Fichier de configuration
- nginx.conf
# CoreModule # <http://wiki.nginx.org/CoreModule> user _nginx _nginx; worker_processes 2; #worker_cpu_affinity 0001 0010 0100 1000; pid /var/run/nginx.pid; # EventsModule # <http://wiki.nginx.org/EventsModule> events { #use epoll; worker_connections 1024; } http { # HttpCoreModule # <http://wiki.nginx.org/HttpCoreModule> include mime.types; default_type application/octet-stream; keepalive_timeout 65 65; sendfile on; # cache configuration open_file_cache off; open_file_cache_errors off; open_file_cache_min_uses 1; open_file_cache_valid 60; # HttpCharsetModule # <http://wiki.nginx.org/HttpCharsetModule> charset utf-8; # LogModule # <http://wiki.nginx.org/HttpLogModule> # Caution: these are the global nginx logs, *not* the virtual hosts logs. # The default format for the access log is "combined". access_log off; error_log /var/log/nginx/error.log crit; # HttpMainModule open_log_file_cache off; # GzipModule # <http://wiki.nginx.org/HttpGzipModule> gzip on; gzip_buffers 256 4k; gzip_comp_level 1; gzip_disable "msie6"; gzip_http_version 1.1; gzip_min_length 0; gzip_proxied off; gzip_types text/plain text/xml text/javascript application/x-javascript text/css application/atom+xml application/rss+xml; gzip_vary off; # HttpHeadersModule # <http://wiki.nginx.org/HttpHeadersModule> expires 4h; # AutoIndex autoindex on; autoindex_exact_size on; autoindex_localtime on; include default_vhost; include machine.name; include sites/virtual_host; }
- virtual_host
# virtual_host # HTTP server { listen 80; server_name virtual_host; access_log /var/log/nginx/directory/virtual_host/access_log combined; error_log /var/log/nginx/directory/virtual_host/error_log warn; ssl off; location / { root /var/nginx/directory/virtual_host; index index.php index.html index.htm; } # PHP fastcgi # managed by spawn-fcgi on localhost:9003 location ~ \.php$ { fastcgi_pass 127.0.0.1:9003; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/nginx/directory/virtual_host$fastcgi_script_name; #fastcgi_param HTTPS on; include fastcgi_params; } # Mailman # proxy to CGI managed by thttpd on localhost:8000 location /listes/ { rewrite ^/listes/$ /listes/listinfo last; proxy_pass http://127.0.0.1:8000/; proxy_set_header Host $host; proxy_intercept_errors on; } location /admin { proxy_pass http://127.0.0.1:8000/admin; proxy_set_header Host $host; proxy_intercept_errors on; } location /listes/images/mailman/ { alias /usr/local/lib/mailman/icons/; } location /pipermail/ { alias /usr/local/lib/mailman/archives/public/; } # protecting the Dokuwiki internal data directories location ~ /wiki/(data|conf|bin|inc)/ { deny all; } # protecting the Dokuwiki internal data directories location ~ /random/wiki/(data|conf|bin|inc)/ { deny all; } # protecting the Dokuwiki internal data directories location ~ /load/wiki/(data|conf|bin|inc)/ { deny all; } location ~ /\.ht { deny all; } } # virtual_host # HTTPS server { listen 443; server_name virtual_host; access_log /var/log/nginx/directory/virtual_host/access_log combined; error_log /var/log/nginx/directory/virtual_host/error_log warn; ssl on; ssl_certificate /etc/ssl/virtual_host.crt; ssl_certificate_key /etc/ssl/private/virtual_host.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers HIGH:!ADH:!AECDH:!PSK:!3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSLcachevhost:1m; location / { root /var/nginx/directory/virtual_host; index index.php index.html index.htm; } # PHP fastcgi # managed by spawn-fcgi on localhost:9003 location ~ \.php$ { fastcgi_pass 127.0.0.1:9003; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/nginx/directory/virtual_host$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } # Mailman # proxy to CGI managed by thttpd on localhost:8000 location /listes/ { rewrite ^/listes/$ /listes/listinfo last; proxy_pass http://127.0.0.1:8000/; proxy_set_header Host $host; proxy_intercept_errors on; } location /admin { proxy_pass http://127.0.0.1:8000/admin; proxy_set_header Host $host; proxy_intercept_errors on; } location /listes/images/mailman/ { alias /usr/local/lib/mailman/icons/; } location /pipermail/ { alias /usr/local/lib/mailman/archives/public/; } # protecting the Dokuwiki internal data directories location ~ /wiki/(data|conf|bin|inc)/ { deny all; } # protecting the Dokuwiki internal data directories location ~ /random/wiki/(data|conf|bin|inc)/ { deny all; } location ~ /\.ht { deny all; } }
Configuration
blah
HTTPS
- etc.
journaux d'activité
Rotation des logs :
grep "/2013:" access_log > access_log_2013 && \ grep "/2014:" access_log > access_log_2014 && \ rm -rf access_log && \ mv access_log_2014 access_log &&\ gzip access_log_2013 && \ grep "^2013/" error_log > error_log_2013 && \ grep "^2014/" error_log > error_log_2014 && \ rm -rf error_log && \ mv error_log_2014 error_log && \ gzip error_log_2013
Bibliographie
- site web officiel :
- Wikipedia :
- etc.