Get the most out of your Centmin Mod LEMP stack
Become a Member

Xenforo Fastcgi cache configuration for Xenforo?

Discussion in 'Forum software usage' started by Everlind, Jun 17, 2014.

  1. Everlind

    Everlind New Member

    15
    4
    3
    Jun 3, 2014
    Ratings:
    +4
    Local Time:
    5:53 AM
    1.7.1
    /
    Hello George,

    are you using nginx fastcgi cache for guest user on Xenforo?

    Is possible has an example of configuration?


    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,883
    12,161
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,713
    Local Time:
    2:53 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Not using fastcgi_cache for Xenforo here so no example configuration.

    To properly use fastcgi_cache for Xenforo, you need to be able to add a custom session cookie by modifying Xenforo code so that fastcgi_cache can differentiate between a logged in and logged out user properly. Don't know enough about Xenforo as yet to even know where to begin.
     
  3. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    I think @Floren already did this.
     
  4. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    I hope someone can make this work :oops:
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,883
    12,161
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,713
    Local Time:
    2:53 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah I don't know enough about Xenforo still (adding additional logged in user cookie etc) for fastcgi_cache. One day maybe heh.
     
  6. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    I hope @Floren will share his experience about this.
     
  7. Floren

    Floren Active Member

    148
    77
    28
    Jun 6, 2014
    Ratings:
    +77
    Local Time:
    11:53 PM
    @RoldanLT, I simply used the information available on Nginx documentation. You know me well, I will not spoon feed. Please take the time and read the fastcgi_cache documentation to understand how it works. That is the proper way to learn Nginx not to copy blindly configurations without understanding what they do.. Why do you think the Internet is full of insane guides? Because all people do is copy blindly things, assuming is proper.

    Take a look at this perfect example. Do you understand what I mean? Remember the things you learned about the php-fpm servers today? All this was explained into their documentation, it sufficed you read about it so you understand what each option does. After I explained everything to you, it was clear and you finally were able to tailor properly the pm settings based on your needs. All you have to do is the same for the Nginx cache, which is extremely simple to set with no code modifications. That is the main reason I refuse to spoon feed the info.

    Another point: you tag me all over different forums but you don't even bother to open a thread on AXIVO site, where the actual question should be asked... and you expect me to navigate through a bunch of threads just to feed you copy/paste style the info? I don't understand why you need my help. Anyways, now you know my answer.
     
    Last edited: Aug 5, 2014
  8. eva2000

    eva2000 Administrator Staff Member

    53,883
    12,161
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,713
    Local Time:
    2:53 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Well @Floren learning by imitation or by example is a valid form of learning to start with as not everyone has the same life/coding/system admin experience to draw from to internally register foreign or new concepts when reading manuals and documentation. All university courses follow the same approach nearly - learning by example with theory applied to reinforce learning. Same with learning to drive a car. What you're suggesting is equivalent to university courses just handing a student the text book or manual and for them to read themselves without any provided examples.Or a new learner driver just being handed the manuals to a car and the road rules without any hands on driving instruction.

    Providing concrete examples and sample setup allows those folks with varying life experience to better internally register the new concepts or instructions outlined in manuals/documentation when they use both together (manuals/docs + specific samples/examples). Then through reinforcement and ones own experience with examples (whether incorrect or not) the person becomes more familiar and once they have read the documentation/manuals, they will be better equipped to differentiate between what is correct or incorrect in examples or setups. Learning from ones' mistakes or incorrect assumptions (or incorrect examples), is also another way of learning which actually better reinforces the correct concept as opposed to just learning or trying to learn the correct but foreign/new concept.

    Look at DigitalOcean's tutorial community aggregated repository of knowledge - while not all tutorials are 100% correct, it provides that first part of learning by example to help new folks internally register new or foreign concepts first. Then if the person is more inclined they'd dig into the manual and documentation which would either reinforce the correct info from the tutorial or refute that incorrect info = person learns :)

    Of course everyone has a different learning method. But for majority of folks, it learning by example is most common as a starting point to anything new :)

    But yes I understand what you're saying, in most cases folks will just take the example and NOT bother with the theory or manual. It's finding the balance between the two (learning by example and learning the theory).
     
  9. Floren

    Floren Active Member

    148
    77
    28
    Jun 6, 2014
    Ratings:
    +77
    Local Time:
    11:53 PM
    @eva2000, as I explained previously on other forums, Nginx is very complex. People think is just like Apache, you just install it and works. The learning curve in Nginx is high, but the benefits are tremendous. That's the main reason why I encourage everyone to read the documentation, is the ONLY safe way not to ruin your server. It also helps the Open Source community, since more people become knowledgeable. The goal in all this is not be a copy/paster, but rather a logical learner.

    That is the part I disapprove in Centminmod, you put an enormous amount of time on your scripts to make it a one click install. I recommend you to start posting more basic tutorials (you already do this this, which is great) and let the users deal with more advanced tweaks, instead of doing it all for them. It will certainly help everyone and your community will flourish, instead of you being the titan doing all heavy lifting.

    Do like I do at AXIVO, give them the advanced tools and let them learn at their own pace. The benefits are tremendous. The perfect example is Elasticsearch, I built an RPM based on RHEL standards and many people switched to it, instead of using the official RPM. I get very little forum questions because people understood they need to hit the documentation, in order to learn the rest. Yet, the number of downloads reflects at what point people find it beneficial.
     
    Last edited: Aug 5, 2014
  10. eva2000

    eva2000 Administrator Staff Member

    53,883
    12,161
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,713
    Local Time:
    2:53 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah the learning curve for Nginx high (probably why still Apache has dominant market share) hence why specific examples complimenting theory is required and one of motivations for creating Centmin Mod as well in lowering the entry level into using Nginx. Also Centmin Mod was originally just for me wanting to automate stuff I'd do manually for specific configurations (still is my biggest motivation for all the work = my own use). This automation would be more important once jailed user, Facebook HHVM and Apache 2.4/PHP-FPM and OpenLiteSpeed+LSAPI PHP is added (i.e. adding domain once via menu will populate vhosts for Nginx, Apache and OpenLiteSpeed all at same time so you can switch between web servers at will).
     
    Last edited: Aug 5, 2014
  11. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    11:53 AM
    1.7.2
    Percona 5.6
    my configuration fastcgi cache working .
    Centminmod vhost xenforo
    Code:
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=fastcgicache:10m inactive=10m max_size=100m;
    fastcgi_cache_key $scheme$request_method$host$request_uri;
    fastcgi_cache_lock on;
    fastcgi_cache_use_stale error timeout invalid_header updating http_500;
    fastcgi_cache_valid 5m;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
    ##
    #log_format cache '$remote_addr - $remote_user [$time_local]  '
    #                  '"$request" $status $body_bytes_sent '
    #                  '"$http_referer" "$http_user_agent" nocache:$no_cache '
    #                  '$upstream_cache_status';
    #map $http_user_agent $is_mobile {
    #   default 0;
    #    ~*android|ip(hone|od)|windows\s+(?:ce|phone) 1;
    #   ~*symbian|sonyericsson|samsung|lg|blackberry 1;
    #    ~*Googlebot|Google|Adsense|bingbot|Googlebot-Mobile 1;
    #    ~*mobile 1;
    #}
    
    Code:
    server {
    [ .........]
    
    set $no_cache 0;
    if ($request_method = POST) {
    set $no_cache 1;
    }
    if ($http_cookie ~* (xf_session_admin|xf_user|xf_user_admin)) {  # xf_style_id=2|xf_style_id=3|more .....
    set $no_cache 1;
    }
    if ($request_uri ~* "/admin.php|/login/|/account/|/conversations/|/misc/|/online/") {   #  more .....
    set $no_cache 1;
    }
    
    [ .........]
    
    
    include /usr/local/nginx/conf/php.conf;
    
    [ .........]
    
    }
    php.conf , add above "}"
    Code:
    
    
    fastcgi_cache fastcgicache;
    fastcgi_cache_bypass $no_cache; # $is_mobile
    fastcgi_no_cache $no_cache; # $is_mobile
    fastcgi_cache_valid  200 302 2m;
    fastcgi_cache_valid  301 1h;
    fastcgi_cache_valid 404 1m;
    fastcgi_cache_valid  any 2m;
    #proxy_cache_min_uses 3; # cached only after 3 occurrences of the same request and held for 2 minute
    #add_header X-Cached $upstream_cache_status;
    not recommend running in a production environment :)
     
    Last edited: Sep 4, 2014
  12. eva2000

    eva2000 Administrator Staff Member

    53,883
    12,161
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,713
    Local Time:
    2:53 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nice.. are you using ngx_pagespeed with it or ngx_pagespeed disabled ?
     
  13. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    11:53 AM
    1.7.2
    Percona 5.6
    Yes , I using ngx_pagespeed enable with it
     
  14. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    Seriously ? You share it :D
    Now applying it on my Live Forum.
    I love to try things directly into my Forum :D

    Thanks a lot!
     
  15. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    11:53 AM
    1.7.2
    Percona 5.6
    Seriously, for sure. I tested 3 days on my forum
     
  16. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    Do you have BDCache addon installed also?
     
  17. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    11:53 AM
    1.7.2
    Percona 5.6
    No! I do not using addon BDCache
     
  18. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    It's like fastcgi_cache that you don't have to configure things :D
    Perfect addon.
     
  19. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    12:53 PM
    Mainline
    10.2
    @hungphutho I have to create this directory manually right?
    /var/cache/nginx
    and chmod 777?

    and put this at the very bottom of my domain config?
    Code:
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=fastcgicache:10m inactive=10m max_size=100m;
    fastcgi_cache_key $scheme$request_method$host$request_uri;
    fastcgi_cache_lock on;
    fastcgi_cache_use_stale error timeout invalid_header updating http_500;
    fastcgi_cache_valid 5m;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
    
    My domain config right now:
    Code:
    server {
            listen 80;
            server_name domain.net www.domain.net;
            return 301 https://www.domain.net$request_uri;
    }
    
    server {
            listen 443 ssl spdy;
            server_name domain.net;
        keepalive_timeout  70;
            return 301 https://www.domain.net$request_uri;
    
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Content-Type-Options "nosniff";
        add_header Alternate-Protocol 443:npn-spdy/3;
       
            ssl_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/rapidssl/www_domain_net.key;
       
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 4h;
        spdy_headers_comp 5;
        ssl_buffer_size 4k;
        ssl_session_tickets on;
    
        resolver 8.8.8.8 8.8.4.4 valid=900s;
        resolver_timeout 10s;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-trusted.crt;
       
    }
    
    server {
            listen 443 ssl spdy;
            server_name www.domain.net;
        keepalive_timeout  70;
    
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Content-Type-Options "nosniff";
        add_header Alternate-Protocol 443:npn-spdy/3;
           
        ssl_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/rapidssl/www_domain_net.key;
       
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
            ssl_session_timeout 4h;
        spdy_headers_comp 5;
        ssl_buffer_size 4k;
        ssl_session_tickets on;
    
        resolver 8.8.8.8 8.8.4.4 valid=900s;
        resolver_timeout 10s;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-trusted.crt;
    
        # ngx_pagespeed & ngx_pagespeed handler
        include /usr/local/nginx/conf/pagespeed.conf;
        include /usr/local/nginx/conf/pagespeedhandler.conf;
        include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
            access_log off;
        log_not_found off;
        error_log /home/nginx/domains/domain.net/log/error.log;
        root /home/nginx/domains/domain.net/public;
    
        # Redirect for maintenance
        #location / {
        #rewrite ^ https://www.facebook.com/www.domain.net;
    
        ### Start Xenforo
        location / {
       
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$uri&$args;
            }
    
        location /internal_data/ {
            internal;
            allow 127.0.0.1;
            deny all;
            }
    
            location /library/ {
            internal;
            allow 127.0.0.1;
            deny all;
            }
        ### End Xenforo
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
    }
    So my domain config would be.
    Code:
    server {
            listen 80;
            server_name domain.net www.domain.net;
            return 301 https://www.domain.net$request_uri;
    }
    
    server {
            listen 443 ssl spdy;
            server_name domain.net;
        keepalive_timeout  70;
            return 301 https://www.domain.net$request_uri;
    
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Content-Type-Options "nosniff";
        add_header Alternate-Protocol 443:npn-spdy/3;
       
            ssl_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/rapidssl/www_domain_net.key;
       
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 4h;
        spdy_headers_comp 5;
        ssl_buffer_size 4k;
        ssl_session_tickets on;
    
        resolver 8.8.8.8 8.8.4.4 valid=900s;
        resolver_timeout 10s;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-trusted.crt;
       
    }
    
    server {
            listen 443 ssl spdy;
            server_name www.domain.net;
        keepalive_timeout  70;
    
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Content-Type-Options "nosniff";
        add_header Alternate-Protocol 443:npn-spdy/3;
           
        ssl_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/rapidssl/www_domain_net.key;
       
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
            ssl_session_timeout 4h;
        spdy_headers_comp 5;
        ssl_buffer_size 4k;
        ssl_session_tickets on;
    
        resolver 8.8.8.8 8.8.4.4 valid=900s;
        resolver_timeout 10s;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-trusted.crt;
    
        # ngx_pagespeed & ngx_pagespeed handler
        include /usr/local/nginx/conf/pagespeed.conf;
        include /usr/local/nginx/conf/pagespeedhandler.conf;
        include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
            access_log off;
        log_not_found off;
        error_log /home/nginx/domains/domain.net/log/error.log;
        root /home/nginx/domains/domain.net/public;
    
        # Redirect for maintenance
        #location / {
        #rewrite ^ https://www.facebook.com/www.domain.net;
    
        ### Start Xenforo
        location / {
       
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$uri&$args;
            }
    
        location /internal_data/ {
            internal;
            allow 127.0.0.1;
            deny all;
            }
    
            location /library/ {
            internal;
            allow 127.0.0.1;
            deny all;
            }
        ### End Xenforo
    
    ### fastCgi
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=fastcgicache:10m inactive=10m max_size=100m;
    fastcgi_cache_key $scheme$request_method$host$request_uri;
    fastcgi_cache_lock on;
    fastcgi_cache_use_stale error timeout invalid_header updating http_500;
    fastcgi_cache_valid 5m;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
    
    
    set $no_cache 0;
    if ($request_method = POST) {
    set $no_cache 1;
    }
    if ($http_cookie ~* (xf_session_admin|xf_user|xf_user_admin)) { 
    set $no_cache 1;
    }
    if ($request_uri ~* "/admin.php|/login/|/account/|/conversations/|/misc/|/online/") {
    set $no_cache 1;
    }
    ### fastCgi end
    
    include /usr/local/nginx/conf/staticfiles.conf;  
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
    }
    And my php.conf would be
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    #sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors on;
    
    # next 3 lines when uncommented / enabled
    # pallow Nginx to handle uploads which then
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
    ### FastCgi
    fastcgi_cache fastcgicache;
    fastcgi_cache_bypass $no_cache; # $is_mobile
    fastcgi_no_cache $no_cache; # $is_mobile
    fastcgi_cache_valid  200 302 2m;
    fastcgi_cache_valid  301 1h;
    fastcgi_cache_valid 404 1m;
    fastcgi_cache_valid  any 2m;
    ### FastCgi End
                       }
    Please advice, Thanks!
     
  20. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    11:53 AM
    1.7.2
    Percona 5.6
    Full
    Code:
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=fastcgicache:10m inactive=10m max_size=100m;
    fastcgi_cache_key $scheme$request_method$host$request_uri;
    fastcgi_cache_lock on;
    fastcgi_cache_use_stale error timeout invalid_header updating http_500;
    fastcgi_cache_valid 5m;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
    server {
            listen 80;
            server_name domain.net www.domain.net;
            return 301 https://www.domain.net$request_uri;
    }
    
    server {
            listen 443 ssl spdy;
            server_name domain.net;
        keepalive_timeout  70;
            return 301 https://www.domain.net$request_uri;
    
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Content-Type-Options "nosniff";
        add_header Alternate-Protocol 443:npn-spdy/3;
      
            ssl_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/rapidssl/www_domain_net.key;
      
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 4h;
        spdy_headers_comp 5;
        ssl_buffer_size 4k;
        ssl_session_tickets on;
    
        resolver 8.8.8.8 8.8.4.4 valid=900s;
        resolver_timeout 10s;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-trusted.crt;
      
    }
    
    server {
            listen 443 ssl spdy;
            server_name www.domain.net;
        keepalive_timeout  70;
    
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Content-Type-Options "nosniff";
        add_header Alternate-Protocol 443:npn-spdy/3;
          
        ssl_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-unified.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/rapidssl/www_domain_net.key;
      
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:50m;
            ssl_session_timeout 4h;
        spdy_headers_comp 5;
        ssl_buffer_size 4k;
        ssl_session_tickets on;
    
        resolver 8.8.8.8 8.8.4.4 valid=900s;
        resolver_timeout 10s;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/rapidssl/ssl-trusted.crt;
    
        # ngx_pagespeed & ngx_pagespeed handler
        include /usr/local/nginx/conf/pagespeed.conf;
        include /usr/local/nginx/conf/pagespeedhandler.conf;
        include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
            access_log off;
        log_not_found off;
        error_log /home/nginx/domains/domain.net/log/error.log;
        root /home/nginx/domains/domain.net/public;
    
        # Redirect for maintenance
        #location / {
        #rewrite ^ https://www.facebook.com/www.domain.net;
        ### fastCgi cache
        set $no_cache 0;
        if ($request_method = POST) {
        set $no_cache 1;
        }
        if ($http_cookie ~* (xf_session_admin|xf_user|xf_user_admin)) {
        set $no_cache 1;
        }
        if ($request_uri ~* "/admin.php|/login/|/account/|/conversations/|/misc/|/online/") {
        set $no_cache 1;
        }
        ### fastCgi end
        ### Start Xenforo
        location / {
      
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$uri&$args;
            }
    
        location /internal_data/ {
            internal;
            allow 127.0.0.1;
            deny all;
            }
    
            location /library/ {
            internal;
            allow 127.0.0.1;
            deny all;
            }
        ### End Xenforo
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
    }
    php.conf ok :)
    folder /var/cache /nginx will automatically be made when you restart nginx