├── .gitignore ├── proxy_params ├── conf.d ├── session_cookie.conf ├── phpcgi.conf ├── ssl.conf └── fastcgi_cache.conf ├── scgi_params ├── uwsgi_params ├── sites-available └── example.com ├── fastcgi_params ├── fastcgi_cache ├── nginx.conf ├── koi-win ├── mime.types ├── koi-utf ├── win-utf └── drupal /.gitignore: -------------------------------------------------------------------------------- 1 | sites-available/* 2 | !sites-available/example.com 3 | sites-enabled/* 4 | -------------------------------------------------------------------------------- /proxy_params: -------------------------------------------------------------------------------- 1 | proxy_set_header Host $host; 2 | proxy_set_header X-Real-IP $remote_addr; 3 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 4 | -------------------------------------------------------------------------------- /conf.d/session_cookie.conf: -------------------------------------------------------------------------------- 1 | # Determine if a Drupal session cookie is present 2 | map $http_cookie $logged_in { 3 | default 0; 4 | ~SESS 1; # Drupal session cookie 5 | } 6 | -------------------------------------------------------------------------------- /conf.d/phpcgi.conf: -------------------------------------------------------------------------------- 1 | upstream phpfpm { 2 | #server 127.0.0.1:9000; 3 | server unix:/var/run/php5-fpm.sock; 4 | } 5 | 6 | upstream php52fpm { 7 | #server 127.0.0.1:9001; 8 | server unix:/var/run/php52-fpm.sock; 9 | } 10 | -------------------------------------------------------------------------------- /conf.d/ssl.conf: -------------------------------------------------------------------------------- 1 | # Prefer the fastest possible ciphers. See 2 | # http://zombe.es/post/4078724716/openssl-cipher-selection 3 | ssl_ciphers RC4:AES128-SHA:AES:CAMELLIA128-SHA:!ADH:!aNULL:!DH:!EDH:!eNULL:!LOW:!SSLv2:!EXP:!NULL; 4 | 5 | ssl_prefer_server_ciphers on; 6 | ssl_protocols SSLv3 TLSv1; # SSLv2 has been proven breakable. 7 | ssl_session_cache shared:SSL:2M; # 1M of cache roughly == 4000 SSL connections 8 | -------------------------------------------------------------------------------- /conf.d/fastcgi_cache.conf: -------------------------------------------------------------------------------- 1 | fastcgi_cache_path /var/cache/nginx/fastcgi_cache 2 | # 2 level deep directory structure. 3 | levels=1:2 4 | # 5MB lookup table in RAM. 5 | keys_zone=default_cache:5M 6 | # Maximum size of cache is 1GB. 7 | max_size=1G 8 | # Keep files on disk for a maximum of 2 hours. 9 | inactive=2h; 10 | -------------------------------------------------------------------------------- /scgi_params: -------------------------------------------------------------------------------- 1 | scgi_param REQUEST_METHOD $request_method; 2 | scgi_param REQUEST_URI $request_uri; 3 | scgi_param QUERY_STRING $query_string; 4 | scgi_param CONTENT_TYPE $content_type; 5 | 6 | scgi_param DOCUMENT_URI $document_uri; 7 | scgi_param DOCUMENT_ROOT $document_root; 8 | scgi_param SCGI 1; 9 | scgi_param SERVER_PROTOCOL $server_protocol; 10 | 11 | scgi_param REMOTE_ADDR $remote_addr; 12 | scgi_param REMOTE_PORT $remote_port; 13 | scgi_param SERVER_PORT $server_port; 14 | scgi_param SERVER_NAME $server_name; 15 | -------------------------------------------------------------------------------- /uwsgi_params: -------------------------------------------------------------------------------- 1 | uwsgi_param QUERY_STRING $query_string; 2 | uwsgi_param REQUEST_METHOD $request_method; 3 | uwsgi_param CONTENT_TYPE $content_type; 4 | uwsgi_param CONTENT_LENGTH $content_length; 5 | 6 | uwsgi_param REQUEST_URI $request_uri; 7 | uwsgi_param PATH_INFO $document_uri; 8 | uwsgi_param DOCUMENT_ROOT $document_root; 9 | uwsgi_param SERVER_PROTOCOL $server_protocol; 10 | 11 | uwsgi_param REMOTE_ADDR $remote_addr; 12 | uwsgi_param REMOTE_PORT $remote_port; 13 | uwsgi_param SERVER_PORT $server_port; 14 | uwsgi_param SERVER_NAME $server_name; 15 | -------------------------------------------------------------------------------- /sites-available/example.com: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name example.com; 4 | 5 | ## Access and error logs. 6 | access_log /var/log/nginx/example.com_access.log; 7 | error_log /var/log/nginx/example.com_error.log; 8 | 9 | ## Filesystem root of the site. 10 | root /var/www/example.com/docroot; 11 | 12 | # Specify which upstream this site should use. Below, the phpfpm upstream 13 | # will be used, which is assumed to be PHP 5.3. If your Drupal site is an 14 | # older version and requires PHP 5.2, you can use the php52fpm upstream 15 | # instead. 16 | set $php_upstream phpfpm; 17 | # PHP 5.2 18 | #set $php_upstream php52fpm; 19 | 20 | include drupal; 21 | } 22 | 23 | server { 24 | ## Redirect www.example.com to example.com. 25 | listen 80; 26 | server_name www.example.com; 27 | return 301 $scheme://example.com$request_uri; 28 | } 29 | -------------------------------------------------------------------------------- /fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param QUERY_STRING $query_string; 2 | fastcgi_param REQUEST_METHOD $request_method; 3 | fastcgi_param CONTENT_TYPE $content_type; 4 | fastcgi_param CONTENT_LENGTH $content_length; 5 | 6 | fastcgi_param SCRIPT_FILENAME $request_filename; 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | 13 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 14 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 15 | 16 | fastcgi_param REMOTE_ADDR $remote_addr; 17 | fastcgi_param REMOTE_PORT $remote_port; 18 | fastcgi_param SERVER_ADDR $server_addr; 19 | fastcgi_param SERVER_PORT $server_port; 20 | fastcgi_param SERVER_NAME $server_name; 21 | 22 | fastcgi_param HTTPS $server_https; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /fastcgi_cache: -------------------------------------------------------------------------------- 1 | ### Implementation of the microcache concept as presented here: 2 | ### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n 3 | 4 | ## The cache zone referenced. 5 | fastcgi_cache default_cache; 6 | ## The cache key, as specific as possible. 7 | fastcgi_cache_key $scheme$request_method$host$request_uri; 8 | 9 | fastcgi_cache_valid 200 302 1h; # Store pages and redirects for 1 hour. 10 | fastcgi_cache_valid 301 1d; # Store permanent redirects for 1 day. 11 | fastcgi_cache_valid any 1m; # Store all other requests (errors) for 1 minute. 12 | 13 | # Saint mode. If there are errors, display cached content. 14 | fastcgi_cache_use_stale error timeout invalid_header updating http_500; 15 | 16 | ## The Cache-Control and Expires headers should be delivered untouched 17 | ## from the upstream to the client. 18 | fastcgi_ignore_headers Cache-Control Expires; 19 | ## If we client is logged in we bypass the cache. 20 | fastcgi_cache_bypass $logged_in; 21 | fastcgi_no_cache $logged_in; 22 | 23 | ## Add a cache miss/hit status header. 24 | add_header X-Micro-Cache $upstream_cache_status; 25 | ## To avoid any interaction with the cache control headers we expire 26 | ## everything on this location immediately. 27 | expires epoch; 28 | -------------------------------------------------------------------------------- /nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 1; 3 | pid /var/run/nginx.pid; 4 | 5 | events { 6 | worker_connections 768; 7 | # multi_accept on; 8 | } 9 | 10 | http { 11 | 12 | ## 13 | # Basic Settings 14 | ## 15 | 16 | sendfile on; 17 | tcp_nopush on; 18 | tcp_nodelay on; 19 | keepalive_timeout 65; 20 | types_hash_max_size 2048; 21 | # server_tokens off; 22 | 23 | # server_names_hash_bucket_size 64; 24 | # server_name_in_redirect off; 25 | 26 | include /etc/nginx/mime.types; 27 | default_type application/octet-stream; 28 | 29 | ## 30 | # Logging Settings 31 | ## 32 | 33 | access_log /var/log/nginx/access.log; 34 | error_log /var/log/nginx/error.log; 35 | 36 | ## 37 | # Gzip Settings 38 | ## 39 | 40 | gzip on; 41 | gzip_disable "msie6"; 42 | 43 | # gzip_vary on; 44 | # gzip_proxied any; 45 | # gzip_comp_level 6; 46 | # gzip_buffers 16 8k; 47 | # gzip_http_version 1.1; 48 | gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 49 | 50 | ## 51 | # If HTTPS, then set a variable so it can be passed along. 52 | ## 53 | 54 | map $scheme $server_https { 55 | default off; 56 | https on; 57 | } 58 | 59 | ## 60 | # Virtual Host Configs 61 | ## 62 | 63 | include /etc/nginx/conf.d/*.conf; 64 | include /etc/nginx/sites-enabled/*; 65 | } 66 | 67 | 68 | #mail { 69 | # # See sample authentication script at: 70 | # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript 71 | # 72 | # # auth_http localhost/auth.php; 73 | # # pop3_capabilities "TOP" "USER"; 74 | # # imap_capabilities "IMAP4rev1" "UIDPLUS"; 75 | # 76 | # server { 77 | # listen localhost:110; 78 | # protocol pop3; 79 | # proxy on; 80 | # } 81 | # 82 | # server { 83 | # listen localhost:143; 84 | # protocol imap; 85 | # proxy on; 86 | # } 87 | #} 88 | -------------------------------------------------------------------------------- /koi-win: -------------------------------------------------------------------------------- 1 | charset_map koi8-r windows-1251 { 2 | 3 | 80 88; # euro 4 | 5 | 95 95; # bullet 6 | 7 | 9A A0; #   8 | 9 | 9E B7; # · 10 | 11 | A3 B8; # small yo 12 | A4 BA; # small Ukrainian ye 13 | 14 | A6 B3; # small Ukrainian i 15 | A7 BF; # small Ukrainian yi 16 | 17 | AD B4; # small Ukrainian soft g 18 | AE A2; # small Byelorussian short u 19 | 20 | B0 B0; # ° 21 | 22 | B3 A8; # capital YO 23 | B4 AA; # capital Ukrainian YE 24 | 25 | B6 B2; # capital Ukrainian I 26 | B7 AF; # capital Ukrainian YI 27 | 28 | B9 B9; # numero sign 29 | 30 | BD A5; # capital Ukrainian soft G 31 | BE A1; # capital Byelorussian short U 32 | 33 | BF A9; # (C) 34 | 35 | C0 FE; # small yu 36 | C1 E0; # small a 37 | C2 E1; # small b 38 | C3 F6; # small ts 39 | C4 E4; # small d 40 | C5 E5; # small ye 41 | C6 F4; # small f 42 | C7 E3; # small g 43 | C8 F5; # small kh 44 | C9 E8; # small i 45 | CA E9; # small j 46 | CB EA; # small k 47 | CC EB; # small l 48 | CD EC; # small m 49 | CE ED; # small n 50 | CF EE; # small o 51 | 52 | D0 EF; # small p 53 | D1 FF; # small ya 54 | D2 F0; # small r 55 | D3 F1; # small s 56 | D4 F2; # small t 57 | D5 F3; # small u 58 | D6 E6; # small zh 59 | D7 E2; # small v 60 | D8 FC; # small soft sign 61 | D9 FB; # small y 62 | DA E7; # small z 63 | DB F8; # small sh 64 | DC FD; # small e 65 | DD F9; # small shch 66 | DE F7; # small ch 67 | DF FA; # small hard sign 68 | 69 | E0 DE; # capital YU 70 | E1 C0; # capital A 71 | E2 C1; # capital B 72 | E3 D6; # capital TS 73 | E4 C4; # capital D 74 | E5 C5; # capital YE 75 | E6 D4; # capital F 76 | E7 C3; # capital G 77 | E8 D5; # capital KH 78 | E9 C8; # capital I 79 | EA C9; # capital J 80 | EB CA; # capital K 81 | EC CB; # capital L 82 | ED CC; # capital M 83 | EE CD; # capital N 84 | EF CE; # capital O 85 | 86 | F0 CF; # capital P 87 | F1 DF; # capital YA 88 | F2 D0; # capital R 89 | F3 D1; # capital S 90 | F4 D2; # capital T 91 | F5 D3; # capital U 92 | F6 C6; # capital ZH 93 | F7 C2; # capital V 94 | F8 DC; # capital soft sign 95 | F9 DB; # capital Y 96 | FA C7; # capital Z 97 | FB D8; # capital SH 98 | FC DD; # capital E 99 | FD D9; # capital SHCH 100 | FE D7; # capital CH 101 | FF DA; # capital hard sign 102 | } 103 | -------------------------------------------------------------------------------- /mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml rss; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/x-javascript js; 8 | application/atom+xml atom; 9 | 10 | text/mathml mml; 11 | text/plain txt; 12 | text/vnd.sun.j2me.app-descriptor jad; 13 | text/vnd.wap.wml wml; 14 | text/x-component htc; 15 | 16 | image/png png; 17 | image/tiff tif tiff; 18 | image/vnd.wap.wbmp wbmp; 19 | image/x-icon ico; 20 | image/x-jng jng; 21 | image/x-ms-bmp bmp; 22 | image/svg+xml svg svgz; 23 | 24 | application/java-archive jar war ear; 25 | application/json json; 26 | application/mac-binhex40 hqx; 27 | application/msword doc; 28 | application/pdf pdf; 29 | application/postscript ps eps ai; 30 | application/rtf rtf; 31 | application/vnd.ms-excel xls; 32 | application/vnd.ms-powerpoint ppt; 33 | application/vnd.wap.wmlc wmlc; 34 | application/vnd.google-earth.kml+xml kml; 35 | application/vnd.google-earth.kmz kmz; 36 | application/x-7z-compressed 7z; 37 | application/x-cocoa cco; 38 | application/x-java-archive-diff jardiff; 39 | application/x-java-jnlp-file jnlp; 40 | application/x-makeself run; 41 | application/x-perl pl pm; 42 | application/x-pilot prc pdb; 43 | application/x-rar-compressed rar; 44 | application/x-redhat-package-manager rpm; 45 | application/x-sea sea; 46 | application/x-shockwave-flash swf; 47 | application/x-stuffit sit; 48 | application/x-tcl tcl tk; 49 | application/x-x509-ca-cert der pem crt; 50 | application/x-xpinstall xpi; 51 | application/xhtml+xml xhtml; 52 | application/zip zip; 53 | 54 | application/octet-stream bin exe dll; 55 | application/octet-stream deb; 56 | application/octet-stream dmg; 57 | application/octet-stream eot; 58 | application/octet-stream iso img; 59 | application/octet-stream msi msp msm; 60 | application/ogg ogx; 61 | 62 | audio/midi mid midi kar; 63 | audio/mpeg mpga mpega mp2 mp3 m4a; 64 | audio/ogg oga ogg spx; 65 | audio/x-realaudio ra; 66 | audio/webm weba; 67 | 68 | video/3gpp 3gpp 3gp; 69 | video/mp4 mp4; 70 | video/mpeg mpeg mpg mpe; 71 | video/ogg ogv; 72 | video/quicktime mov; 73 | video/webm webm; 74 | video/x-flv flv; 75 | video/x-mng mng; 76 | video/x-ms-asf asx asf; 77 | video/x-ms-wmv wmv; 78 | video/x-msvideo avi; 79 | } 80 | -------------------------------------------------------------------------------- /koi-utf: -------------------------------------------------------------------------------- 1 | # This map is not a full koi8-r <> utf8 map: it does not contain 2 | # box-drawing and some other characters. Besides this map contains 3 | # several koi8-u and Byelorussian letters which are not in koi8-r. 4 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 5 | # map instead. 6 | 7 | charset_map koi8-r utf-8 { 8 | 9 | 80 E282AC; # euro 10 | 11 | 95 E280A2; # bullet 12 | 13 | 9A C2A0; #   14 | 15 | 9E C2B7; # · 16 | 17 | A3 D191; # small yo 18 | A4 D194; # small Ukrainian ye 19 | 20 | A6 D196; # small Ukrainian i 21 | A7 D197; # small Ukrainian yi 22 | 23 | AD D291; # small Ukrainian soft g 24 | AE D19E; # small Byelorussian short u 25 | 26 | B0 C2B0; # ° 27 | 28 | B3 D081; # capital YO 29 | B4 D084; # capital Ukrainian YE 30 | 31 | B6 D086; # capital Ukrainian I 32 | B7 D087; # capital Ukrainian YI 33 | 34 | B9 E28496; # numero sign 35 | 36 | BD D290; # capital Ukrainian soft G 37 | BE D18E; # capital Byelorussian short U 38 | 39 | BF C2A9; # (C) 40 | 41 | C0 D18E; # small yu 42 | C1 D0B0; # small a 43 | C2 D0B1; # small b 44 | C3 D186; # small ts 45 | C4 D0B4; # small d 46 | C5 D0B5; # small ye 47 | C6 D184; # small f 48 | C7 D0B3; # small g 49 | C8 D185; # small kh 50 | C9 D0B8; # small i 51 | CA D0B9; # small j 52 | CB D0BA; # small k 53 | CC D0BB; # small l 54 | CD D0BC; # small m 55 | CE D0BD; # small n 56 | CF D0BE; # small o 57 | 58 | D0 D0BF; # small p 59 | D1 D18F; # small ya 60 | D2 D180; # small r 61 | D3 D181; # small s 62 | D4 D182; # small t 63 | D5 D183; # small u 64 | D6 D0B6; # small zh 65 | D7 D0B2; # small v 66 | D8 D18C; # small soft sign 67 | D9 D18B; # small y 68 | DA D0B7; # small z 69 | DB D188; # small sh 70 | DC D18D; # small e 71 | DD D189; # small shch 72 | DE D187; # small ch 73 | DF D18A; # small hard sign 74 | 75 | E0 D0AE; # capital YU 76 | E1 D090; # capital A 77 | E2 D091; # capital B 78 | E3 D0A6; # capital TS 79 | E4 D094; # capital D 80 | E5 D095; # capital YE 81 | E6 D0A4; # capital F 82 | E7 D093; # capital G 83 | E8 D0A5; # capital KH 84 | E9 D098; # capital I 85 | EA D099; # capital J 86 | EB D09A; # capital K 87 | EC D09B; # capital L 88 | ED D09C; # capital M 89 | EE D09D; # capital N 90 | EF D09E; # capital O 91 | 92 | F0 D09F; # capital P 93 | F1 D0AF; # capital YA 94 | F2 D0A0; # capital R 95 | F3 D0A1; # capital S 96 | F4 D0A2; # capital T 97 | F5 D0A3; # capital U 98 | F6 D096; # capital ZH 99 | F7 D092; # capital V 100 | F8 D0AC; # capital soft sign 101 | F9 D0AB; # capital Y 102 | FA D097; # capital Z 103 | FB D0A8; # capital SH 104 | FC D0AD; # capital E 105 | FD D0A9; # capital SHCH 106 | FE D0A7; # capital CH 107 | FF D0AA; # capital hard sign 108 | } 109 | -------------------------------------------------------------------------------- /win-utf: -------------------------------------------------------------------------------- 1 | # This map is not a full windows-1251 <> utf8 map: it does not 2 | # contain Serbian and Macedonian letters. If you need a full map, 3 | # use contrib/unicode2nginx/win-utf map instead. 4 | 5 | charset_map windows-1251 utf-8 { 6 | 7 | 82 E2809A; # single low-9 quotation mark 8 | 9 | 84 E2809E; # double low-9 quotation mark 10 | 85 E280A6; # ellipsis 11 | 86 E280A0; # dagger 12 | 87 E280A1; # double dagger 13 | 88 E282AC; # euro 14 | 89 E280B0; # per mille 15 | 16 | 91 E28098; # left single quotation mark 17 | 92 E28099; # right single quotation mark 18 | 93 E2809C; # left double quotation mark 19 | 94 E2809D; # right double quotation mark 20 | 95 E280A2; # bullet 21 | 96 E28093; # en dash 22 | 97 E28094; # em dash 23 | 24 | 99 E284A2; # trade mark sign 25 | 26 | A0 C2A0; #   27 | A1 D18E; # capital Byelorussian short U 28 | A2 D19E; # small Byelorussian short u 29 | 30 | A4 C2A4; # currency sign 31 | A5 D290; # capital Ukrainian soft G 32 | A6 C2A6; # borken bar 33 | A7 C2A7; # section sign 34 | A8 D081; # capital YO 35 | A9 C2A9; # (C) 36 | AA D084; # capital Ukrainian YE 37 | AB C2AB; # left-pointing double angle quotation mark 38 | AC C2AC; # not sign 39 | AD C2AD; # soft hypen 40 | AE C2AE; # (R) 41 | AF D087; # capital Ukrainian YI 42 | 43 | B0 C2B0; # ° 44 | B1 C2B1; # plus-minus sign 45 | B2 D086; # capital Ukrainian I 46 | B3 D196; # small Ukrainian i 47 | B4 D291; # small Ukrainian soft g 48 | B5 C2B5; # micro sign 49 | B6 C2B6; # pilcrow sign 50 | B7 C2B7; # · 51 | B8 D191; # small yo 52 | B9 E28496; # numero sign 53 | BA D194; # small Ukrainian ye 54 | BB C2BB; # right-pointing double angle quotation mark 55 | 56 | BF D197; # small Ukrainian yi 57 | 58 | C0 D090; # capital A 59 | C1 D091; # capital B 60 | C2 D092; # capital V 61 | C3 D093; # capital G 62 | C4 D094; # capital D 63 | C5 D095; # capital YE 64 | C6 D096; # capital ZH 65 | C7 D097; # capital Z 66 | C8 D098; # capital I 67 | C9 D099; # capital J 68 | CA D09A; # capital K 69 | CB D09B; # capital L 70 | CC D09C; # capital M 71 | CD D09D; # capital N 72 | CE D09E; # capital O 73 | CF D09F; # capital P 74 | 75 | D0 D0A0; # capital R 76 | D1 D0A1; # capital S 77 | D2 D0A2; # capital T 78 | D3 D0A3; # capital U 79 | D4 D0A4; # capital F 80 | D5 D0A5; # capital KH 81 | D6 D0A6; # capital TS 82 | D7 D0A7; # capital CH 83 | D8 D0A8; # capital SH 84 | D9 D0A9; # capital SHCH 85 | DA D0AA; # capital hard sign 86 | DB D0AB; # capital Y 87 | DC D0AC; # capital soft sign 88 | DD D0AD; # capital E 89 | DE D0AE; # capital YU 90 | DF D0AF; # capital YA 91 | 92 | E0 D0B0; # small a 93 | E1 D0B1; # small b 94 | E2 D0B2; # small v 95 | E3 D0B3; # small g 96 | E4 D0B4; # small d 97 | E5 D0B5; # small ye 98 | E6 D0B6; # small zh 99 | E7 D0B7; # small z 100 | E8 D0B8; # small i 101 | E9 D0B9; # small j 102 | EA D0BA; # small k 103 | EB D0BB; # small l 104 | EC D0BC; # small m 105 | ED D0BD; # small n 106 | EE D0BE; # small o 107 | EF D0BF; # small p 108 | 109 | F0 D180; # small r 110 | F1 D181; # small s 111 | F2 D182; # small t 112 | F3 D183; # small u 113 | F4 D184; # small f 114 | F5 D185; # small kh 115 | F6 D186; # small ts 116 | F7 D187; # small ch 117 | F8 D188; # small sh 118 | F9 D189; # small shch 119 | FA D18A; # small hard sign 120 | FB D18B; # small y 121 | FC D18C; # small soft sign 122 | FD D18D; # small e 123 | FE D18E; # small yu 124 | FF D18F; # small ya 125 | } 126 | -------------------------------------------------------------------------------- /drupal: -------------------------------------------------------------------------------- 1 | # Drupal include, adapted from https://raw.github.com/perusio/drupal-with-nginx 2 | index index.php; 3 | 4 | ## The 'default' location. 5 | location / { 6 | ## If accessing an image generated by imagecache, serve it directly if 7 | ## available, if not relay the request to Drupal to (re)generate the 8 | ## image. 9 | location ~* /imagecache/ { 10 | access_log off; 11 | expires 30d; 12 | try_files $uri @rewrite; 13 | } 14 | 15 | ## Drupal 7 generated image handling, i.e., imagecache in core. See: 16 | ## https://drupal.org/node/371374. 17 | location ~* /files/styles/ { 18 | access_log off; 19 | expires 30d; 20 | try_files $uri @rewrite; 21 | } 22 | 23 | ## Regular private file serving (i.e. handled by Drupal). 24 | location ^~ /system/files/ { 25 | ## For not signaling a 404 in the error log whenever the 26 | ## system/files directory is accessed add the line below. 27 | ## Note that the 404 is the intended behavior. 28 | log_not_found off; 29 | access_log off; 30 | expires 30d; 31 | try_files $uri @rewrite; 32 | } 33 | 34 | ## All static files will be served directly. 35 | location ~* ^.+\.(?:txt|css|js|jpe?g|gif|htc|ico|png|html|xml)$ { 36 | access_log off; 37 | log_not_found off; 38 | expires 30d; 39 | ## No need to bleed constant updates. Send the all shebang in one 40 | ## fell swoop. 41 | tcp_nodelay off; 42 | ## Set the OS file cache. 43 | open_file_cache max=3000 inactive=120s; 44 | open_file_cache_valid 45s; 45 | open_file_cache_min_uses 2; 46 | open_file_cache_errors off; 47 | } 48 | 49 | ## PDFs and powerpoint files handling. 50 | location ~* ^.+\.(?:pdf|pptx?)$ { 51 | expires 30d; 52 | ## No need to bleed constant updates. Send the all shebang in one 53 | ## fell swoop. 54 | tcp_nodelay off; 55 | } 56 | 57 | ## Replicate the Apache directive of Drupal standard 58 | ## .htaccess. Disable access to any code files. Return a 404 to curtail 59 | ## information disclosure. Hide also the text files. 60 | location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { 61 | return 404; 62 | } 63 | 64 | try_files $uri @rewrite; 65 | } 66 | 67 | ########### Security measures ########## 68 | 69 | ## Restrict access to the strictly necessary PHP files. Reducing the 70 | ## scope for exploits. Handling of PHP code and the Drupal event loop. 71 | location = /index.php { 72 | include fastcgi_params; 73 | ## This enables a fallback for whenever the 'default' upstream fails. 74 | fastcgi_pass $php_upstream; 75 | ## FastCGI Cache. 76 | include fastcgi_cache; 77 | 78 | ## Filefield Upload progress 79 | ## http://drupal.org/project/filefield_nginx_progress support 80 | ## through the NgninxUploadProgress modules. 81 | #track_uploads uploads 60s; 82 | } 83 | 84 | location @rewrite { 85 | # Some modules enforce no slash (/) at the end of the URL 86 | # Else this rewrite block wouldn't be needed (GlobalRedirect) 87 | rewrite ^/(.*)$ /index.php?q=$1; 88 | } 89 | 90 | ## Disallow access to .git directory: return 404 as not to disclose 91 | ## information. 92 | location ~ /.git { 93 | return 404; 94 | } 95 | 96 | ## Disallow access to patches directory. 97 | location ~ /patches { 98 | return 404; 99 | } 100 | 101 | ## Disallow access to drush backup directory. 102 | location = /backup { 103 | return 404; 104 | } 105 | 106 | ## Disable access logs for robots.txt. 107 | location = /robots.txt { 108 | access_log off; 109 | } 110 | 111 | ## RSS feed support. 112 | location = /rss.xml { 113 | try_files $uri @rewrite; 114 | } 115 | 116 | ## XML Sitemap support. 117 | location = /sitemap.xml { 118 | try_files $uri @rewrite; 119 | } 120 | 121 | ## Support for favicon. Return a 204 (No Content) if the favicon 122 | ## doesn't exist. 123 | location = /favicon.ico { 124 | try_files /favicon.ico =204; 125 | } 126 | 127 | ## Any other attempt to access PHP files returns a 404. 128 | location ~* ^.+\.php$ { 129 | return 404; 130 | } 131 | --------------------------------------------------------------------------------