## # File: # drupal # Description: # This file is meant to offer a very detailed set of instructions and best # practices for deploying a Drupal website with Nginx. This file should be # almost drop-in if the user is able to understand the three lines that # need to be changed. ## server { # This is the URI of your website. You can specify multiple sites to be # served by the same Drupal installation. server_name domain.com www.domain.com .example.net; # This is the root of the Drupal directory. # Note that Drupal 6, Drupal 7, and Pressflow are interchangeable root /var/www/drupal6; # In some cases a favicon does not exist but this is not something you # normally need to worry about. It's also a microscopic image and will # just clutter the logs. location = /favicon.ico { log_not_found off; access_log off; } # This is for the robots.txt file used by search engines. location = /robots.txt { # If you have one, you want to allow them access to it. allow all; # If you don't have one, you don't want to fill your logs with # not found errors. log_not_found off; access_log off; } # This matters if you use drush because drush copies backups of modules # to this directory. In the event personal information wound up in the # module, you want to know outside users can't access it. location = /backup { deny all; } # Very rarely should these ever be accessed outside of your lan # The above location for robots.txt is an exact match and will override # this location block. location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; } # This location block protects against a known attack. It happens if # the attacker uploads a non-php file and attempts to run it as a # php file on the server. location ~ \..*/.*\.php$ { return 403; } # This is our primary location block. The try_files directive will # attempt to serve the data in the order listed. First try the exact # request (such as an image or text file). If it doesn't exist, see if # the directory exists. If not, then we move to the rewrite which is # used for the front-end controller pattern. location / { try_files $uri $uri/ @rewrite; } # This will rewrite our request from domain.com/node/1/ to domain.com/index.php?q=node/1 # This could be done in try_files without a rewrite however, the GlobalRedirect # module enforces no slash (/) at the end of URL's. This rewrite removes that # so no infinite redirect loop is reached. location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } # If a PHP file is served, this block will handle the request. This block # works on the assumption you are using php-cgi listening on /tmp/phpcgi.socket. # Please see the php example (usr/share/doc/nginx/exmaples/php) for more # information about setting up PHP. # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; # Intercepting errors will cause PHP errors to appear in Nginx logs fastcgi_intercept_errors on; fastcgi_pass unix:/tmp/phpcgi.socket; } # The ImageCache module builds an image 'on the fly' which means that # if it doesn't exist, it needs to be created. Nginx is king of static # so there's no point in letting PHP decide if it needs to be servered # from an existing file. # If the image can't be served directly, it's assumed that it doesn't # exist and is passed off to PHP via our previous rewrite to let PHP # create and serve the image. # Notice that try_files does not have $uri/ in it. This is because an # image should never be a directory. So there's no point in wasting a # stat to serve it that way. location ~ ^/sites/.*/files/imagecache/ { try_files $uri @rewrite; } # As mentioned above, Nignx is king of static. If we're serving a static # file that ends with one of the following extensions, it is best to set # a very high expires time. This will generate fewer requests for the # file. These requests will be logged if found, but not if they don't # exist. location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } }