-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-domain.conf
173 lines (145 loc) · 6.1 KB
/
nginx-domain.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
server {
listen 80;
server_name domain.ru;
server_name_in_redirect off;
#access_log /var/log/nginx/domain.ru.acces.log;
error_log /var/log/nginx/domain.ru.error.log;
client_max_body_size 1024M;
client_body_buffer_size 4M;
root /var/www/domain.ru;
index index.php;
set $frame_options '';
if ($http_referer !~ '^https?:\/\/([^\/]+\.)?(webvisor\.com)\/'){
set $frame_options 'SAMEORIGIN';
}
add_header X-Frame-Options $frame_options;
# Composit Bitrix
set $storedAuth "";
set $usecache "";
# check all conditions for enable composite
if ($http_bx_action_type = "") { set $usecache "A"; }
if ($request_method = "GET") { set $usecache "${usecache}B"; }
if ($cookie_BITRIX_SM_NCC = "") { set $usecache "${usecache}C"; }
#if ($http_x_forwarded_scheme !~ "https") { set $usecache "${usecache}D"; }
set $usecache "${usecache}D";
if ($http_accept_encoding ~* "deflate") { set $usecache "${usecache}E"; }
# IE9 and above exclude
modern_browser_value "modern";
modern_browser msie 10.0;
modern_browser unlisted;
if ($modern_browser) {
set $usecache "${usecache}F";
}
# check user auth
if ($cookie_BITRIX_SM_LOGIN != "") { set $storedAuth "A"; }
if ($cookie_BITRIX_SM_UIDH != "") { set $storedAuth "${storedAuth}B"; }
if ($cookie_BITRIX_SM_CC != "Y") { set $storedAuth "${storedAuth}C"; }
if ($storedAuth !~ "ABC") { set $usecache "${usecache}G"; }
set $php_sock unix:/var/run/php-fpm/php-fpm.sock;
location / {
try_files $uri $uri/ @bitrix;
}
location ~* /upload/.*\.(php|php3|php4|php5|php6|phtml|pl|asp|aspx|cgi|dll|exe|shtm|shtml|fcg|fcgi|fpl|asmx|pht|py|psp|rb|var)$ {
types {
text/plain text/plain php php3 php4 php5 php6 phtml pl asp aspx cgi dll exe ico shtm shtml fcg fcgi fpl asmx pht py psp rb var;
}
}
location ~ \.php$ {
try_files $uri @bitrix;
fastcgi_pass $php_sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = msmtp -t -i";
include fastcgi_params;
}
location @bitrix {
fastcgi_pass $php_sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = msmtp -t -i";
}
location ~* /bitrix/admin.+\.php$ {
try_files $uri @bitrixadm;
fastcgi_pass $php_sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = msmtp -t -i";
include fastcgi_params;
}
location @bitrixadm{
fastcgi_pass $php_sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/bitrix/admin/404.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = msmtp -t -i";
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
#
# block this locations for any installation
#
# ht(passwd|access)
location ~* /\.ht { deny all; }
# repositories
location ~* /\.(svn|hg|git) { deny all; }
# bitrix internal locations
location ~* ^/bitrix/(modules|local_cache|stack_cache|managed_cache|php_interface) {
deny all;
}
# upload files
location ~* ^/upload/1c_[^/]+/ { deny all; }
# use the file system to access files outside the site (cache)
location ~* /\.\./ { deny all; }
location ~* ^/bitrix/html_pages/\.config\.php { deny all; }
location ~* ^/bitrix/html_pages/\.enabled { deny all; }
# Intenal locations
location ^~ /upload/support/not_image { internal; }
# Cache location: composite and general site
location ~* @.*\.html$ {
internal;
# disable browser cache, php manage file
expires -1y;
add_header X-Bitrix-Composite "Nginx (file)";
}
# Player options, disable no-sniff
location ~* ^/bitrix/components/bitrix/player/mediaplayer/player$ {
add_header Access-Control-Allow-Origin *;
}
# Accept access for merged css and js
location ~* ^/bitrix/cache/(css/.+\.css|js/.+\.js)$ {
expires 30d;
error_page 404 /404.html;
}
# Disable access for other assets in cache location
location ~* ^/bitrix/cache { deny all; }
# Use nginx to return static content from s3 cloud storage
# /upload/bx_cloud_upload/<schema>.<backet_name>.<s3_point>.amazonaws.com/<path/to/file>
location ^~ /upload/bx_cloud_upload/ {
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:]+)\.(s3|s3-us-west-1|s3-eu-west-1|s3-ap-southeast-1|s3-ap-northeast-1)\.amazonaws\.com/(.+)$ {
internal;
resolver 8.8.8.8;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
#proxy_max_temp_file_size 0;
proxy_pass $1://$2.$3.amazonaws.com/$4;
}
location ~* .*$ { deny all; }
}
# Static content
location ~* ^/(upload|bitrix/images|bitrix/tmp) {
expires 30d;
}
location ~* \.(css|js|gif|png|jpg|jpeg|ico|ogg|ttf|woff|eot|otf)$ {
error_page 404 /404.html;
expires 30d;
}
location = /404.html {
access_log off ;
}
}