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores

        fastcgi_param  MAGE_RUN_TYPE store;

        include        fastcgi_params; ## See /etc/nginx/fastcgi_params

    }

}
  • Check carefully for all instances of DOMAIN and replace with your site’s domain.
  • Check all path names are appropriate for your server, especially the “root” directive on line #11.
  • A file is included, “/etc/nginx/fastcgi_params”. It is installed by many distros automatically and removes many headaches, if your server doesn’t have it get a copy from somewhere.
  • The “MAGE_RUN_CODE” and “MAGE_RUN_TYPE” are for multi-store installations, each DOMAIN that represents a store should have that store code instead of “default” (line #53).
  • A password is made available for the “/var/export/” directory. To set up the password for a given USERNAME enter the following command in a terminal.
    htpasswd -c /etc/nginx/htpasswd USERNAME

 

Test the configuration after every change, instead of restarting the server you usually only need to do;

service nginx reload

SSL Certificates

 

You will need to check the version on your server, through a terminal type this

nginx -v

and make a note of it.

Versions earlier than 0.7.14

For each DOMAIN find this on line #8:

listen 80 default;

and replace with this:

listen 443;
ssl on;
ssl_certificate     /etc/nginx/conf.d/DOMAIN.crt;
ssl_certificate_key /etc/nginx/conf.d/DOMAIN.key;

Place the “DOMAIN.crt” and “DOMAIN.key” files issued by the certificate authority in “/etc/nginx/conf.d/”.

Versions 0.7.14 and newer

At around line #9 insert the following:

listen 443 default ssl;
ssl_certificate     /etc/nginx/conf.d/DOMAIN.crt;
ssl_certificate_key /etc/nginx/conf.d/DOMAIN.key;

Place the “DOMAIN.crt” and “DOMAIN.key” files issued by the certificate authority in “/etc/nginx/conf.d/”.

Fooman Speedster

 

If you plan on using Fooman Speedster you’ll need to add the following to the server block.

    rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
    rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;

    location /lib/minify/ {
        allow all;
    }

 

 

  • No labels