From 8231ad8dd382707a784aece08378d0898ea01304 Mon Sep 17 00:00:00 2001
From: Fedor Sumkin <qosys.net@gmail.com>
Date: Sat, 13 Apr 2013 11:40:04 +0400
Subject: [PATCH] Update default nginx.conf.erb for S2

---
 conf/nginx.conf.erb | 135 ++++++++++++++++++++++++--------------------
 1 file changed, 74 insertions(+), 61 deletions(-)

diff --git a/conf/nginx.conf.erb b/conf/nginx.conf.erb
index f6d68257d..cf0f277f8 100644
--- a/conf/nginx.conf.erb
+++ b/conf/nginx.conf.erb
@@ -1,112 +1,125 @@
 # setting worker_processes to CPU core count
-worker_processes      1;
+worker_processes 1;
 daemon off;
 
 events {
-  worker_connections  1024;
+  worker_connections 1024;
 }
 
 http {
-  include             mime.types;
-  default_type        application/octet-stream;
-  sendfile            on;
-  server_tokens       off;
-  keepalive_timeout   65;
-  gzip                on;
-  access_log          off;
-  error_log           logs/error.log;
-  proxy_max_temp_file_size	0;
-  #fastcgi_max_temp_file_size	0;
+  include mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+  server_tokens off;
+  keepalive_timeout 65;
+  gzip on;
+  access_log off;
+  proxy_max_temp_file_size 0;
+  #fastcgi_max_temp_file_size 0;
   limit_conn_zone $binary_remote_addr zone=phplimit:1m; # define a limit bucket for PHP-FPM
   # don't use server listen port in redirects.
   port_in_redirect off;
 
-  # set $https only when SSL is actually used.
-  map $http_x_forwarded_proto $my_https {
-    default off;
-    https on;
-  }
-
   upstream php_fpm {
     server unix:/tmp/php-fpm.socket;
   }
 
-  root              /app/;
-  index             index.php index.html index.htm;
-
   server {
-    listen            <%= ENV['PORT'] %>;
-    server_name       _;
+    listen <%= ENV['PORT'] %>;
+    server_name localhost;
+
+    root /app/web;
+    index app.php index.php index.html index.htm;
 
     # Some basic cache-control for static files to be sent to the browser
     location ~* \.(?:ico|css|js|gif|jpeg|jpg|png)$ {
-      expires         max;
-      add_header      Pragma public;
-      add_header      Cache-Control "public, must-revalidate, proxy-revalidate";
+      expires max;
+      add_header Pragma public;
+      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
     }
 
     # Deny hidden files (.htaccess, .htpasswd, .DS_Store).
     location ~ /\. {
-      deny            all;
-      access_log      off;
-      log_not_found   off;
+      deny all;
+      access_log off;
+      log_not_found off;
     }
 
     # Deny /favicon.ico
     location = /favicon.ico {
-      access_log      off;
-      log_not_found   off;
+      access_log off;
+      log_not_found off;
     }
 
     # Deny /robots.txt
     location = /robots.txt {
-      allow           all;
-      log_not_found   off;
-      access_log      off;
+      allow all;
+      log_not_found off;
+      access_log off;
     }
 
     # Status. /status.html uses /status
     location ~ ^/(status|ping)$ {
-      include         /app/vendor/nginx/conf/fastcgi_params;
-      fastcgi_param   HTTPS $my_https if_not_empty;
-      fastcgi_pass    php_fpm;
-      fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      include /app/vendor/nginx/conf/fastcgi_params;
+      fastcgi_param HTTPS on; # force SSL
+      fastcgi_pass php_fpm;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     }
 
     location /server-status {
       stub_status on;
-      access_log   off;
+      access_log off;
     }
 
     #location / {
-    #  # wordpress fancy rewrites
-    #  if (-f $request_filename) {
-    #    break;
-    #  }
-    #  if (-d $request_filename) {
-    #    break;
-    #  }
-
-    #  rewrite         ^(.+)$ /index.php?q=$1 last;
-
-    #  # Add trailing slash to */wp-admin requests.
-    #  rewrite         /wp-admin$ $scheme://$host$uri/ permanent;
-
-    #  # redirect to feedburner.
-    #  # if ($http_user_agent !~ FeedBurner) {
-    #  #   rewrite ^/feed/?$ http://feeds.feedburner.com/feedburner-feed-id last;
-    #  # }
+    # # wordpress fancy rewrites
+    # if (-f $request_filename) {
+    # break;
+    # }
+    # if (-d $request_filename) {
+    # break;
+    # }
+
+    # rewrite ^(.+)$ /index.php?q=$1 last;
+
+    # # Add trailing slash to */wp-admin requests.
+    # rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+
+    # # redirect to feedburner.
+    # # if ($http_user_agent !~ FeedBurner) {
+    # # rewrite ^/feed/?$ http://feeds.feedburner.com/feedburner-feed-id last;
+    # # }
     #}
 
-    include /app/conf/nginx.d/*.conf;
+    # strip app.php/ prefix if it is present
+    rewrite ^/app\.php/?(.*)$ /$1 permanent;
+
+    location / {
+      index app.php;
+      try_files $uri @rewriteapp;
+    }
+
+    location @rewriteapp {
+      rewrite ^(.*)$ /app.php/$1 last;
+    }
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    location ~ ^/(app|app_dev)\.php(/|$) {
+      fastcgi_pass  php_fpm;
+      fastcgi_split_path_info ^(.+\.php)(/.*)$;
+      include fastcgi_params;
+      fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+      fastcgi_param  HTTPS              off;
+    }
+
 
     location ~ .*\.php$ {
       try_files $uri =404;
       limit_conn phplimit 5; # limit to 5 concurrent users to PHP per IP.
-      include         /app/vendor/nginx/conf/fastcgi_params;
-      fastcgi_param   HTTPS $my_https if_not_empty;
-      fastcgi_pass    php_fpm;
-      fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      include /app/vendor/nginx/conf/fastcgi_params;
+      fastcgi_param HTTPS on; # force SSL
+      fastcgi_pass php_fpm;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     }
   }
 }