Skip to content

Instantly share code, notes, and snippets.

@AidHamza
Forked from jinnko/example.org.php-fpm.conf
Created June 23, 2017 02:23
Show Gist options
  • Save AidHamza/59a8776e33030e3a8e54d84693344a2b to your computer and use it in GitHub Desktop.
Save AidHamza/59a8776e33030e3a8e54d84693344a2b to your computer and use it in GitHub Desktop.
[example.org]
listen = /srv/vhtdocs/example.org/log/.php-fpm.sock
listen.owner = example_org
listen.group = www-data
listen.mode = 0660
user = example_org
group = example_org
pm = dynamic
pm.max_children = 10
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
pm.max_requests = 500
pm.status_path = /fpmstatus
ping.path = /fpmping
request_terminate_timeout = 60
request_slowlog_timeout = 45
slowlog = /srv/vhtdocs/example.org/log/php-fpm.log.slow
chdir = /srv/vhtdocs/example.org/wordpress
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /srv/vhtdocs/example.org/tmp
env[TMPDIR] = /srv/vhtdocs/example.org/tmp
env[TEMP] = /srv/vhtdocs/example.org/tmp
env[OSTYPE] = $OSTYPE
env[MACHTYPE] = $MACHTYPE
env[MALLOC_CHECK_] = 2
;
; Set PHP ini values for this FPM instance
;
php_admin_value[date.timezone] = UTC
php_admin_value[session.name] = SESSID
php_admin_value[session.save_path] = /srv/vhtdocs/example.org/tmp/session
php_admin_value[max_execution_time] = 300
; IMPORTANT! Ushahidi doesn't work with the E_STRICT error_reporting level
php_admin_value[error_reporting] = 1014
php_admin_flag[display_errors] = on
php_admin_value[error_log] = /srv/vhtdocs/example.org/log/php-errors.log
php_admin_flag[log_errors] = on
php_admin_flag[fastcgi.logging] = on
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_index index.php;
server {
listen 80;
server_name ushahidi.example.org www.ushahidi.example.org;
root /var/www/ushahidi.example.org;
index index.html;
proxy_intercept_errors on;
# Ensure all requests go via the /index.php script
location / {
index index.php;
try_files $uri $uri/ /index.php$uri?$args;
}
# Send rewritten requests to the PHP-FPM engine with all the necessary parameters
location ^~ /index.php {
allow all;
fastcgi_split_path_info ^(.*\.php)(.*)$;
include fastcgi_params-php.conf;
fastcgi_pass unix:/srv/vhtdocs/example.org/log/.php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
break;
}
# Allow access to the installer only from the admin IP address.
location ~* ^/installer/.*\.php$ {
allow ADMIN_ADDRESS; # SET THIS ADMIN_ADDRESS TO YOUR OWN IP ADDRESS
fastcgi_split_path_info ^(.*\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/srv/vhtdocs/example.org/log/.php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# Deny access to other php scripts.
location ~* \.php$ {
deny all;
break;
}
# Deny access to private files.
location ~* ^/(application|system|sql|tests|readme.html|license.txt).* {
deny all;
break;
}
# Deny /modules access.
location ^~ /modules {
allow 127.0.0.1;
deny all;
break;
}
# Sanatize /plugin requests.
location /plugins {
log_not_found off;
try_files $uri =404;
expires max;
break;
}
# Sanatize /media requests.
location /media {
log_not_found off;
try_files $uri =404;
expires max;
break;
}
# Sanatize /img requests.
location /img/ {
rewrite ^ /media/$request_uri permanent;
break;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment