Want to subscribe to topics you're interested in?
Become a Member

Magento Anyone can help me Nginx's directives for Magento 2?

Discussion in 'Ecommerce / Shopping cart usage' started by Hai Pham, Sep 19, 2016.

  1. Hai Pham

    Hai Pham New Member

    7
    2
    3
    Sep 19, 2016
    Ratings:
    +3
    Local Time:
    10:12 AM
    1.11.4
    MariaDB 10
    Dear all,
    In the package of Magento 2, It has a file nginx.conf.example, I want to combine this file with default settings in #2 menu of Centminmod.
    Thank you in advanced.
    Have a nice day!

     
  2. eva2000

    eva2000 Administrator Staff Member

    55,223
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    1:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. Hai Pham

    Hai Pham New Member

    7
    2
    3
    Sep 19, 2016
    Ratings:
    +3
    Local Time:
    10:12 AM
    1.11.4
    MariaDB 10
    Thank you for your quick reply eva2000,
    This is the sample code in the nginx.conf.example. I just need SEO URL rewrite for Magento 2, but I think the sample is optimal for security and speed.
    Code:
    # Magento Vars
    # set $MAGE_ROOT /path/to/magento/root;
    # set $MAGE_MODE default; # or production or developer
    #
    # Example configuration:
    # upstream fastcgi_backend {
    #    # use tcp connection
    #    # server  127.0.0.1:9000;
    #    # or socket
    #    server   unix:/var/run/php5-fpm.sock;
    # }
    # server {
    #    listen 80;
    #    server_name mage.dev;
    #    set $MAGE_ROOT /var/www/magento2;
    #    set $MAGE_MODE developer;
    #    include /vagrant/magento2/nginx.conf.sample;
    # }
     
    root $MAGE_ROOT/pub;
     
    index index.php;
    autoindex off;
    charset off;
     
    add_header 'X-Content-Type-Options' 'nosniff';
    add_header 'X-XSS-Protection' '1; mode=block';
     
    location /setup {
        root $MAGE_ROOT;
        location ~ ^/setup/index.php {
            fastcgi_pass   fastcgi_backend;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
     
        location ~ ^/setup/(?!pub/). {
            deny all;
        }
     
        location ~ ^/setup/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }
     
    location /update {
        root $MAGE_ROOT;
     
        location ~ ^/update/index.php {
            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
            fastcgi_pass   fastcgi_backend;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO        $fastcgi_path_info;
            include        fastcgi_params;
        }
     
        # deny everything but index.php
        location ~ ^/update/(?!pub/). {
            deny all;
        }
     
        location ~ ^/update/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }
     
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
     
    location /pub {
        location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
            deny all;
        }
        alias $MAGE_ROOT/pub;
        add_header X-Frame-Options "SAMEORIGIN";
    }
     
    location /static/ {
        if ($MAGE_MODE = "production") {
            expires max;
        }
        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
     
            if (!-f $request_filename) {
                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
            }
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
     
            if (!-f $request_filename) {
               rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
            }
        }
        if (!-f $request_filename) {
            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }
     
    location /media/ {
        try_files $uri $uri/ /get.php?$args;
     
        location ~ ^/media/theme_customization/.*\.xml {
            deny all;
        }
     
        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
            try_files $uri $uri/ /get.php?$args;
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
            try_files $uri $uri/ /get.php?$args;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }
     
    location /media/customer/ {
        deny all;
    }
     
    location /media/downloadable/ {
        deny all;
    }
     
    location /media/import/ {
        deny all;
    }
     
    location ~ cron\.php {
        deny all;
    }
     
    location ~ (index|get|static|report|404|503)\.php$ {
        try_files $uri =404;
        fastcgi_pass   fastcgi_backend;
     
        fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
        fastcgi_param  PHP_VALUE "memory_limit=256M \n max_execution_time=600";
        fastcgi_read_timeout 600s;
        fastcgi_connect_timeout 600s;
        fastcgi_param  MAGE_MODE $MAGE_MODE;
     
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,223
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    1:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    let's see the default Centmin Mod 123.09beta01 nginx vhost generated to HTTP (non-HTTPS) for domain.com at /usr/local/nginx/conf/conf.d/domain.com.conf would look like this for starters.
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name domain.com;
    #            return 301 $scheme://www.domain.com$request_uri;
    #       }
    
    server {
     
      server_name domain.com www.domain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      root /home/nginx/domains/domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }

    For Magento 2 transposed settings first create a copy of Centmin Mod's default php.conf include file for magento named /usr/local/nginx/conf/php_magento.conf as you'll need it for your location context match for location ~ ^/update/index.php part
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_magento.conf

    Edit /usr/local/nginx/conf/php_magento.conf and comment out with hash # in front the line for fastcgi_split_path_info
    Code (Text):
    #fastcgi_split_path_info ^(.+?\.php)(/.*)$;

    Then the new /usr/local/nginx/conf/conf.d/domain.com.conf would look like below
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name domain.com;
    #            return 301 $scheme://www.domain.com$request_uri;
    #       }
    
    server {
     
      server_name domain.com www.domain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      set $MAGE_ROOT /home/nginx/domains/domain.com/public;
      set $MAGE_MODE default;
      charset off;
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      #include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      #root /home/nginx/domains/domain.com/public;
      root $MAGE_ROOT/pub;
    
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      #include /usr/local/nginx/conf/503include-main.conf;
    
    location /setup {
        root $MAGE_ROOT;
        location ~ ^/setup/index.php {
            include /usr/local/nginx/conf/php.conf;
        }
     
        location ~ ^/setup/(?!pub/). {
            deny all;
        }
     
        location ~ ^/setup/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }
     
    location /update {
        root $MAGE_ROOT;
     
        location ~ ^/update/index.php {
            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
            include /usr/local/nginx/conf/php_magento.conf;
        }
     
        # deny everything but index.php
        location ~ ^/update/(?!pub/). {
            deny all;
        }
     
        location ~ ^/update/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }
    
      location / {
      #include /usr/local/nginx/conf/503include-only.conf;
      # block common exploits, sql injections etc
      #include /usr/local/nginx/conf/block.conf;
    
      try_files $uri $uri/ /index.php?$args;
      }
    
    location /pub {
        location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
            deny all;
        }
        alias $MAGE_ROOT/pub;
        add_header X-Frame-Options "SAMEORIGIN";
    }
     
    location /static/ {
        if ($MAGE_MODE = "production") {
            expires max;
        }
        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
     
            if (!-f $request_filename) {
                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
            }
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
     
            if (!-f $request_filename) {
               rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
            }
        }
        if (!-f $request_filename) {
            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }
     
    location /media/ {
        try_files $uri $uri/ /get.php?$args;
     
        location ~ ^/media/theme_customization/.*\.xml {
            deny all;
        }
     
        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
            try_files $uri $uri/ /get.php?$args;
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
            try_files $uri $uri/ /get.php?$args;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }
     
    location /media/customer/ {
        deny all;
    }
     
    location /media/downloadable/ {
        deny all;
    }
     
    location /media/import/ {
        deny all;
    }
     
    location ~ cron\.php {
        deny all;
    }
     
    location ~ (index|get|static|report|404|503)\.php$ {
        fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
        fastcgi_param  PHP_VALUE "memory_limit=256M \n max_execution_time=600";
        fastcgi_param  MAGE_MODE $MAGE_MODE;
        include /usr/local/nginx/conf/php.conf;
    }
    
      #include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }

    Note
    • Untested and no support by me, but other members are welcome to help.
    • HTTPS/SSL is created in separate /usr/local/nginx/conf/conf.d/domain.com.ssl.conf vhost when you answer yes to self-signed ssl cert creation during centmin.sh menu option 2 runs. So with Magento over HTTPS, you would need to transpose the rewrites only to /usr/local/nginx/conf/conf.d/domain.com.ssl.conf and follow instructions as outlined for switching from self-signed SSL to paid/browser trusted SSL certificates + HTTP to HTTPS redirect instructions at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS
    • Not too familar with how MAGE_ROOT is set for Magento and for root $MAGE_ROOT/pub; so leave that for you to figure out.
    • All the example .php location matches for fastcgi php are replaced with Centmin Mod default include /usr/local/nginx/conf/php.conf file and include /usr/local/nginx/conf/php_magento.conf file to process php.
    • Commented out Centmin Mod default added /usr/local/nginx/conf/staticfiles.conf includes file as Magento rules seem to have taken care of static file serving in a particular way
      Code (Text):
      #include /usr/local/nginx/conf/staticfiles.conf;
    • Changed the top level root definition from Centmin Mod default (commented out) to Magento 2 method
      Code (Text):
        #root /home/nginx/domains/domain.com/public;
        root $MAGE_ROOT/pub;
      
      which is defined by set variable further up
      Code (Text):
      set $MAGE_ROOT /home/nginx/domains/domain.com/public;
     
    Last edited: Sep 19, 2016
  5. Hai Pham

    Hai Pham New Member

    7
    2
    3
    Sep 19, 2016
    Ratings:
    +3
    Local Time:
    10:12 AM
    1.11.4
    MariaDB 10
    Thank you very much eva2000. You are the best Linux System Admin I have ever seen. I will try and reply a feedback for your instruction.
     
  6. eva2000

    eva2000 Administrator Staff Member

    55,223
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    1:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You're welcome... basically it's just pattern matching between magento example and Centmin Mod Nginx vhost generated defaults :)
     
  7. Hai Pham

    Hai Pham New Member

    7
    2
    3
    Sep 19, 2016
    Ratings:
    +3
    Local Time:
    10:12 AM
    1.11.4
    MariaDB 10
    Dear Eva,
    Thank you for your editing, after installing I can not access admin, it said 404.
    I run nginx -t and receive 2 warning:
    Code:
    nginx: [warn] conflicting server name "vinahc.com" on 0.0.0.0:80, ignored
    nginx: [warn] conflicting server name "vinahc.com" on 0.0.0.0:443, ignored
    How do I resolve conflict? and access admin panel, the hompage also break. You can check via Home Page
    Thank you in advanced.
     
  8. Hai Pham

    Hai Pham New Member

    7
    2
    3
    Sep 19, 2016
    Ratings:
    +3
    Local Time:
    10:12 AM
    1.11.4
    MariaDB 10
    I have fixed nginx's warning. I have named Hostname same as the domain I used. The virtual.conf and phpadmin_ssl.conf have server_name Hostname, just change it to localhost.
     
  9. eva2000

    eva2000 Administrator Staff Member

    55,223
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    1:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  10. cloud9

    cloud9 Premium Member Premium Member

    435
    118
    43
    Oct 6, 2015
    England
    Ratings:
    +218
    Local Time:
    4:12 AM
    1.25.3
    10.6.x
    @Hai Pham See here and help support Centminmod (yep, Eva is great :))
     
  11. nqservices

    nqservices Member

    70
    14
    8
    Jun 17, 2016
    Ratings:
    +28
    Local Time:
    4:12 AM
    Hi @Hai Pham

    I will also start testing CentminMOD with Magento latest version 2.1.2. About the nginx setup described on this thread, is it working for you? Or did you make any changes?

    Do you mind telling me from your experience any special change or setting to change in CentminMOD in order to work perfect with Magento 2?

    Thanks
     
  12. Hai Pham

    Hai Pham New Member

    7
    2
    3
    Sep 19, 2016
    Ratings:
    +3
    Local Time:
    10:12 AM
    1.11.4
    MariaDB 10
    Dear nqservices,

    I setup Magento 2 with the configuration of eva2000, it works.
    I don't edit anything in the Nginx configuration file which is eva2000 gave to me.
     
  13. nqservices

    nqservices Member

    70
    14
    8
    Jun 17, 2016
    Ratings:
    +28
    Local Time:
    4:12 AM
    Hi @Hai Pham

    Thanks for the information. I will try that.

    Now in terms of Magento 2 performance, how is your store? Is it fast running with CentminMOD?

    Thanks