# todo: set up cache time for static filetypes, such as .css and favicon.ico #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log combined buffer=1k; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; gzip_static on; gzip_http_version 1.0; gzip_min_length 128; gzip_disable "msie6"; gzip_comp_level 4; gzip_types application/x-javascript text/css text/javascript application/javascript application/atom+xml; proxy_cache_path /var/lib/nginx/proxy_cache levels=1:2 keys_zone=main:50m; proxy_cache_use_stale updating; server { listen 80; listen [::1]:80; listen [2001:470:1f11:961::3e8]:80; keepalive_disable none; # Re-enable Safari keepalives for AJAX; requires 0.9.0+ # nginx seems to pass through server_name as the Host: to # proxied servers; I'd rather it leave Host: alone server_name 3e8.org; # For gallery, but doesn't work at location{} level, apparently client_max_body_size 15M; #access_log logs/host.access.log main; root /var/www/3e8.org/pages; location / { index index.html; } location /pub { autoindex on; } error_page 404 /404.html; location = /404.html { root /var/www/3e8.org/errorfiles; } location = /blog/atom10.xml { types { } default_type application/atom+xml; } # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /var/www/3e8.org/errorfiles; #} # nginx is not a generic transit proxy but an HTTP accelerator # and as such, will ignore client Cache-Control: requests # meant to force validation, such as max-age=0 sent by # Safari on any reload, or Firefox on shift-reload. proxy_cache main; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Not necessary to set this unless you want a default cache time. # nginx obeys server Cache-Control etc. headers either way. # proxy_cache_valid 200 301 302 1m; location = /chickadee { rewrite ^ http://api.call-cc.org/doc/ permanent; } location ~ ^/chickadee/(.*) { rewrite ^/chickadee/(.*) http://api.call-cc.org/doc/$1 permanent; } location = /cdoc { # needed? rewrite ^ http://api.call-cc.org/cdoc/ permanent; } location ~ ^/cdoc/(.*) { rewrite ^/cdoc/(.*) http://api.call-cc.org/cdoc/$1 permanent; } # location = /chickadee { # rewrite ^ /chickadee/ permanent; # } # location ~ ^/chickadee/ { # proxy_pass http://127.0.0.1:8383; # } # location ~ ^/cdoc/ajax/ { # proxy_pass http://127.0.0.1:8383; # # Log AJAX requests for debugging, but buffer them in memory # # and send to a dedicated tmpfile. # access_log /var/tmp/chickadee-ajax.log combined buffer=4k; # # Also acceptable: upstream sends X-Accel-Expires: 0 # proxy_cache off; # } # location ~ ^/cdoc { # proxy_pass http://127.0.0.1:8383; # } location ~ ^/gallery/(albums|css|docs|html_wrap|images|java|js|skins|tools)/ { # Gallery v1: Pass any request for something in selected sub-dirs # Jim: added albums| here to pass direct request for albums; it may be better to relocate # /gallery/albums/ to /albums, though. } # In theory we should deny access to .php files not at /gallery toplevel. location /gallery/ { # client_max_body_size 10M; # index index.php; # Manual rewrite rule so we can send 403 at the end of this block. rewrite ^/gallery/$ /gallery/index.php last; # Gallery v1: Jim: force mod_rewrite to be used in config wizard # (Does not currently work; rewrite rules don't match against params) ; could match $args # rewrite ^/gallery/setup/index\.php /gallery/setup/index.php?init_mod_rewrite=1 break; # Gallery v1: Rewrite album w/optional args rewrite ^/gallery/([^.\?/]+)$ /gallery/view_album.php?set_albumName=$1 last; # Gallery v1: Rewrite album/index w/optional args rewrite ^/gallery/([^.\?/]+)/([0-9]+)$ /gallery/view_photo.php?set_albumName=$1&index=$2 last; # Gallery v1: Rewrite album/id w/optional args rewrite ^/gallery/([^.\?/]+)/([A-Za-z_0-9\-]+)$ /gallery/view_photo.php?set_albumName=$1&id=$2 last; return 403; # or "deny all;" ? } location ~ \.php$ { fastcgi_pass 127.0.0.1:3434; fastcgi_index index.php; #? fastcgi_buffer_size 8k; # For gallery; 4k default causes "upstream sent too big header" and "bad gateway" include fastcgi.conf; } } server { listen 80; # proxied servers; I'd rather it leave Host: alone server_name api.call-cc.org; root /var/www/3e8.org/pages; # error_page 404 /404.html; # location = /404.html { # root /var/www/3e8.org/errorfiles; # } # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /var/www/3e8.org/errorfiles; #} proxy_cache main; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Not necessary to set this unless you want a default cache time. # nginx obeys server Cache-Control etc. headers either way. # proxy_cache_valid 200 301 302 1m; location = / { rewrite ^ /doc/ permanent; } location = /doc { rewrite ^ /doc/ permanent; } location = /cdoc { proxy_pass http://127.0.0.1:8388; } location ~ ^/doc/ { proxy_pass http://127.0.0.1:8388; } location ~ ^/cdoc/ajax/ { proxy_pass http://127.0.0.1:8388; # Log AJAX requests for debugging, but buffer them in memory # and send to a dedicated tmpfile. access_log /var/tmp/chickadee-ajax.log combined buffer=4k; # Also acceptable: upstream sends X-Accel-Expires: 0 proxy_cache off; } # make sure this is AFTER /cdoc/ajax location ~ ^/cdoc/ { proxy_pass http://127.0.0.1:8388; } } server { listen 80; server_name chickadee.call-cc.org; root /var/www/3e8.org/pages; rewrite ^/$ http://api.call-cc.org/doc/ permanent; rewrite ^/chickadee$ http://api.call-cc.org/doc/ permanent; rewrite ^/doc$ http://api.call-cc.org/doc/ permanent; rewrite ^/chickadee/(.*) http://api.call-cc.org/doc/$1 permanent; rewrite ^/(.*) http://api.call-cc.org/$1 permanent; } }