Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
131 lines (112 sloc) 4.15 KB
#####
# LookingGlass - User friendly PHP Looking Glass
# http://iamtelephone.com
#####
server {
#####
# ** EDIT VARIABLES BELOW TO ALIGN WITH YOUR INSTALL **
# 'server_name' -> domain/s or IP address to listen
# 'root' -> Absolute path to your LookingGlass install
# '$cgi_pass' -> TCP/Socket for PHP. Found in:
# - '/etc/php5/fpm/pool.d/www.conf' under 'listen' param
#####
server_name lg.iamtelephone.com www.lg.iamtelephone.com;
root /var/www/LookingGlass;
set $cgi_pass 'unix:/var/run/php5-fpm.sock';
#####
# Comment out/delete IPv6 line to only listen/serve IPv4, and vice versa
#####
listen 0.0.0.0:80; # IPv4
listen [::]:80; # IPv6
#####
# Individual logs for LookingGlass. Comment out/delete to disable logging
#####
access_log /var/log/nginx/lookingglass_access.log;
error_log /var/log/nginx/lookingglass_error.log;
############# DO NOT EDIT BELOW THIS LINE #############
# Do not send Nginx version
server_tokens off;
# Set index and use UTF-8
index index.php;
charset utf-8;
# Avoid clickjacking. If you need to allow [i]frames, you can use SAMEORIGIN
# or even set an uri with ALLOW-FROM uri
add_header X-Frame-Options DENY;
# This header enables the Cross-site scripting (XSS) filter built into most
# recent web browsers. It's usually enabled by default anyway, so the role
# of this header is to re-enable the filter
add_header X-XSS-Protection "1; mode=block";
# Validate request type
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 403;
}
# Disable log for favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Disable log for robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny access to private folder/s
# Assumes LookingGlass is on a root install
location ~ ^/LookingGlass {
deny all;
return 404;
}
# Deny access to hidden files/folders
location ~ /\. {
deny all;
access_log off;
log_not_found off;
return 404;
}
# CSS/IMG/JS caching policy. Access log is turned off by default
location ~* \.(?:css|js|gif|jpe?g|png)$ {
access_log off;
expires 30d;
add_header Cache-Control public;
break;
}
# Disable Gzip for test files
location ~* \.test$ {
gzip off;
sendfile on;
}
# Full PHP setup. No includes necessary
location ~ \.php$ {
fastcgi_pass $cgi_pass;
fastcgi_index index.php;
# FastCGI params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param REDIRECT_STATUS 200;
# Enable output buffering
try_files $uri = 404;
fastcgi_buffering on;
fastcgi_buffer_size 1k;
fastcgi_buffers 128 1k;
fastcgi_max_temp_file_size 0;
gzip off;
}
}