Permalink
Browse files

Changes for Nginx 1.0.x on Mac OS X, running as unprivileged user, bu…

…ilt with homebrew
  • Loading branch information...
alanthing committed Apr 18, 2012
1 parent fc3284e commit f13f7d8ce9af0853a5601dcbb90c5e0c2ed8dadd
@@ -8,9 +8,9 @@
## Cf. http://forum.nginx.org/read.php?21,213197,213209#msg-213209 for
## rationale. If you're using a Nginx version lower than 1.1.1 then
## comment the line below and use the cache zone configuration below this one.
fastcgi_cache_path /var/cache/nginx/microcache levels=1:2 keys_zone=microcache:5M max_size=1G inactive=2h loader_threshold=2592000000 loader_sleep=1 loader_files=100000;
#fastcgi_cache_path var/microcache levels=1:2 keys_zone=microcache:5M max_size=1G inactive=2h loader_threshold=2592000000 loader_sleep=1 loader_files=100000;

## If you're not using a Nginx version greater or equal to 1.1.1 then
## comment the above configuration and use this one. No cache loader
## tweaking.
#fastcgi_cache_path /var/cache/nginx/microcache levels=1:2 keys_zone=microcache:5M max_size=1G inactive=2h;
fastcgi_cache_path var/microcache levels=1:2 keys_zone=microcache:5M max_size=1G inactive=2h;
@@ -27,6 +27,6 @@ fastcgi_param REDIRECT_STATUS 200;
## later. The if_not_empty flag was introduced in 1.1.11. See:
## http://nginx.org/en/CHANGES. If using a version that doesn't
## support this comment out the line below.
fastcgi_param HTTPS $https if_not_empty;
#fastcgi_param HTTPS $https if_not_empty;
## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above.
#fastcgi_param HTTPS $https;
fastcgi_param HTTPS $https;
@@ -0,0 +1,11 @@
# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-

### This file contains a map directive that is used to block the
### invocation of HTTP methods. Out of the box it allows for HEAD, GET and POST.

map $request_method $not_allowed_method {
default 1;
GET 0;
HEAD 0;
POST 0;
}
@@ -1,32 +1,30 @@
# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
user www-data;
worker_processes 4;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
error_log var/log/error.log;

worker_rlimit_nofile 8192;

events {
worker_connections 4096;
## epoll is preferred on 2.6 Linux
## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll
use epoll;
use kqueue;
## Accept as many connections as possible.
multi_accept on;
}

http {
## MIME types.
include /etc/nginx/mime.types;
include mime.types;
default_type application/octet-stream;

## FastCGI.
include /etc/nginx/fastcgi.conf;
include fastcgi.conf;

## Default log and error files.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
access_log var/log/access.log;
error_log var/log/error.log;

## Use sendfile() syscall to speed up I/O operations and speed up
## static file serving.
@@ -44,14 +42,14 @@ http {
## ** version then use the limit_zone directive below
## ** instead. Comment out this
## ** one if not using nginx version >= 1.1.8.
limit_conn_zone $binary_remote_addr zone=arbeit:10m;
#limit_conn_zone $binary_remote_addr zone=arbeit:10m;

## Define a zone for limiting the number of simultaneous
## connections nginx accepts. 1m means 32000 simultaneous
## sessions. We need to define for each server the limit_conn
## value refering to this or other zones.
## ** Use this directive for nginx versions below 1.1.8. Uncomment the line below.
#limit_zone arbeit $binary_remote_addr 10m;
limit_zone arbeit $binary_remote_addr 10m;

## Timeouts.
client_body_timeout 60;
@@ -132,7 +130,7 @@ http {
## http://trac.nginx.org/nginx/changeset/4333/nginx and
## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a
## previous version then uncomment out the line below.
#include map_https_fcgi.conf;
include map_https_fcgi.conf;

## Include the upstream servers for Apache handling the PHP
## processes. In this case Nginx functions as a reverse proxy.
@@ -169,5 +167,5 @@ http {
#include proxy_microcache_zone.conf

## Include all vhosts.
include /etc/nginx/sites-enabled/*;
include sites-enabled/*;
}
@@ -8,9 +8,9 @@
## Cf. http://forum.nginx.org/read.php?21,213197,213209#msg-213209 for
## rationale. If you're using a Nginx version lower than 1.1.1 then
## comment the line below and use the cache zone configuration below this one.
proxy_cache_path /var/cache/nginx/microcache levels=1:2 keys_zone=microcache:5M max_size=1G loader_threshold=2592000000 loader_sleep=1 loader_files=100000;
#proxy_cache_path var/microcache levels=1:2 keys_zone=microcache:5M max_size=1G loader_threshold=2592000000 loader_sleep=1 loader_files=100000;

## If you're not using a Nginx version greater or equal to 1.1.1 then
## comment the above configuration and use this one. No cache loader
## tweaking.
#proxy_cache_path /var/cache/nginx/microcache levels=1:2 keys_zone=microcache:5M max_size=1G;
proxy_cache_path var/microcache levels=1:2 keys_zone=microcache:5M max_size=1G;
@@ -4,10 +4,10 @@
### a suggestion by Maxim Dounin. Also suggested in
### http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names.
server {
listen [::]:80 default_server;
listen 8080 default_server;
# Uncomment the line below and comment the above if you're
# running a Nginx version less than 0.8.20.
# listen [::]:80 default;
# listen 8080 default;

server_name _;
return 444;
@@ -113,22 +113,22 @@ location / {
## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it.
location ^~ /sites/default/files/audio/mp3 {
location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}

location ^~ /sites/default/files/audio/ogg {
location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}
@@ -118,22 +118,22 @@ location / {
## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it.
location ^~ /sites/default/files/audio/mp3 {
location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}

location ^~ /sites/default/files/audio/ogg {
location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}
@@ -109,22 +109,22 @@ location / {
## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it.
location ^~ /sites/default/files/audio/mp3 {
location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}

location ^~ /sites/default/files/audio/ogg {
location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}
@@ -136,22 +136,22 @@ location / {
## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it.
location ^~ /sites/default/files/audio/mp3 {
location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}

location ^~ /sites/default/files/audio/ogg {
location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
directio 4k; # for XFS
#directio 4k; # for XFS
## If you're using ext3 or similar uncomment the line below and comment the above.
#directio 512; # for ext3 or similar (block alignments)
directio 512; # for ext3 or similar (block alignments)
tcp_nopush off;
aio on;
#aio on;
output_buffers 1 2M;
}
}
@@ -5,28 +5,22 @@
server {
## This is to avoid the spurious if for sub-domain name
## "rewriting".
listen 80; # IPv4
## Replace the IPv6 address by your own address. The address below
## was stolen from the wikipedia page on IPv6.
listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on;
listen 8080;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;

} # server domain return.

## HTTP server.
server {
listen 80; # IPv4
## Replace the IPv6 address by your own address. The address below
## was stolen from the wikipedia page on IPv6.
listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on;
listen 8080;

server_name example.com;
limit_conn arbeit 32;

## Access and error logs.
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log var/log/example.com_access.log;
error_log var/log/example.com_error.log;

## See the blacklist.conf file at the parent dir: /etc/nginx.
## Deny access based on the User-Agent header.
@@ -45,13 +39,13 @@ server {
}

## Filesystem root of the site and index.
root /var/www/sites/example.com;
root var/sites/example.com;
index index.php;

## If you're using a Nginx version greater or equal to 1.1.4 then
## you can use keep alive connections to the upstream be it
## FastCGI or Apache. If that's not the case comment out the line below.
fastcgi_keep_conn on; # keep alive to the FCGI upstream
#fastcgi_keep_conn on; # keep alive to the FCGI upstream

## Uncomment if you're proxying to Apache for handling PHP.
#proxy_http_version 1.1; # keep alive to the Apache upstream
@@ -106,38 +100,35 @@ server {

## HTTPS server.
server {
listen 443 ssl;
## Replace the IPv6 address by your own address. The address below
## was stolen from the wikipedia page on IPv6.
listen [fe80::202:b3ff:fe1e:8329]:443 ssl ipv6only=on;
listen 8443 ssl;

server_name example.com;
limit_conn arbeit 32;

## Access and error logs.
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log var/log/example.com_access.log;
error_log var/log/example.com_error.log;

## Keep alive timeout set to a greater value for SSL/TLS.
keepalive_timeout 75 75;

## See the keepalive_timeout directive in nginx.conf.
## Server certificate and key.
ssl_certificate /etc/ssl/certs/example-cert.pem;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_certificate ssl/certs/example-cert.pem;
ssl_certificate_key ssl/private/example.key;

## Strict Transport Security header for enhanced security. See
## http://www.chromium.org/sts. I've set it to 2 hours; set it to
## whichever age you want.
add_header Strict-Transport-Security "max-age=7200";

root /var/www/sites/example.com;
root var/sites/example.com;
index index.php;

## If you're using a Nginx version greater or equal to 1.1.4 then
## you can use keep alive connections to the upstream be it
## FastCGI or Apache. If that's not the case comment out the line below.
fastcgi_keep_conn on; # keep alive to the FCGI upstream
#fastcgi_keep_conn on; # keep alive to the FCGI upstream

## Uncomment if you're proxying to Apache for handling PHP.
#proxy_http_version 1.1; # keep alive to the Apache upstream
@@ -13,13 +13,14 @@ upstream phpcgi {
## https://github.com/gnosek/nginx-upstream-fair comment out the
## following line.
fair;
server 127.0.0.1:9001;
server 127.0.0.1:9002;
server 127.0.0.1:9000;
#server 127.0.0.1:9001;
#server 127.0.0.1:9002;
## Create a backend connection cache. Note that this requires
## Nginx version greater or equal to 1.1.4.
## Cf. http://nginx.org/en/CHANGES. Comment out the following
## line if that's not the case.
keepalive 5;
#keepalive 5;
}

## Add a third pool as a fallback.
@@ -29,5 +30,5 @@ upstream phpcgi_backup {
## Nginx version greater or equal to 1.1.4.
## Cf. http://nginx.org/en/CHANGES. Comment out the
## following line if that's not the case.
keepalive 1;
#keepalive 1;
}
@@ -14,13 +14,14 @@ upstream phpcgi {
## https://github.com/gnosek/nginx-upstream-fair comment out the
## following line.
fair;
server unix:/var/run/php-fpm.sock;
server unix:/var/run/php-fpm-zwei.sock;
server unix:/usr/local/Cellar/php/5.3.10/var/www.sock;
#server unix:/var/run/php-fpm.sock;
#server unix:/var/run/php-fpm-zwei.sock;
## Create a backend connection cache. Note that this requires
## Nginx version greater or equal to 1.1.4.
## Cf. http://nginx.org/en/CHANGES. Comment out the following
## line if that's not the case.
keepalive 5;
#keepalive 5;
}

## Add a third pool as a fallback.
@@ -30,5 +31,5 @@ upstream phpcgi_backup {
## Nginx version greater or equal to 1.1.4.
## Cf. http://nginx.org/en/CHANGES. Comment out the
## following line if that's not the case.
keepalive 1;
#keepalive 1;
}

0 comments on commit f13f7d8

Please sign in to comment.