Welcome to Centmin Mod Community
Register Now

Wanderful Centminmod setup. works on Drupal 7 and 8

Discussion in 'Introductions' started by VinCent, Feb 21, 2016.

  1. VinCent

    VinCent New Member

    3
    3
    3
    Feb 8, 2016
    Ratings:
    +3
    Local Time:
    12:26 AM
    1.9
    5
    Put directives in /usr/local/nginx/conf/conf.d/EXAMPLE.COM.conf
    In my case is local installation for d7.local domain. Config for Drupal 7:

    # Centmin Mod Getting Started Guide
    #server {
    # listen 80;
    # server_name d7.local;
    # return 301 $scheme://www.d7.local$request_uri;
    # }

    server {
    server_name d7.local www.d7.local;

    access_log /home/nginx/domains/d7.local/log/access.log combined buffer=256k flush=60m;
    error_log /home/nginx/domains/d7.local/log/error.log;

    root /home/nginx/domains/d7.local/public;

    # prevent access to ./directories and files
    location ~ (?:^|/)\. {
    deny all;
    }

    location / {

    # This is added - our primary location block.

    index index.php;
    try_files $uri $uri/ @rewrite;
    expires max;
    }

    # This matters if you use drush
    location = /backup {
    deny all;
    }
    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
    allow 127.0.0.1;
    deny all;
    }

    # This location block protects against a known attack.
    location ~ \..*/.*\.php$ {
    return 403;
    }

    # This will rewrite our request from domain.com/node/1/ to domain.com/index.php?q=node/1

    location @rewrite {
    rewrite ^/(.*)$ /index.php?q=$1;
    }

    And Below is a Drupal 8 config:

    # Centmin Mod Getting Started Guide
    # must read Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS

    server {
    server_name d8.local www.d8.local;

    access_log /home/nginx/domains/d8.local/log/access.log combined buffer=256k flush=60m;
    error_log /home/nginx/domains/d8.local/log/error.log;

    root /home/nginx/domains/d8.local/public;
    index index.php index.html index.htm;

    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
    allow 192.168.0.36;
    deny all;
    }

    location ~ \..*/.*\.php$ {
    return 403;
    }

    location ~ ^/sites/.*/private/ {
    return 403;
    }

    # Block access to "hidden" files and directories - names begin with a dot

    location ~ (^|/)\. {
    return 403;
    }

    location / {
    # try_files $uri @rewrite; # For Drupal <= 6
    try_files $uri /index.php?$query_string; # For Drupal >= 7
    }

    location @rewrite {
    rewrite ^/(.*)$ /index.php?q=$1;
    }


    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drpal >= 7
    try_files $uri @rewrite;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    log_not_found off;
    }

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;
    }

    Success!
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    29,037
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:26 PM
    Nginx 1.13.x
    MariaDB 5.5
    welcome @VinCent to Centmin Mod Community and thanks for sharing :)

    Might want to use CODE tags for code How to use forum BBCODE code tags :)

    Threads you might want to participate in ;)
    Threads to read, pages to bookmark and threads to watch/subscribe to get to know Centmin Mod would include:
    Premium Membership
     
  3. nVidian

    nVidian Member

    85
    8
    8
    Mar 16, 2015
    Ratings:
    +23
    Local Time:
    11:26 AM
    1.7.9
    5.5
    This is full of duplicate directives config, how could it be success ???
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,037
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:26 PM
    Nginx 1.13.x
    MariaDB 5.5
    it's 2 configs for 2 versions of drupal but no CODE tags to separate them
     
  5. nVidian

    nVidian Member

    85
    8
    8
    Mar 16, 2015
    Ratings:
    +23
    Local Time:
    11:26 AM
    1.7.9
    5.5
    ONLY FOR DRUPAL SSL SITES - there should be 2 conf files: mydomain.tld.conf and mydomain.tld.ssl.conf
    Works for Drupal 6 & 7
    This is mydomain.tld.conf
    - Just replace mydomain.tld with your domain & myIP with your IP
    Code:
    #mydomain.tld.conf
    # redirect to https and also www to non www
    server {
      listen myIP:80;
      server_name mydomain wwww.mydomain;
      return 301 https://mydomain$request_uri;
      root /home/nginx/domains/mydomain/public;
    # ngx_pagespeed & ngx_pagespeed handler include /usr/local/nginx/conf/pagespeed.conf; include
    # /usr/local/nginx/conf/pagespeedhandler.conf; include /usr/local/nginx/conf/pagespeedstatslog.conf;
      location = /favicon.ico {
      log_not_found off;
      access_log off;
      }
      location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
      }
      # This matters if you use drush
      location = /backup {
      deny all;
      }
      # Very rarely should these ever be accessed outside of your lan
      location ~* \.(txt|log)$ {
      allow 192.168.0.0/16;
      deny all;
      }
      location ~ \..*/.*\.php$ {
      return 403;
      }
      location / {
      # This is cool because no php is touched for static content
      try_files $uri @rewrite;
      }
      location @rewrite {
      # Some modules enforce no slash (/) at the end of the URL Else this rewrite block wouldn't be needed
      # (GlobalRedirect)
      rewrite ^/(.*)$ /index.php?q=$1;
      }
      location @rewrite {
      # Drupal in a subdirectory
      rewrite ^/([^/]*)/(.*)(/?)$ /$1/index.php?q=$2&$args;
      }
      location ~ \.php$ {
      error_page 418 = @rewrite;
      recursive_error_pages on;
      fastcgi_split_path_info ^[^=](.+\.php)(/.+)$;
      include fastcgi_params;
      if ( $uri = /index.php ) {
      # not sure this conditional works, will have to check the debug logs
      break;
      }
      if ( !-e $document_root$fastcgi_script_name) {
      return 418;
      }
      #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      #fastcgi_intercept_errors on; fastcgi_read_timeout 240;
      fastcgi_pass 127.0.0.1:9000;
      }
      # Fighting with ImageCache? This little gem is amazing.
      location ~ ^/sites/.*/files/imagecache/ {
      try_files $uri @rewrite;
      }
      # Catch image styles for D7 too.
      location ~ ^/sites/.*/files/styles/ {
      try_files $uri @rewrite;
      }
      location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
      expires max;
      log_not_found off;
      }
    }
    
    This is mydomain.tld.ssl.conf
    Code:
    # mydomain.tld.ssl.conf
    # redirect from www to non-www
    server {
      server_name www.mydomain.tld;
      return 301 https://mydomain.tld$request_uri;
    }
    
    server {
      listen myIP:443 ssl http2;
      server_name mydomain.tld;
      root /home/nginx/domains/mydomain.tld/public;
      access_log /home/nginx/domains/mydomain.tld/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/mydomain.tld/log/error.log;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.tld/dhparam.pem;
      ssl_certificate  /usr/local/nginx/conf/ssl/mydomain.tld/mydomain_unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.tld/mydomain.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers  on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      #spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.tld/mydomain_trusted.crt;
    # ngx_pagespeed & ngx_pagespeed handler
    # include /usr/local/nginx/conf/pagespeed.conf;
    # include /usr/local/nginx/conf/pagespeedhandler.conf;
    # include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
      # ssi  on;
    
      location = /favicon.ico {
      log_not_found off;
      access_log off;
      }
      location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
      }
      # This matters if you use drush
      location = /backup {
      deny all;
      }
      # Very rarely should these ever be accessed outside of your lan
      location ~* \.(txt|log)$ {
      allow 192.168.0.0/16;
      deny all;
      }
      location ~ \..*/.*\.php$ {
      return 403;
      }
      location / {
      # This is cool because no php is touched for static content
      try_files $uri @rewrite;
      }
      location @rewrite {
      # Some modules enforce no slash (/) at the end of the URL
      # Else this rewrite block wouldn't be needed (GlobalRedirect)
      rewrite ^/(.*)$ /index.php?q=$1;
      }
    
      location @rewrite {
      # Drupal in a subdirectory
      rewrite ^/([^/]*)/(.*)(/?)$ /$1/index.php?q=$2&$args;
      }
      location ~ \.php$ {
      error_page 418 = @rewrite;
      recursive_error_pages on;
      fastcgi_split_path_info ^[^=](.+\.php)(/.+)$;
      include fastcgi_params;
      if ( $uri = /index.php ) {
      # not sure this conditional works, will have to check the debug logs
      break;
      }
      if ( !-e $document_root$fastcgi_script_name) {
      return 418;
      }
      #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      #fastcgi_intercept_errors on;
      #fastcgi_read_timeout 240;
      fastcgi_pass  127.0.0.1:9000;
      }
      # Fighting with ImageCache? This little gem is amazing.
      location ~ ^/sites/.*/files/imagecache/ {
      try_files $uri @rewrite;
      }
      # Catch image styles for D7 too.
      location ~ ^/sites/.*/files/styles/ {
      try_files $uri @rewrite;
      }
      location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
      expires max;
      log_not_found off;
      }
    }
    
     
    Last edited: Mar 7, 2016
    • Informative Informative x 1
  6. nVidian

    nVidian Member

    85
    8
    8
    Mar 16, 2015
    Ratings:
    +23
    Local Time:
    11:26 AM
    1.7.9
    5.5
    This is for NON SSL site - Works for Drupal 6 & 7

    mydomain.tld.conf - just replace mydomain.tld with your domain
    Code:
    # This is for redirect www to no www
    server {
       server_name www.mydomain.tld;
        return 301 http://mydomain.tld$request_uri;
    }
    server {
            server_name mydomain.tld;
            root /home/nginx/domains/mydomain.tld/public;
    # ngx_pagespeed & ngx_pagespeed handler include /usr/local/nginx/conf/pagespeed.conf; include
    # /usr/local/nginx/conf/pagespeedhandler.conf; include /usr/local/nginx/conf/pagespeedstatslog.conf;
            location = /favicon.ico {
                    log_not_found off;
                    access_log off;
            }
            location = /robots.txt {
                    allow all;
                    log_not_found off;
                    access_log off;
            }
            # This matters if you use drush
            location = /backup {
                    deny all;
            }
            # Very rarely should these ever be accessed outside of your lan
            location ~* \.(txt|log)$ {
                    allow 192.168.0.0/16;
                    deny all;
            }
            location ~ \..*/.*\.php$ {
                    return 403;
            }
            location / {
                    # This is cool because no php is touched for static content
                    try_files $uri @rewrite;
            }
            location @rewrite {
                    # Some modules enforce no slash (/) at the end of the URL Else this rewrite block wouldn't be needed
                    # (GlobalRedirect)
                    rewrite ^/(.*)$ /index.php?q=$1;
            }
            location @rewrite {
                    # Drupal in a subdirectory
                    rewrite ^/([^/]*)/(.*)(/?)$ /$1/index.php?q=$2&$args;
            }
            location ~ \.php$ {
                    error_page 418 = @rewrite;
                    recursive_error_pages on;
                    fastcgi_split_path_info ^[^=](.+\.php)(/.+)$;
                    include fastcgi_params;
                    if ( $uri = /index.php ) {
                            # not sure this conditional works, will have to check the debug logs
                            break;
                    }
                    if ( !-e $document_root$fastcgi_script_name) {
                            return 418;
                    }
                    #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                    #fastcgi_intercept_errors on; fastcgi_read_timeout 240;
                    fastcgi_pass 127.0.0.1:9000;
            }
            # Fighting with ImageCache? This little gem is amazing.
            location ~ ^/sites/.*/files/imagecache/ {
                    try_files $uri @rewrite;
            }
            # Catch image styles for D7 too.
            location ~ ^/sites/.*/files/styles/ {
                    try_files $uri @rewrite;
            }
            location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                    expires max;
                    log_not_found off;
            }
    }
    
     
    Last edited: Mar 7, 2016
    • Informative Informative x 1