NGINX/PHP-FPM

Защита файлов

При использовании PHP-FPM важно закрыть доступ к файлу конфигурации application/config/config.ini.

  location ~* /(var|lib|application)/.*$ {
    return 403;
  }

Поддержка URL'ов кампаний

Для симуляции mod_rewrite на Nginx, необходимо использовать try_files. Пример использования:

location / {
  try_files $uri $uri/ /index.php?$args;
}

Пример конфигурации домена в Nginx

server {
  # server IP and port
  listen 151.236.29.195:80;
 
  # domain name
  server_name domain.com www.domain.com;
 
  # root path
  set $root_path /home/domain.com;
 
  root $root_path;
 
  charset utf-8;
  index index.php;
 
  location ~* \.(jpg|jpeg|gif|png|js|css|txt|zip|ico|gz|csv)$ { 
    access_log off;  
    expires max;
  }
 
  location ~* /(var|lib|application)/.*$ {
    return 403;
  }
 
  location ~* \.(htaccess|ini|dat|htpasswd)$ {
    return 403;
  }
 
  location ~ \.php$ {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass 127.0.0.1:9000; 
    #fastcgi_pass unix:/var/run/php5-fpm.sock; 
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $root_path$fastcgi_script_name;
  }
 
  location / {
    try_files $uri $uri/ /index.php?$args;
  }
}

Шаблоны Keitaro TDS для Vesta

Файл /usr/local/vesta/data/templates/web/nginx/php-fpm/keitaro.stpl

server {
    listen      %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;
    root        %docroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;

    location / {
        try_files $uri $uri/ /index.php?$args;
  
        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|html)$ {
            expires     max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return 404;
            }

            fastcgi_pass    %backend_lsnr%;
            include         /etc/nginx/fastcgi_params;
        }
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location ~* /(var|lib|application)/.*$ {
        return 403;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;
    include     %home%/%user%/conf/web/nginx.%domain%.conf*;

Файл /usr/local/vesta/data/templates/web/nginx/php-fpm/keitaro.tpl

server {
    listen      %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;
    root        %docroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

    location / {
        try_files $uri $uri/ /index.php?$args;
   
        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|html)$ {
            expires     max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return 404;
            }

            fastcgi_pass    %backend_lsnr%;
            include         /etc/nginx/fastcgi_params;
        }
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location ~* /(var|lib|application)/.*$ {
        return 403;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;

    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
}