-
-
Save erssebaggala/544f3cb35909d840ebed77bbde7ba4e4 to your computer and use it in GitHub Desktop.
Revisions
-
Matthew Reschke revised this gist
Mar 1, 2016 . 1 changed file with 13 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,24 +19,25 @@ # Handles main / site plus plus additional /api/v1 sites server { # Listing port and host address listen 80; #listen 443; server_name example.com; # SSL certificates #ssl on; #ssl_certificate /etc/nginx/ssl/example.com.pem; #ssl_certificate_key /etc/nginx/ssl/example.com.key; # Enables server-side protection from BEAST attacks # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html #ssl_prefer_server_ciphers on; # Disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Ciphers chosen for forward secrecy and compatibility # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html #ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; # Default index pages index index.php; @@ -132,8 +133,8 @@ server { } # Redirect all http traffic to https #server { # listen 80; # server_name rci-api.dynatronsoftware.com; # return 301 https://$host$request_uri; #} -
Mar 1, 2016 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,8 +24,8 @@ server { # SSL certificates ssl on; ssl_certificate /etc/nginx/ssl/example.com.pem; ssl_certificate_key /etc/nginx/ssl/example.com.key; # Enables server-side protection from BEAST attacks # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html -
Mar 1, 2016 . 1 changed file with 27 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,8 +19,24 @@ # Handles main / site plus plus additional /api/v1 sites server { # Listing port and host address listen 443; server_name example.com; # SSL certificates ssl on; ssl_certificate /etc/nginx/ssl/dynatronsoftware.com/dynatronsoftware.com.pem; ssl_certificate_key /etc/nginx/ssl/dynatronsoftware.com/dynatronsoftware.com.key; # Enables server-side protection from BEAST attacks # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html ssl_prefer_server_ciphers on; # Disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Ciphers chosen for forward secrecy and compatibility # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; # Default index pages index index.php; @@ -37,6 +53,9 @@ server { # used for local static content only sendfile off; # Dont send the nginx version number in error pages and server header server_tokens off; # Root for / project root /var/www/example/public; @@ -111,3 +130,10 @@ server { deny all; } } # Redirect all http traffic to https server { listen 80; server_name rci-api.dynatronsoftware.com; return 301 https://$host$request_uri; } -
Feb 2, 2016 . 1 changed file with 8 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -39,9 +39,14 @@ server { # Root for / project root /var/www/example/public; # If you have no root project, re-route /favicon and /robots #location /favicon.ico { try_files $uri /api/v1$uri; } #location /robots.txt { try_files $uri /api/v1$uri; } # Handle main root / project location / { #deny all; try_files $uri $uri/ /index.php?$args; } @@ -76,6 +81,7 @@ server { root /var/www/api-v1/public; } # Debug output #return 200 $args; add_header Content-Type text/plain; #return 200 $uri; add_header Content-Type text/plain; #return 200 $document_root; add_header Content-Type text/plain; @@ -99,6 +105,8 @@ server { fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; } # Deny .ht* access location ~ /\.ht { deny all; } -
Feb 2, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Feb 2, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Feb 2, 2016 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -99,4 +99,7 @@ server { fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; } location ~ /\.ht { deny all; } } -
Feb 2, 2016 . 1 changed file with 18 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,21 @@ # This config will host your main [Laravel] GUI application at /, and any additional [Lumen] webservices at /api/v1 and /api/v2... # This also works perfectly for all static file content in all projects # This is full of debug comments so you can see how to print debug output to browser! Took me hours to nail this perfect config. # Example: # http://example.com - Main Laravel site as usual # http://example.com/about - Main Laravel site about page as usual # http://example.com/robots.txt - Main Laravel site static content as usual # http://example.com/api/v1 - Lumen v1 api default / route # http://example.com/api/v1/ - Lumen v1 api default / route # http://example.com/api/v1/users - Lumen v1 api users route # http://example.com/api/v1/robots.txt - Lumen v1 api static content # http://example.com/api/v2 - Lumen v2 api default / route # http://example.com/api/v2/ - Lumen v2 api default / route # http://example.com/api/v2/users - Lumen v2 api users route # http://example.com/api/v2/robots.txt - Lumen v2 api static content # Handles main / site plus plus additional /api/v1 sites server { # Listing port and host address -
Feb 2, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,84 @@ # Handles main / site plus plus additional /api/v1 sites server { # Listing port and host address listen 80; server_name example.com; # Default index pages index index.php; # Default character set charset utf-8; # Turn off /var/log/nginx/access.log writes access_log off; log_not_found off; # Send file is an optimization, but does not work # across unix sockets which I use for php fpm so is best # used for local static content only sendfile off; # Root for / project root /var/www/example/public; # Handle main root / project location / { try_files $uri $uri/ /index.php?$args; } # Handle api/v1 sub project location /api/v1 { # Debug output #return 200 $args; add_header Content-Type text/plain; # Root for this sub project root /var/www/api-v1/public; # Rewrite $uri=/api/v1/xyz back to just $uri=/xyz rewrite ^/api/v1/(.*)$ /$1 break; # Try to send static file at $url or $uri/ # Else try /index.php (which will hit location ~\.php$ below) try_files $uri $uri/ /index.php?$args; } # Handle all locations *.php files (which will always be just /index.php) # via factcgi PHP-FPM unix socket location ~ \.php$ { # At this piont, $uri is /index.php, $args=any GET ?key=value # and $request_uri = /api/v1/xyz. But we DONT want to pass # /api/v1/xyz to PHP-FPM, we want just /xyz to pass to # fastcgi REQUESTE_URI below. This allows laravel to see # /api/v1/xyz as just /xyz in its router. So laravel route('/xyz') responds # to /api/v1/xyz as you would expect. set $newurl $request_uri; if ($newurl ~ ^/api/v1(.*)$) { set $newurl $1; root /var/www/api-v1/public; } #return 200 $args; add_header Content-Type text/plain; #return 200 $uri; add_header Content-Type text/plain; #return 200 $document_root; add_header Content-Type text/plain; #return 200 $request_uri; add_header Content-Type text/plain; #return 200 $newurl; add_header Content-Type text/plain; # No need for rewrite, as we will use $newurl above. #rewrite ^/api/v1/index.php(.*)$ /$1 break; #rewrite ^/index.php(.*)$ /$1 break; #return 200 $uri; add_header Content-Type text/plain; # Pass all PHP files to fastcgi php fpm unix socket fastcgi_split_path_info ^(.+\.php)(/.+)$; #fastcgi_pass unix:/var/run/php5-fpm.sock; #debian php5 fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; #debian php7 fastcgi_index index.php; include fastcgi_params; fastcgi_param REQUEST_URI $newurl; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; } }
Matthew Reschke
revised
this gist