├── README.md
├── blacklist.conf
├── fastcgi.conf
├── fastcgi_params
├── koi-utf
├── koi-win
├── mime.types
├── nginx.conf
├── php_fpm_status_allowed_hosts.conf
├── php_fpm_status_vhost.conf
├── reverse_proxy.conf
├── sites-available
    ├── 000-default
    ├── example.com.conf
    └── wp_supercache.conf
├── upstream_phpapache.conf
├── upstream_phpcgi.conf
└── win-utf


/README.md:
--------------------------------------------------------------------------------
  1 | # Nginx configuration for WordPress
  2 | 
  3 | ## Introduction 
  4 | 
  5 |    This is a nginx configuration for running [WordPress](http://wordpress.org "WordPress").
  6 |    
  7 |    It **differs** from the _usual_ configuration, like the
  8 |    [one](http://wiki.nginx.org/Wordpress "Nginx Wiki WordPress
  9 |    config") available on the [Nginx Wiki](http://wiki.nginx.org "Nginx
 10 |    Wiki").
 11 |    
 12 |    It makes use of **nested locations** with named capture groups
 13 |    instead of [fastcgi_split\_path\_info](http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info
 14 |    "FastCGI split path info").
 15 | 
 16 |    This example configuration assumes that the site is called
 17 |    `example.com`. Change accordingly to reflect your server setup.
 18 |    
 19 | ## Features
 20 | 
 21 |    1. Filtering of invalid HTTP `Host` headers.
 22 | 
 23 |    2. Access to install files, like `install.php,` is protected using
 24 |       [HTTP Basic Auth](http://wiki.nginx.org/NginxHttpAuthBasicModule
 25 |       "Basic Auth Nginx Module").  
 26 | 
 27 |    3. Protection of all the _internal_ directories, like version
 28 |       control repositories and the `readme` file(s) 
 29 |       that come with WP or an external plugin.
 30 | 
 31 |    4. Faster and more secure handling of PHP FastCGI by Nginx using
 32 |       named groups in regular expressions instead of using
 33 |       [fastcgi_split\_path\_info](http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info
 34 |       "FastCGI split path info"). Requires Nginx version &ge; 0.8.25.
 35 | 
 36 |    5. Compatible with the WordPress plugin
 37 |       [wp-super-cache](http://wordpress.org/extend/plugins/wp-super-cache "WordPress
 38 |       SuperCache") for serving static pages to anonymous users.
 39 |       
 40 |    6. [Upload Progress](http://wiki.nginx.org/NginxHttpUploadProgressModule
 41 |       "Upload progress Nginx module") support.   
 42 |    
 43 |    7. Possibility of using **Apache** as a backend for dealing with
 44 |       PHP. Meaning using Nginx as
 45 |       [reverse proxy](http://wiki.nginx.org/HttpProxyModule "Nginx
 46 |       Proxy Module").
 47 |       
 48 |    8. Operating system
 49 |       [open files cache](http://wiki.nginx.org/HttpCoreModule#open_file_cache)
 50 |       for static assets like CSS and JS, for example.
 51 |       
 52 |    9. [FLV](http://wiki.nginx.org/HttpFlvStreamModule) and
 53 |       [H264/AAC](http://nginx.org/en/docs/http/ngx_http_mp4_module.html)
 54 |       pseudo streaming support. 
 55 |       
 56 |       Note that for **mp4** streaming to work properly, with seeking
 57 |       enabled, you must use a **compatible player** and run a Nginx
 58 |       version greater or equal to 1.1.3 for the development branch and
 59 |       1.0.7 for the stable branch.
 60 | 
 61 | ## Basic Auth for access to restricted files like install.php
 62 | 
 63 |    `install.php` and the WordPress `readme.html` are protected using
 64 |    Basic Auth. The readme file discloses the version number of
 65 |    WordPress.
 66 |    
 67 |    Not only `install.php`, but any PHP file that has **install.php**
 68 |    as the ending is protected. This way if, for example, there's a
 69 |    permission problem with `wp-config.php` and WP can't read the file
 70 |    it will invoke `install.php` since it assumes that if no specific
 71 |    configuration information is available then the site must not yet
 72 |    be installed. Now imagine that this happens on your site and that
 73 |    someone stumbles on the `install.php`? If not protected by the
 74 |    Basic Auth, information disclosure would be the least potential
 75 |    problem.
 76 | 
 77 |    You have to create the `.htpasswd-users` file with the user(s) and
 78 |    password(s). For that, if you're on Debian or any of its
 79 |    derivatives like Ubuntu you need the
 80 |    [apache2-utils](http://packages.debian.org/search?suite%3Dall&section%3Dall&arch%3Dany&searchon%3Dnames&keywords%3Dapache2-utils)
 81 |    package installed. Then create your password file by issuing:
 82 | 
 83 |           htpasswd -d -b -c .htpasswd-users <user> <password>
 84 | 
 85 |    You should delete this command from your shell history
 86 |    afterwards with `history -d <command number>` or alternatively
 87 |    omit the `-b` switch, then you'll be prompted for the password.
 88 | 
 89 |    This creates the file (there's a `-c` switch). For adding
 90 |    additional users omit the `-c`.
 91 | 
 92 |    Of course you can rename the password file to whatever you want,
 93 |    then accordingly change its name in the virtual host config
 94 |    file, `example.com`.
 95 | 
 96 | ## Nginx as a Reverse Proxy: Proxying to Apache for PHP
 97 | 
 98 |    If you **absolutely need** to use the rather _bad habit_ of
 99 |    deploying web apps relying on `.htaccess`, or you just want to use
100 |    Nginx as a reverse proxy. The config allows you to do so. Note that
101 |    this provides some benefits over using only Apache, since Nginx is
102 |    much faster than Apache. Furthermore you can use the proxy cache
103 |    and/or use Nginx as a load balancer. 
104 | 
105 | ## IPv6 and IPv4
106 | 
107 | The configuration of the example vhosts uses **separate** sockets for
108 | IPv6 and IPv4. This way is simpler for those not (yet) having IPv6
109 | support to disable it by commenting out the
110 | [`listen`](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)
111 | directive with the `ipv6only=on` parameter.
112 | 
113 | Note that the IPv6 address uses an IP _stolen_ from the
114 | [IPv6 Wikipedia page](https://en.wikipedia.org/wiki/IPv6). You **must
115 | replace** the indicated address by **your** address.
116 | 
117 | ## Installation
118 | 
119 |    1. Move the old `/etc/nginx` directory to `/etc/nginx.old`.
120 |    
121 |    2. Clone the git repository from github:
122 |    
123 |       `git clone https://github.com/perusio/wordpress-nginx.git`
124 |    
125 |    3. Edit the `sites-available/example.com.conf` configuration file
126 |       to suit your requirements. Namely replacing `example.com` with
127 |       **your** domain.
128 |    
129 |    4. Setup the PHP handling method. It can be:
130 |    
131 |       + Upstream HTTP server like Apache with mod_php. To use this
132 |         method comment out the `include upstream_phpcgi.conf;`
133 |         line in `nginx.conf` and uncomment the lines:
134 |         
135 |             include reverse_proxy.conf;
136 |             include upstream_phpapache.conf;
137 | 
138 |         Now you must set the proper address and port for your
139 |         backend(s) in the `upstream_phpapache.conf`. By default it
140 |         assumes the loopback `127.0.0.1` interface on port
141 |         `8080`. Adjust accordingly to reflect your setup.
142 | 
143 |         Comment out **all**  `fastcgi_pass` directives in either
144 |         `drupal_boost.conf` or `drupal_boost_drush.conf`, depending
145 |         which config layout you're using. Uncomment out all the
146 |         `proxy_pass` directives. They have a comment around them,
147 |         stating these instructions.
148 |       
149 |       + FastCGI process using php-cgi. In this case an
150 |         [init script](https://github.com/perusio/php-fastcgi-debian-script
151 |         "Init script for php-cgi") is
152 |         required. This is how the server is configured out of the
153 |         box. It uses UNIX sockets. You can use TCP sockets if you prefer.
154 |       
155 |       + [PHP FPM](http://www.php-fpm.org "PHP FPM"), this requires you
156 |         to configure your fpm setup, in Debian/Ubuntu this is done in
157 |         the `/etc/php5/fpm` directory.
158 |         
159 |         Look [here](https://github.com/perusio/php-fpm-example-config) for
160 |         an **example configuration** of `php-fpm`.
161 |         
162 |       Check that the socket is properly created and is listening. This
163 |       can be done with `netstat`, like this for UNIX sockets:
164 |       
165 |           netstat --unix -l
166 |          
167 |       And like this for TCP sockets:   
168 |          
169 |           netstat -t -l
170 |    
171 |       It should display the PHP CGI socket.
172 |    
173 |       Note that the default socket type is UNIX and the config assumes
174 |       it to be listening on `unix:/tmp/php-cgi/php-cgi.socket`, if
175 |       using the `php-cgi`, or in `unix:/var/run/php-fpm.sock` using
176 |       `php-fpm` and that you should **change** to reflect your setup
177 |       by editing `upstream_phpcgi.conf`.
178 |    
179 |    
180 |    5. Create the `/etc/nginx/sites-enabled` directory and enable the
181 |       virtual host using one of the methods described below.
182 | 
183 |       Note that if you're using the
184 |       [nginx_ensite](http://github.com/perusio/nginx_ensite) script
185 |       described below it **creates** the `/etc/nginx/sites-enabled`
186 |       directory if it doesn't exist the first time you run it for
187 |       enabling a site.    
188 | 
189 |    6. Reload Nginx:
190 |    
191 |       `/etc/init.d/nginx reload`
192 |    
193 |    7. Check that WordPress is working by visiting the configured site
194 |       in your browser.
195 |    
196 |    8. Remove the `/etc/nginx.old` directory.
197 |    
198 |    9. Done.
199 |    
200 | ## Enabling and Disabling Virtual Hosts
201 | 
202 |    I've created a shell script
203 |    [nginx_ensite](http://github.com/perusio/nginx_ensite) that lives
204 |    here on github for quick enabling and disabling of virtual hosts.
205 |    
206 |    If you're not using that script then you have to **manually**
207 |    create the symlinks from `sites-enabled` to `sites-available`. Only
208 |    the virtual hosts configured in `sites-enabled` will be available
209 |    for Nginx to serve.
210 |    
211 | ## Acessing the php-fpm status and ping pages
212 | 
213 |    You can get the
214 |    [status and a ping](http://forum.nginx.org/read.php?3,56426) pages
215 |    for the running instance of `php-fpm`. There's a
216 |    `php_fpm_status.conf` file with the configuration for both
217 |    features.
218 |    
219 |    + the **status page** at `/fpm-status`;
220 |      
221 |    + the **ping page** at `/ping`.
222 | 
223 |    For obvious reasons these pages are acessed only from a given set
224 |    of IP addresses. In the suggested configuration only from
225 |    localhost and non-routable IPs of the 192.168.1.0 network.
226 | 
227 |    The allowed hosts are defined in a geo block in file
228 |    `php_fpm_status_allowed_hosts.conf`. You should edit the predefined
229 |    IP addresses to suit your setup.     
230 |    
231 |    To enable the status and ping pages uncomment the line in the
232 |    `example.com.conf` virtual host configuration file.   
233 |    
234 |    
235 | ## Getting the latest Nginx packaged for Debian or Ubuntu
236 | 
237 |    I maintain a [debian repository](http://debian.perusio.net/unstable
238 |    "my debian repo") with the
239 |    [latest](http://nginx.org/en/download.html "Nginx source download")
240 |    version of Nginx. This is packaged for Debian **unstable** or
241 |    **testing**. The instructions for using the repository are
242 |    presented on this [page](http://debian.perusio.net/debian.html
243 |    "Repository instructions").
244 |  
245 |    It may work or not on Ubuntu. Since Ubuntu seems to appreciate more
246 |    finding semi-witty names for their releases instead of making clear
247 |    what's the status of the software included. Is it **stable**? Is it
248 |    **testing**? Is it **unstable**? The package may work with your
249 |    currently installed environment or not. I don't have the faintest
250 |    idea which release to advise. So you're on your own. Generally the
251 |    APT machinery will sort out for you any dependencies issues that
252 |    might exist.
253 | 
254 | ## My other Nginx configs on github
255 | 
256 |    + [Drupal](https://github.com/perusio/drupal-with-nginx "Drupal
257 |      Nginx configuration")
258 |      
259 |    + [Piwik](https://github.com/perusio/piwik-nginx "Piwik Nginx
260 |      configuration")
261 |      
262 |    + [Chive](https://github.com/perusio/chive-nginx "Chive Nginx
263 |      configuration")
264 |      
265 |    + [Redmine](https://github.com/perusio/redmine-nginx "Redmine Nginx
266 |      configuration")  
267 | 
268 |    + [SquirrelMail](https://github.com/perusio/squirrelmail-nginx
269 |      "SquirrelMail Nginx configuration")
270 | 
271 | ## Securing your PHP configuration
272 | 
273 |    I have created a small shell script that parses your `php.ini` and
274 |    sets a sane environment, be it for **development** or
275 |    **production** settings. 
276 |    
277 |    Grab it [here](https://github.com/perusio/php-ini-cleanup "PHP
278 |    cleanup script").
279 | 
280 | ## Acknowledgments
281 | 
282 |    Thanks to [Burçe Boran](http://www.burceboran.com) for helping me
283 |    sort out the issues of the configuration for supercache 0.9.9.9.
284 | 


--------------------------------------------------------------------------------
/blacklist.conf:
--------------------------------------------------------------------------------
 1 | #-*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
 2 | ### This file implements a blacklist for certain user agents and
 3 | ### referrers. It's a first line of defense. It must be included
 4 | ### inside a http block.
 5 | 
 6 | 
 7 | ## Add here all user agents that are to be blocked.
 8 | map $http_user_agent $bad_bot {
 9 |     default 0;
10 |     libwww-perl                      1;
11 |     ~(?i)(httrack|htmlparser|libwww) 1;
12 | }
13 | 
14 | ## Add here all referrers that are to blocked.
15 | map $http_referer $bad_referer {
16 |     default 0;
17 |     ~(?i)(babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica) 1;
18 | }
19 | 


--------------------------------------------------------------------------------
/fastcgi.conf:
--------------------------------------------------------------------------------
 1 | #-*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
 2 | ### fastcgi configuration.
 3 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 4 | include fastcgi_params;
 5 | fastcgi_buffers 256 4k;
 6 | fastcgi_intercept_errors on;
 7 | ## allow 4 hrs - pass timeout responsibility to upstrea
 8 | fastcgi_read_timeout 14400; 
 9 | fastcgi_index index.php;      
10 | 


--------------------------------------------------------------------------------
/fastcgi_params:
--------------------------------------------------------------------------------
 1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
 2 | ### fastcgi parameters.
 3 | fastcgi_param  QUERY_STRING       $query_string;
 4 | fastcgi_param  REQUEST_METHOD     $request_method;
 5 | fastcgi_param  CONTENT_TYPE       $content_type;
 6 | fastcgi_param  CONTENT_LENGTH     $content_length;
 7 | 
 8 | fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 9 | fastcgi_param  REQUEST_URI        $request_uri;
10 | fastcgi_param  DOCUMENT_URI       $document_uri;
11 | fastcgi_param  DOCUMENT_ROOT      $document_root;
12 | fastcgi_param  SERVER_PROTOCOL    $server_protocol;
13 | 
14 | fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
15 | fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
16 | 
17 | fastcgi_param  REMOTE_ADDR        $remote_addr;
18 | fastcgi_param  REMOTE_PORT        $remote_port;
19 | fastcgi_param  SERVER_ADDR        $server_addr;
20 | fastcgi_param  SERVER_PORT        $server_port;
21 | fastcgi_param  SERVER_NAME        $server_name;
22 | 
23 | # PHP only, required if PHP was built with --enable-force-cgi-redirect
24 | fastcgi_param  REDIRECT_STATUS    200;
25 | 


--------------------------------------------------------------------------------
/koi-utf:
--------------------------------------------------------------------------------
  1 | 
  2 | # This map is not a full koi8-r <> utf8 map: it does not contain
  3 | # box-drawing and some other characters.  Besides this map contains
  4 | # several koi8-u and Byelorussian letters which are not in koi8-r.
  5 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf
  6 | # map instead.
  7 | 
  8 | charset_map  koi8-r  utf-8 {
  9 | 
 10 |     80  E282AC ; # euro
 11 | 
 12 |     95  E280A2 ; # bullet
 13 | 
 14 |     9A  C2A0 ;   # &nbsp;
 15 | 
 16 |     9E  C2B7 ;   # &middot;
 17 | 
 18 |     A3  D191 ;   # small yo
 19 |     A4  D194 ;   # small Ukrainian ye
 20 | 
 21 |     A6  D196 ;   # small Ukrainian i
 22 |     A7  D197 ;   # small Ukrainian yi
 23 | 
 24 |     AD  D291 ;   # small Ukrainian soft g
 25 |     AE  D19E ;   # small Byelorussian short u
 26 | 
 27 |     B0  C2B0 ;   # &deg;
 28 | 
 29 |     B3  D081 ;   # capital YO
 30 |     B4  D084 ;   # capital Ukrainian YE
 31 | 
 32 |     B6  D086 ;   # capital Ukrainian I
 33 |     B7  D087 ;   # capital Ukrainian YI
 34 | 
 35 |     B9  E28496 ; # numero sign
 36 | 
 37 |     BD  D290 ;   # capital Ukrainian soft G
 38 |     BE  D18E ;   # capital Byelorussian short U
 39 | 
 40 |     BF  C2A9 ;   # (C)
 41 | 
 42 |     C0  D18E ;   # small yu
 43 |     C1  D0B0 ;   # small a
 44 |     C2  D0B1 ;   # small b
 45 |     C3  D186 ;   # small ts
 46 |     C4  D0B4 ;   # small d
 47 |     C5  D0B5 ;   # small ye
 48 |     C6  D184 ;   # small f
 49 |     C7  D0B3 ;   # small g
 50 |     C8  D185 ;   # small kh
 51 |     C9  D0B8 ;   # small i
 52 |     CA  D0B9 ;   # small j
 53 |     CB  D0BA ;   # small k
 54 |     CC  D0BB ;   # small l
 55 |     CD  D0BC ;   # small m
 56 |     CE  D0BD ;   # small n
 57 |     CF  D0BE ;   # small o
 58 | 
 59 |     D0  D0BF ;   # small p
 60 |     D1  D18F ;   # small ya
 61 |     D2  D180 ;   # small r
 62 |     D3  D181 ;   # small s
 63 |     D4  D182 ;   # small t
 64 |     D5  D183 ;   # small u
 65 |     D6  D0B6 ;   # small zh
 66 |     D7  D0B2 ;   # small v
 67 |     D8  D18C ;   # small soft sign
 68 |     D9  D18B ;   # small y
 69 |     DA  D0B7 ;   # small z
 70 |     DB  D188 ;   # small sh
 71 |     DC  D18D ;   # small e
 72 |     DD  D189 ;   # small shch
 73 |     DE  D187 ;   # small ch
 74 |     DF  D18A ;   # small hard sign
 75 | 
 76 |     E0  D0AE ;   # capital YU
 77 |     E1  D090 ;   # capital A
 78 |     E2  D091 ;   # capital B
 79 |     E3  D0A6 ;   # capital TS
 80 |     E4  D094 ;   # capital D
 81 |     E5  D095 ;   # capital YE
 82 |     E6  D0A4 ;   # capital F
 83 |     E7  D093 ;   # capital G
 84 |     E8  D0A5 ;   # capital KH
 85 |     E9  D098 ;   # capital I
 86 |     EA  D099 ;   # capital J
 87 |     EB  D09A ;   # capital K
 88 |     EC  D09B ;   # capital L
 89 |     ED  D09C ;   # capital M
 90 |     EE  D09D ;   # capital N
 91 |     EF  D09E ;   # capital O
 92 | 
 93 |     F0  D09F ;   # capital P
 94 |     F1  D0AF ;   # capital YA
 95 |     F2  D0A0 ;   # capital R
 96 |     F3  D0A1 ;   # capital S
 97 |     F4  D0A2 ;   # capital T
 98 |     F5  D0A3 ;   # capital U
 99 |     F6  D096 ;   # capital ZH
100 |     F7  D092 ;   # capital V
101 |     F8  D0AC ;   # capital soft sign
102 |     F9  D0AB ;   # capital Y
103 |     FA  D097 ;   # capital Z
104 |     FB  D0A8 ;   # capital SH
105 |     FC  D0AD ;   # capital E
106 |     FD  D0A9 ;   # capital SHCH
107 |     FE  D0A7 ;   # capital CH
108 |     FF  D0AA ;   # capital hard sign
109 | }
110 | 


--------------------------------------------------------------------------------
/koi-win:
--------------------------------------------------------------------------------
  1 | 
  2 | charset_map  koi8-r  windows-1251 {
  3 | 
  4 |     80  88 ; # euro
  5 | 
  6 |     95  95 ; # bullet
  7 | 
  8 |     9A  A0 ; # &nbsp;
  9 | 
 10 |     9E  B7 ; # &middot;
 11 | 
 12 |     A3  B8 ; # small yo
 13 |     A4  BA ; # small Ukrainian ye
 14 | 
 15 |     A6  B3 ; # small Ukrainian i
 16 |     A7  BF ; # small Ukrainian yi
 17 | 
 18 |     AD  B4 ; # small Ukrainian soft g
 19 |     AE  A2 ; # small Byelorussian short u
 20 | 
 21 |     B0  B0 ; # &deg;
 22 | 
 23 |     B3  A8 ; # capital YO
 24 |     B4  AA ; # capital Ukrainian YE
 25 | 
 26 |     B6  B2 ; # capital Ukrainian I
 27 |     B7  AF ; # capital Ukrainian YI
 28 | 
 29 |     B9  B9 ; # numero sign
 30 | 
 31 |     BD  A5 ; # capital Ukrainian soft G
 32 |     BE  A1 ; # capital Byelorussian short U
 33 | 
 34 |     BF  A9 ; # (C)
 35 | 
 36 |     C0  FE ; # small yu
 37 |     C1  E0 ; # small a
 38 |     C2  E1 ; # small b
 39 |     C3  F6 ; # small ts
 40 |     C4  E4 ; # small d
 41 |     C5  E5 ; # small ye
 42 |     C6  F4 ; # small f
 43 |     C7  E3 ; # small g
 44 |     C8  F5 ; # small kh
 45 |     C9  E8 ; # small i
 46 |     CA  E9 ; # small j
 47 |     CB  EA ; # small k
 48 |     CC  EB ; # small l
 49 |     CD  EC ; # small m
 50 |     CE  ED ; # small n
 51 |     CF  EE ; # small o
 52 | 
 53 |     D0  EF ; # small p
 54 |     D1  FF ; # small ya
 55 |     D2  F0 ; # small r
 56 |     D3  F1 ; # small s
 57 |     D4  F2 ; # small t
 58 |     D5  F3 ; # small u
 59 |     D6  E6 ; # small zh
 60 |     D7  E2 ; # small v
 61 |     D8  FC ; # small soft sign
 62 |     D9  FB ; # small y
 63 |     DA  E7 ; # small z
 64 |     DB  F8 ; # small sh
 65 |     DC  FD ; # small e
 66 |     DD  F9 ; # small shch
 67 |     DE  F7 ; # small ch
 68 |     DF  FA ; # small hard sign
 69 | 
 70 |     E0  DE ; # capital YU
 71 |     E1  C0 ; # capital A
 72 |     E2  C1 ; # capital B
 73 |     E3  D6 ; # capital TS
 74 |     E4  C4 ; # capital D
 75 |     E5  C5 ; # capital YE
 76 |     E6  D4 ; # capital F
 77 |     E7  C3 ; # capital G
 78 |     E8  D5 ; # capital KH
 79 |     E9  C8 ; # capital I
 80 |     EA  C9 ; # capital J
 81 |     EB  CA ; # capital K
 82 |     EC  CB ; # capital L
 83 |     ED  CC ; # capital M
 84 |     EE  CD ; # capital N
 85 |     EF  CE ; # capital O
 86 | 
 87 |     F0  CF ; # capital P
 88 |     F1  DF ; # capital YA
 89 |     F2  D0 ; # capital R
 90 |     F3  D1 ; # capital S
 91 |     F4  D2 ; # capital T
 92 |     F5  D3 ; # capital U
 93 |     F6  C6 ; # capital ZH
 94 |     F7  C2 ; # capital V
 95 |     F8  DC ; # capital soft sign
 96 |     F9  DB ; # capital Y
 97 |     FA  C7 ; # capital Z
 98 |     FB  D8 ; # capital SH
 99 |     FC  DD ; # capital E
100 |     FD  D9 ; # capital SHCH
101 |     FE  D7 ; # capital CH
102 |     FF  DA ; # capital hard sign
103 | }
104 | 


--------------------------------------------------------------------------------
/mime.types:
--------------------------------------------------------------------------------
 1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-current-dictionary: american -*-
 2 | types {
 3 |     text/html                             html htm shtml;
 4 |     text/css                              css;
 5 |     text/xml                              xml rss;
 6 |     image/gif                             gif;
 7 |     image/jpeg                            jpeg jpg;
 8 |     application/x-javascript              js;
 9 |     application/atom+xml                  atom;
10 | 
11 |     text/mathml                           mml;
12 |     text/plain                            txt;
13 |     text/vnd.sun.j2me.app-descriptor      jad;
14 |     text/vnd.wap.wml                      wml;
15 |     text/x-component                      htc;
16 | 
17 |     image/png                             png;
18 |     image/tiff                            tif tiff;
19 |     image/vnd.wap.wbmp                    wbmp;
20 |     image/x-icon                          ico;
21 |     image/x-jng                           jng;
22 |     image/x-ms-bmp                        bmp;
23 |     image/svg+xml                         svg svgz;
24 | 
25 |     application/java-archive              jar war ear;
26 |     application/mac-binhex40              hqx;
27 |     application/msword                    doc;
28 |     application/pdf                       pdf;
29 |     application/postscript                ps eps ai;
30 |     application/rtf                       rtf;
31 |     application/vnd.ms-excel              xls;
32 |     application/vnd.ms-powerpoint         ppt;
33 |     application/vnd.wap.wmlc              wmlc;
34 |     application/vnd.wap.xhtml+xml         xhtml;
35 |     application/x-7z-compressed           7z;
36 |     application/x-cocoa                   cco;
37 |     application/x-java-archive-diff       jardiff;
38 |     application/x-java-jnlp-file          jnlp;
39 |     application/x-makeself                run;
40 |     application/x-perl                    pl pm;
41 |     application/x-pilot                   prc pdb;
42 |     application/x-rar-compressed          rar;
43 |     application/x-redhat-package-manager  rpm;
44 |     application/x-sea                     sea;
45 |     application/x-shockwave-flash         swf;
46 |     application/x-stuffit                 sit;
47 |     application/x-tcl                     tcl tk;
48 |     application/x-x509-ca-cert            der pem crt;
49 |     application/x-xpinstall               xpi;
50 |     application/zip                       zip;
51 | 
52 |     # Mime types for web fonts. Stolen from here:
53 |     # http://seconddrawer.com.au/blog/ in part.
54 |     application/x-font-ttf                ttf;
55 |     font/opentype                         otf;
56 |     application/vnd.ms-fontobject         eot;
57 |     application/x-woff                    woff;
58 | 
59 |     application/octet-stream              bin exe dll;
60 |     application/octet-stream              deb;
61 |     application/octet-stream              dmg;
62 |     application/octet-stream              iso img;
63 |     application/octet-stream              msi msp msm;
64 | 
65 |     audio/midi                            mid midi kar;
66 |     audio/mpeg                            mp3;
67 |     audio/x-realaudio                     ra;
68 | 
69 |     video/3gpp                            3gpp 3gp;
70 |     video/mpeg                            mpeg mpg;
71 |     video/quicktime                       mov;
72 |     video/x-flv                           flv;
73 |     video/x-mng                           mng;
74 |     video/x-ms-asf                        asx asf;
75 |     video/x-ms-wmv                        wmv;
76 |     video/x-msvideo                       avi;
77 | }
78 | 


--------------------------------------------------------------------------------
/nginx.conf:
--------------------------------------------------------------------------------
  1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
  2 | user www-data;
  3 | worker_processes  4;
  4 | 
  5 | error_log  /var/log/nginx/error.log;
  6 | pid        /var/run/nginx.pid;
  7 | 
  8 | worker_rlimit_nofile 8192;
  9 | 
 10 | events {
 11 |     worker_connections  4096;
 12 |     ## epoll is preferred on 2.6 Linux
 13 |     ## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll
 14 |     use epoll;
 15 |     ## Accept as many connections as possible.
 16 |     multi_accept on;
 17 | }
 18 | 
 19 | http {
 20 |     ## MIME types.
 21 |     include     /etc/nginx/mime.types;
 22 |     default_type  application/octet-stream;
 23 | 
 24 |     ## FastCGI.
 25 |     include     /etc/nginx/fastcgi.conf;
 26 | 
 27 |     ## Default log and error files.
 28 |     access_log  /var/log/nginx/access.log;
 29 |     error_log   /var/log/nginx/error.log;
 30 | 
 31 |     ## Use sendfile() syscall to speed up I/O operations and speed up
 32 |     ## static file serving.
 33 |     sendfile        on;
 34 |     ## Handling of IPs in proxied and load balancing situations.
 35 |     set_real_ip_from        0.0.0.0/32; # all addresses get a real IP.
 36 |     real_ip_header     X-Forwarded-For; # the ip is forwarded from the load balancer/proxy
 37 | 
 38 |     ## Define a zone for limiting the number of simultaneous
 39 |     ## connections nginx accepts. 1m means 32000 simultaneous
 40 |     ## sessions. We need to define for each server the limit_conn
 41 |     ## value refering to this or other zones.
 42 |     ## ** This syntax requires nginx version >=
 43 |     ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older
 44 |     ## ** version then use the limit_zone directive below
 45 |     ## ** instead. Comment out this
 46 |     ## ** one if not using nginx version >= 1.1.8.
 47 |     limit_conn_zone $binary_remote_addr zone=arbeit:10m;
 48 | 
 49 |     ## Define a zone for limiting the number of simultaneous
 50 |     ## connections nginx accepts. 1m means 32000 simultaneous
 51 |     ## sessions. We need to define for each server the limit_conn
 52 |     ## value refering to this or other zones.
 53 |     ## ** Use this directive for nginx versions below 1.1.8. Uncomment the line below.
 54 |     #limit_zone arbeit $binary_remote_addr 10m;
 55 | 
 56 |     ## Timeouts.
 57 |     client_body_timeout             60;
 58 |     client_header_timeout           60;
 59 |     keepalive_timeout            10 10;
 60 |     send_timeout                    60;
 61 | 
 62 |     ## Reset lingering timed out connections. Deflect DDoS.
 63 |     reset_timedout_connection on;
 64 | 
 65 |     ## Body size.
 66 |     client_max_body_size 10m;
 67 | 
 68 |     ## TCP options.
 69 |     tcp_nodelay on;
 70 |     ## Optimization of socket handling when using sendfile.
 71 |     tcp_nopush on;
 72 | 
 73 |     ## Compression.
 74 |     gzip              on;
 75 |     gzip_buffers      16 8k;
 76 |     gzip_comp_level   1;
 77 |     gzip_http_version 1.1;
 78 |     gzip_min_length   10;
 79 |     gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
 80 |     gzip_vary         on;
 81 |     gzip_proxied      any; # Compression for all requests.
 82 |     ## No need for regexps. See
 83 |     ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
 84 |     gzip_disable "msie6";
 85 | 
 86 |     ## Serve already compressed files directly, bypassing on-the-fly
 87 |     ## compression.
 88 |     gzip_static on;
 89 | 
 90 |     ## Hide the Nginx version number.
 91 |     server_tokens off;
 92 | 
 93 |     ## Use a SSL/TLS cache for SSL session resume. This needs to be
 94 |     ## here (in this context, for session resumption to work. See this
 95 |     ## thread on the Nginx mailing list:
 96 |     ## http://nginx.org/pipermail/nginx/2010-November/023736.html.
 97 |     ssl_session_cache shared:SSL:10m;
 98 |     ssl_session_timeout 10m;
 99 | 
100 |     ## Enable clickjacking protection in modern browsers. Available in
101 |     ## IE8 also. See
102 |     ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
103 |     add_header X-Frame-Options sameorigin;
104 | 
105 |     ## Include the upstream servers for PHP FastCGI handling config.
106 |     include upstream_phpcgi.conf;
107 | 
108 |     ## Include the upstream servers for Apache handling the PHP
109 |     ## processes. In this case Nginx functions as a reverse proxy.
110 |     #include reverse_proxy.conf;
111 |     #include upstream_phpapache.conf;
112 | 
113 |     ## Include the php-fpm status allowed hosts configuration block.
114 |     ## Uncomment to enable if you're running php-fpm.
115 |     #include php_fpm_status_allowed_hosts.conf;
116 | 
117 |     ## Include blacklist for bad bot and referer blocking.
118 |     include blacklist.conf;
119 | 
120 |     ## Include all vhosts.
121 |     include /etc/nginx/sites-enabled/*;
122 | }
123 | 


--------------------------------------------------------------------------------
/php_fpm_status_allowed_hosts.conf:
--------------------------------------------------------------------------------
 1 | # -*- mode: nginx; mode: flyspell-prog;  ispell-local-dictionary: "american" -*-
 2 | ### Configuration of php-fpm status and ping pages. Here we define the
 3 | ### allowed hosts using the Geo Module. http://wiki.nginx.org/HttpGeoModule
 4 | 
 5 | geo $dont_show_fpm_status {
 6 |     default 1;
 7 |     127.0.0.1 0; # allow on the loopback
 8 |     192.168.1.0/24 0; # allow on an internal network
 9 | }
10 | 


--------------------------------------------------------------------------------
/php_fpm_status_vhost.conf:
--------------------------------------------------------------------------------
 1 | # -*- mode: nginx; mode: flyspell-prog; ispell-current-dictionary: american -*-
 2 | 
 3 | ### The configuration for the status pages of php-fpm. As described in
 4 | ### http://www.php.net/manual/en/install.fpm.configuration.php.
 5 | 
 6 | ### php-fpm provides a status and a heartbeat page that is served through the web server.
 7 | ### Here's an example configuration for them.
 8 | 
 9 | 
10 | ## The status page is at /fpm-status. Only local access is
11 | ## allowed. Non authorized access returns a 404 through the error_page
12 | ## directive.
13 | location = /fpm-status {
14 |     if ($dont_show_fpm_status) {
15 |         return 404;
16 |     }
17 | 
18 |     fastcgi_pass phpcgi;
19 | }
20 | 
21 | 
22 | ## The ping page is at /ping and returns the string configured at the php-fpm level.
23 | ## Also only local network connections (loopback and LAN) are permitted.
24 | location = /ping {
25 |     if ($dont_show_fpm_status) {
26 |         return 404;
27 |     }
28 | 
29 |     fastcgi_pass phpcgi;
30 | }
31 | 


--------------------------------------------------------------------------------
/reverse_proxy.conf:
--------------------------------------------------------------------------------
 1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
 2 | 
 3 | ### Configuration for reverse proxy. Passing the necessary headers to
 4 | ### the backend. Nginx doesn't tunnel the connection, it opens a new
 5 | ### one. Hence whe need to send these headers to the backend so that
 6 | ### the client(s) IP is available to them. The host is also sent.
 7 | 
 8 | proxy_set_header X-Real-IP $remote_addr;
 9 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
10 | proxy_set_header Host $http_host; 
11 | 


--------------------------------------------------------------------------------
/sites-available/000-default:
--------------------------------------------------------------------------------
 1 | # -*-mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
 2 | ### Block all illegal host headers. Taken from a discussion on nginx
 3 | ### forums. Cf. http://forum.nginx.org/read.php?2,3482,3518 following
 4 | ### a suggestion by Maxim Dounin. Also suggested in
 5 | ### http://nginx.org/en/docs/http/request_processing.html.
 6 | server {
 7 |     listen [::]:80 default_server;
 8 |     # Uncomment the line below and comment the above if you're
 9 |     # running a Nginx version less than 0.8.20.
10 |     # listen [::]:80 default;
11 | 
12 |     # Accept redirects based on the value of the Host header. If
13 |     # there's no valid vhost configuration file with a
14 |     # corresponding server_name directive then signal an error and
15 |     # fail silently. See:
16 |     # http://wiki.nginx.org/NginxHttpCoreModule#server_name_in_redirect
17 |     server_name_in_redirect off;
18 |     return 444;
19 | }
20 | 


--------------------------------------------------------------------------------
/sites-available/example.com.conf:
--------------------------------------------------------------------------------
  1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
  2 | ### Nginx configuration for WordPress.
  3 | 
  4 | server {
  5 |     ## This is to avoid the spurious if for sub-domain name
  6 |     ## "rewriting".
  7 |     listen 80; # IPv4
  8 |     listen [fe80::202:b3ff:fe1e:8329]:443 ipv6only=on;
  9 |     server_name www.example.com;
 10 |     return 301 $scheme://example.com$request_uri;
 11 | 
 12 | } # server domain rewrite.
 13 | 
 14 | server {
 15 |     listen 80; # IPv4
 16 |     ## Replace the IPv6 address by your own address. The address below
 17 |     ## was stolen from the wikipedia page on IPv6.
 18 |     listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on;
 19 | 
 20 |     limit_conn arbeit 32;
 21 |     server_name example.com;
 22 | 
 23 |     ## Parameterization using hostname of access and log filenames.
 24 |     access_log /var/log/nginx/example.com_access.log;
 25 |     error_log /var/log/nginx/example.com_error.log;
 26 | 
 27 |     ## Root and index files.
 28 |     root /var/www/sites/wp;
 29 |     index index.php;
 30 | 
 31 |     ## See the blacklist.conf file at the parent dir: /etc/nginx.
 32 |     ## Deny access based on the User-Agent header.
 33 |     if ($bad_bot) {
 34 |         return 444;
 35 |     }
 36 |     ## Deny access based on the Referer header.
 37 |     if ($bad_referer) {
 38 |         return 444;
 39 |     }
 40 | 
 41 |     ## Cache control. Useful for WP super cache.
 42 |     add_header Cache-Control "store, must-revalidate, post-check=0, pre-check=0";
 43 | 
 44 |     ## If no favicon exists return a 204 (no content error).
 45 |     location = /favicon.ico {
 46 |         try_files $uri =204;
 47 |         log_not_found off;
 48 |         access_log off;
 49 |     }
 50 | 
 51 |     ## Don't log robots.txt requests.
 52 |     location = /robots.txt {
 53 |         allow all;
 54 |         log_not_found off;
 55 |         access_log off;
 56 |     }
 57 | 
 58 |     ## Protect the readme.html file to not reveal the installed
 59 |     ## version.
 60 |     location = /readme.html {
 61 |         auth_basic "Restricted Access"; # auth realm
 62 |         auth_basic_user_file .htpasswd-users; # htpasswd file
 63 |     }
 64 | 
 65 |     ## Try the requested URI as files before handling it to PHP.
 66 |     location / {
 67 | 
 68 |         ## Include the WP supercache config.
 69 |         include sites-available/wp_supercache.conf;
 70 | 
 71 |         ## Use PATH_INFO for translating the requests to the
 72 |         ## FastCGI. This config follows Igor's suggestion here:
 73 |         ## http://forum.nginx.org/read.php?2,124378,124582.
 74 |         ## This is preferable to using:
 75 |         ## fastcgi_split_path_info ^(.+\.php)(.*)$
 76 |         ## It saves one regex in the location. Hence it's faster.
 77 | 
 78 |         ## Anything that has an install in its name is restricted.
 79 |         location ~ ^(?<script>.+install\.php)(?<path_info>.*)$ {
 80 |             auth_basic "Restricted Access"; # auth realm
 81 |             auth_basic_user_file .htpasswd-users; # htpasswd file
 82 |             include fastcgi.conf;
 83 |             ## The fastcgi_params must be redefined from the ones
 84 |             ## given in fastcgi.conf. No longer standard names
 85 |             ## but arbitrary: named patterns in regex.
 86 |             fastcgi_param SCRIPT_FILENAME $document_root$script;
 87 |             fastcgi_param SCRIPT_NAME $script;
 88 |             fastcgi_param PATH_INFO $path_info;
 89 |             ## Passing the request upstream to the FastCGI
 90 |             ## listener.
 91 |             fastcgi_pass phpcgi;
 92 |         }
 93 | 
 94 |         ## Regular PHP processing.
 95 |         location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
 96 |             include fastcgi.conf;
 97 |             ## The fastcgi_params must be redefined from the ones
 98 |             ## given in fastcgi.conf. No longer standard names
 99 |             ## but arbitrary: named patterns in regex.
100 |             fastcgi_param SCRIPT_FILENAME $document_root$script;
101 |             fastcgi_param SCRIPT_NAME $script;
102 |             fastcgi_param PATH_INFO $path_info;
103 |             ## Passing the request upstream to the FastCGI
104 |             ## listener.
105 |             fastcgi_pass phpcgi;
106 |         }
107 | 
108 |         ## All files/directories that are protected and unaccessible from
109 |         ## the web.
110 |         location ~* ^.*(\.(?:git|svn|htaccess|txt|pot?))$ {
111 |             return 404;
112 |         }
113 | 
114 |         ## Static files are served directly.
115 |         location ~* \.(?:css|gif|htc|ico|js|jpe?g|png|swf)$ {
116 |             expires max;
117 |             log_not_found off;
118 |             ## No need to bleed constant updates. Send the all shebang in one
119 |             ## fell swoop.
120 |             tcp_nodelay off;
121 |             ## Set the OS file cache.
122 |             open_file_cache max=1000 inactive=120s;
123 |             open_file_cache_valid 45s;
124 |             open_file_cache_min_uses 2;
125 |             open_file_cache_errors off;
126 |         }
127 | 
128 |         ## Pseudo streaming for FLVs.
129 |         ## http://wiki.nginx.org/HttpFlvStreamModule.
130 |         location ~* \.flv$ {
131 |             flv;
132 |         }
133 | 
134 |         ## Pseudo streaming of H264/AAC files. This requires an Nginx
135 |         ## version greater or equal to 1.0.7 for the stable branch and
136 |         ## greater or equal to 1.1.3 for the development branch.
137 |         ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
138 |         location ~* .*\.(?:m4a|mp4|mov)$ {
139 |             mp4;
140 |             mp4_buffer_size     1M;
141 |             mp4_max_buffer_size 5M;
142 |         }
143 | 
144 |         ## Keep a tab on the 'big' static files.
145 |         location ~* ^.+\.(?:ogg|pdf|pptx?)$ {
146 |             expires 30d;
147 |             ## No need to bleed constant updates. Send the all shebang in one
148 |             ## fell swoop.
149 |             tcp_nodelay off;
150 |         }
151 |         } # / location
152 | 
153 |         ## The 'final' attempt to serve the request.
154 |         location @nocache {
155 |             try_files $uri $uri/ /index.php?q=$uri&$args;
156 |         }
157 | 
158 |         ## Including the php-fpm status and ping pages config.
159 |         ## Uncomment to enable if you're running php-fpm.
160 |         #include php_fpm_status_vhost.conf;
161 | 
162 |         ## The 404 is signaled through a static page.
163 |         # error_page  404  /404.html;
164 | 
165 |         ## All server error pages go to 50x.html at the document root.
166 |         # error_page 500 502 503 504  /50x.html;
167 |         # location = /50x.html {
168 |         #       root   /var/www/nginx-default;
169 |         # }
170 | 
171 | } # server
172 | 


--------------------------------------------------------------------------------
/sites-available/wp_supercache.conf:
--------------------------------------------------------------------------------
 1 | # -*- mode: nginx; mode:autopair; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
 2 | 
 3 | ### WP configuration for using the supercache plugin.
 4 | 
 5 | ## Mimicking the .htaccess mod_rewrite rules in Nginx. They all return
 6 | ## 405 which means unsupported method.
 7 | 
 8 | ## The line below is no longer needed for supercache
 9 | ## 0.9.9.9. Uncomment the 3 lines below if using and older version.
10 | # if ($request_uri ~ ^.*//.*$) {
11 | #     return 405;
12 | # }
13 | 
14 | ## POST means that it's not a cacheable request.
15 | if ($request_method = POST) {
16 |     return 405;
17 | }
18 | 
19 | ## Query string conditions.
20 | if ($query_string ~ ^.*=.*$) {
21 |     return 405;
22 | }
23 | if ($query_string ~ ^.*attachment_id=.*$) {
24 |     return 405;
25 | }
26 | 
27 | ## If there's a cookie then bust the cache.
28 | if ($http_cookie ~ (?:comment_author_|wordpress_logged_in|wp-postpass_)) {
29 |     return 405;
30 | }
31 | 
32 | ## User agent wrangling for mobile access.
33 | if ($http_x_wap_profile ~ ^[a-z0-9\"]+) {
34 |     return 405;
35 | }
36 | 
37 | if ($http_profile ~ ^[a-z0-9\"]+) {
38 |     return 405;
39 | }
40 | 
41 | ## Mobile user agents should bypass the cache.
42 | if ($http_user_agent ~ ^.*(?:2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).*) {
43 |     return 405;
44 | }
45 | 
46 | ## Mobile user agents should bypass the cache.
47 | if ($http_user_agent ~ ^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).*) {
48 |     return 405;
49 | }
50 | 
51 | ## Redefine 405 as named location nocache for further processing.
52 | error_page 405 = @nocache;
53 | 
54 | ## Try the static files generated by WP supercache before relaying the
55 | ## request to PHP.
56 | try_files /wp-content/cache/supercache/${host}${uri}index.html $uri $uri/ /index.php?q=$uri&$args;
57 | 


--------------------------------------------------------------------------------
/upstream_phpapache.conf:
--------------------------------------------------------------------------------
1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
2 | 
3 | ### Upstream configuration for Apache functioning has a PHP handler.
4 | 
5 | ## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
6 | upstream phpapache {
7 |     server 127.0.0.1:8080;
8 | }
9 | 


--------------------------------------------------------------------------------
/upstream_phpcgi.conf:
--------------------------------------------------------------------------------
1 | # -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
2 | 
3 | ### Upstream configuration for PHP FastCGI.
4 | 
5 | ## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
6 | upstream phpcgi {
7 |     server unix:/var/run/php-fpm.sock;
8 | }
9 | 


--------------------------------------------------------------------------------
/win-utf:
--------------------------------------------------------------------------------
  1 | 
  2 | # This map is not a full windows-1251 <> utf8 map: it does not
  3 | # contain Serbian and Macedonian letters.  If you need a full map,
  4 | # use contrib/unicode2nginx/win-utf map instead.
  5 | 
  6 | charset_map  windows-1251  utf-8 {
  7 | 
  8 |     82  E2809A ; # single low-9 quotation mark
  9 | 
 10 |     84  E2809E ; # double low-9 quotation mark
 11 |     85  E280A6 ; # ellipsis
 12 |     86  E280A0 ; # dagger
 13 |     87  E280A1 ; # double dagger
 14 |     88  E282AC ; # euro
 15 |     89  E280B0 ; # per mille
 16 | 
 17 |     91  E28098 ; # left single quotation mark
 18 |     92  E28099 ; # right single quotation mark
 19 |     93  E2809C ; # left double quotation mark
 20 |     94  E2809D ; # right double quotation mark
 21 |     95  E280A2 ; # bullet
 22 |     96  E28093 ; # en dash
 23 |     97  E28094 ; # em dash
 24 | 
 25 |     99  E284A2 ; # trade mark sign
 26 | 
 27 |     A0  C2A0 ;   # &nbsp;
 28 |     A1  D18E ;   # capital Byelorussian short U
 29 |     A2  D19E ;   # small Byelorussian short u
 30 | 
 31 |     A4  C2A4 ;   # currency sign
 32 |     A5  D290 ;   # capital Ukrainian soft G
 33 |     A6  C2A6 ;   # borken bar
 34 |     A7  C2A7 ;   # section sign
 35 |     A8  D081 ;   # capital YO
 36 |     A9  C2A9 ;   # (C)
 37 |     AA  D084 ;   # capital Ukrainian YE
 38 |     AB  C2AB ;   # left-pointing double angle quotation mark
 39 |     AC  C2AC ;   # not sign
 40 |     AD  C2AD ;   # soft hypen
 41 |     AE  C2AE ;   # (R)
 42 |     AF  D087 ;   # capital Ukrainian YI
 43 | 
 44 |     B0  C2B0 ;   # &deg;
 45 |     B1  C2B1 ;   # plus-minus sign
 46 |     B2  D086 ;   # capital Ukrainian I
 47 |     B3  D196 ;   # small Ukrainian i
 48 |     B4  D291 ;   # small Ukrainian soft g
 49 |     B5  C2B5 ;   # micro sign
 50 |     B6  C2B6 ;   # pilcrow sign
 51 |     B7  C2B7 ;   # &middot;
 52 |     B8  D191 ;   # small yo
 53 |     B9  E28496 ; # numero sign
 54 |     BA  D194 ;   # small Ukrainian ye
 55 |     BB  C2BB ;   # right-pointing double angle quotation mark
 56 | 
 57 |     BF  D197 ;   # small Ukrainian yi
 58 | 
 59 |     C0  D090 ;   # capital A
 60 |     C1  D091 ;   # capital B
 61 |     C2  D092 ;   # capital V
 62 |     C3  D093 ;   # capital G
 63 |     C4  D094 ;   # capital D
 64 |     C5  D095 ;   # capital YE
 65 |     C6  D096 ;   # capital ZH
 66 |     C7  D097 ;   # capital Z
 67 |     C8  D098 ;   # capital I
 68 |     C9  D099 ;   # capital J
 69 |     CA  D09A ;   # capital K
 70 |     CB  D09B ;   # capital L
 71 |     CC  D09C ;   # capital M
 72 |     CD  D09D ;   # capital N
 73 |     CE  D09E ;   # capital O
 74 |     CF  D09F ;   # capital P
 75 | 
 76 |     D0  D0A0 ;   # capital R
 77 |     D1  D0A1 ;   # capital S
 78 |     D2  D0A2 ;   # capital T
 79 |     D3  D0A3 ;   # capital U
 80 |     D4  D0A4 ;   # capital F
 81 |     D5  D0A5 ;   # capital KH
 82 |     D6  D0A6 ;   # capital TS
 83 |     D7  D0A7 ;   # capital CH
 84 |     D8  D0A8 ;   # capital SH
 85 |     D9  D0A9 ;   # capital SHCH
 86 |     DA  D0AA ;   # capital hard sign
 87 |     DB  D0AB ;   # capital Y
 88 |     DC  D0AC ;   # capital soft sign
 89 |     DD  D0AD ;   # capital E
 90 |     DE  D0AE ;   # capital YU
 91 |     DF  D0AF ;   # capital YA
 92 | 
 93 |     E0  D0B0 ;   # small a
 94 |     E1  D0B1 ;   # small b
 95 |     E2  D0B2 ;   # small v
 96 |     E3  D0B3 ;   # small g
 97 |     E4  D0B4 ;   # small d
 98 |     E5  D0B5 ;   # small ye
 99 |     E6  D0B6 ;   # small zh
100 |     E7  D0B7 ;   # small z
101 |     E8  D0B8 ;   # small i
102 |     E9  D0B9 ;   # small j
103 |     EA  D0BA ;   # small k
104 |     EB  D0BB ;   # small l
105 |     EC  D0BC ;   # small m
106 |     ED  D0BD ;   # small n
107 |     EE  D0BE ;   # small o
108 |     EF  D0BF ;   # small p
109 | 
110 |     F0  D180 ;   # small r
111 |     F1  D181 ;   # small s
112 |     F2  D182 ;   # small t
113 |     F3  D183 ;   # small u
114 |     F4  D184 ;   # small f
115 |     F5  D185 ;   # small kh
116 |     F6  D186 ;   # small ts
117 |     F7  D187 ;   # small ch
118 |     F8  D188 ;   # small sh
119 |     F9  D189 ;   # small shch
120 |     FA  D18A ;   # small hard sign
121 |     FB  D18B ;   # small y
122 |     FC  D18C ;   # small soft sign
123 |     FD  D18D ;   # small e
124 |     FE  D18E ;   # small yu
125 |     FF  D18F ;   # small ya
126 | }
127 | 


--------------------------------------------------------------------------------