Welcome to Centmin Mod Community
Register Now

Magento Updated Magento 2 Nginx Directives for Magento 2.15

Discussion in 'Ecommerce / Shopping cart usage' started by ljseals, Mar 29, 2017.

  1. ljseals

    ljseals Member

    84
    19
    8
    Dec 20, 2016
    Ratings:
    +37
    Local Time:
    1:37 AM
    Greetings, I have tried to use Magento 2 and the backend admin screen was incredibly slow also it was glitching so after praying and asking for the Lord's help I was able to get a very fast magento 2 based site on Centmin Mod. Please keep in mind this is only a draft as I have not fully tested the configuration file. However, these nginx directives are based on Magento's nginx directives here. magento2/nginx.conf.sample at develop · magento/magento2 · GitHub T

    Using Eva2000's directives at https://community.centminmod.com/posts/36491/ I was able to pattern match the below configuration file.

    For Magento 2 transposed settings first create a copy of Centmin Mod's default php.conf include file for magento named /usr/local/nginx/conf/php_magento.conf as you'll need it for your location context match for location ~ ^/update/index.php part

    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_magento.conf
    


    Edit /usr/local/nginx/conf/php_magento.conf and comment out with hash # in front the line for fastcgi_split_path_info

    Code (Text):
    #fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    


    Then the new /usr/local/nginx/conf/conf.d/domain.com.conf would look like below

    Code (Text):
    server {
      server_name domain.com www.domain.com  domain.com ;
      return 302 https://domain.com$request_uri;
    }
    # https SSL SPDY vhost
    server {
            listen 443 ssl http2;
                server_name domain.com www.domain.com;
            ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
            ssl_certificate /usr/local/nginx/conf/ssl/domain.com/ssl-unified.crt;
            ssl_certificate_key /usr/local/nginx/conf/ssl/domain.com/onthecheap_store.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
            ssl_prefer_server_ciphers on;
            add_header Alternate-Protocol 443:npn-spdy/3;
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
            add_header X-Content-Type-Options "nosniff";
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Xss-Protection "1; mode=block" always;
            #add_header Content-Security-Policy upgrade-insecure-requests;
                    
            # nginx 1.5.9+ or higher
            # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
            # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
            # spdy_headers_comp 0;
            # ssl_buffer_size 4k;
            
                 # enable ocsp stapling
            resolver 8.8.8.8;
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/ssl-trusted.crt;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=32k;
      error_log /home/nginx/domains/domain.com/log/error.log;
      #include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      #root /home/nginx/domains/domain.com/public;
      set $MAGE_ROOT /home/nginx/domains/domain.com/public;
    
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      #include /usr/local/nginx/conf/503include-main.conf;
      
      # ngx_pagespeed & ngx_pagespeed handler
      #include /usr/local/nginx/conf/pagespeed.conf;
      #include /usr/local/nginx/conf/pagespeedhandler.conf;
      #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
     ## Example configuration:
    # upstream fastcgi_backend {
    #    # use tcp connection
    #    # server  127.0.0.1:9000;
    #    # or socket
    #    server   unix:/var/run/php5-fpm.sock;
    #    server   unix:/var/run/php/php7.0-fpm.sock;
    # }
    # server {
    #    listen 80;
    #    server_name mage.dev;
    #    set $MAGE_ROOT /var/www/magento2;
    #    include /vagrant/magento2/nginx.conf.sample;
    # }
    #
    ## Optional override of deployment mode. We recommend you use the
    ## command 'bin/magento deploy:mode:set' to switch modes instead.
    ##
    ## set $MAGE_MODE default; # or production or developer
    ##
    ## If you set MAGE_MODE in server config, you must pass the variable into the
    ## PHP entry point blocks, which are indicated below. You can pass
    ## it in using:
    ##
    ## fastcgi_param  MAGE_MODE $MAGE_MODE;
    ##
    ## In production mode, you should uncomment the 'expires' directive in the /static/ location block
    
    root $MAGE_ROOT/pub;
    
    index index.php;
    autoindex off;
    charset UTF-8;
    error_page 404 403 = /errors/404.php;
    #add_header "X-UA-Compatible" "IE=Edge";
    
    # PHP entry point for setup application
    location ~* ^/setup($|/) {
        root $MAGE_ROOT;
        location ~ ^/setup/index.php {
            include /usr/local/nginx/conf/php.conf;
        }
    
        location ~ ^/setup/(?!pub/). {
            deny all;
        }
    
        location ~ ^/setup/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }
    
    # PHP entry point for update application
    location ~* ^/update($|/) {
        root $MAGE_ROOT;
    
        location ~ ^/update/index.php {
            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
            include /usr/local/nginx/conf/php_magento.conf;
        }
    
        # Deny everything but index.php
        location ~ ^/update/(?!pub/). {
            deny all;
        }
    
        location ~ ^/update/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }
    
    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
    
    location /pub/ {
        location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
            deny all;
        }
        alias $MAGE_ROOT/pub/;
        add_header X-Frame-Options "SAMEORIGIN";
    }
    
    location /static/ {
        # Uncomment the following line in production mode
        expires max;
    
        # Remove signature of the static files that is used to overcome the browser cache
        location ~ ^/static/version {
            rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
        }
    
        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
    
            if (!-f $request_filename) {
                rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
            }
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
    
            if (!-f $request_filename) {
               rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
            }
        }
        if (!-f $request_filename) {
            rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }
    
    location /media/ {
        try_files $uri $uri/ /get.php$is_args$args;
    
        location ~ ^/media/theme_customization/.*\.xml {
            deny all;
        }
    
        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
            try_files $uri $uri/ /get.php$is_args$args;
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
            try_files $uri $uri/ /get.php$is_args$args;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }
    
    location /media/customer/ {
        deny all;
    }
    
    location /media/downloadable/ {
        deny all;
    }
    
    location /media/import/ {
        deny all;
    }
    
    # PHP entry point for main application
    location ~ (index|get|static|report|404|503)\.php$ {
        try_files $uri =404;
        #fastcgi_pass   fastcgi_backend;
        fastcgi_buffers 1024 4k;
    
        fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
        fastcgi_param  PHP_VALUE "memory_limit=4096M \n max_execution_time=18000";
        fastcgi_read_timeout 600s;
        fastcgi_connect_timeout 600s;
    
        include /usr/local/nginx/conf/php.conf;
    }
    
    gzip on;
    gzip_disable "msie6";
    
    gzip_comp_level 6;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/xml+rss
        image/svg+xml;
    gzip_vary on;
    
    # Banned locations (only reached if the earlier PHP entry point regexes don't match)
    location ~* (\.php$|\.htaccess$|\.git) {
        deny all;
    }
     
      #include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }


    I have used 4096MB at this location in the file you may change it to a value that you like; however, I believe that you will need at least 2 GB of ram not to have any problems.

    Code (Text):
        fastcgi_param  PHP_VALUE "memory_limit=4096M \n max_execution_time=18000";


    Also please keep in mind that this vhost configuration is based on a paid SSL cert. You can easily change it by copying and pasting in the appropriate areas. God bless you!
     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    @ljseals very nice thanks for sharing and great to see Centmin Mod users starting to share their own usage guides - particularly for Magento 2 as I never used Magento myself.
     
    • Like Like x 1