Skip to content

Commit

Permalink
drupal nginx location rewriten from scretch
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexandermeindl
alexandermeindl committed Aug 2, 2024
1 parent 8aac9c6 commit da1b90e
Show file tree
Hide file tree
Showing 2 changed files with 171 additions and 91 deletions.
166 changes: 166 additions & 0 deletions roles/drupal/templates/etc/nginx/drupal_locations.inc.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
location = /ads.txt {
try_files $uri @drupal-no-args;
access_log off;
log_not_found off;
}

location / {
location ~* /system/files/ {
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_pass drupal;
log_not_found off;
}

location ~* /sites/.+/files/private/ {
internal;
}

location ~* /files/(css|js|styles)/ {
access_log off;
expires 1y;
try_files $uri @drupal;
}

location ~* /sites/.+/files/.+\.(?:{{ drupal_nginx_files_dir_static }}) {
access_log off;
expires 1y;

# No need to bleed constant updates. Send the all shebang in one fell swoop.
tcp_nodelay off;

# Set the OS file cache.
open_file_cache max=1000 inactive=30s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}

location ~* /sites/.+/files/optimized/(css|js)/ {
expires max;
add_header ETag '';
add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
add_header Accept-Ranges '';
location ~* /sites/.*/files/optimized/css/.+\.css$ {
access_log off;
add_header Cache-Control "public, max-age=31536000, no-transform, immutable";
try_files $uri @drupal;
}
location ~* /sites/.*/files/optimized/js/.+\.js$ {
access_log off;
add_header Cache-Control "public, max-age=31536000, no-transform, immutable";
try_files $uri @drupal;
}
}

location ~* /admin/reports/hacked/.+/diff/ {
try_files $uri @drupal;
}

location ~* /rss.xml {
try_files $uri @drupal-no-args;
}

location ~* /sitemap.xml {
try_files $uri @drupal;
}

# Replica of regex from Drupals core .htaccess.
location ~* {{ drupal_nginx_not_found_regex }} {
return 404;
}

# All static files will be served directly.
location ~* ^.+\.(?:{{ drupal_nginx_files_static }})$ {
access_log off;
expires 30d;

# No need to bleed constant updates. Send the all shebang in one fell swoop.
tcp_nodelay off;

add_header Pragma "cache";
add_header Cache-Control "public";

# Set the OS file cache.
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}

try_files $uri @drupal;
}

location @drupal {
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_pass drupal;
}

location @drupal-no-args {
include fastcgi_params;
fastcgi_param QUERY_STRING q=$uri;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_pass drupal;
}

location = /index.php {
fastcgi_pass drupal;
}

location = /core/install.php {
fastcgi_pass drupal;
}

location = /core/rebuild.php {
fastcgi_pass drupal;
}

location ~* ^/core/authorize.php {
include fastcgi_params;
fastcgi_param QUERY_STRING $args;
fastcgi_param SCRIPT_NAME /core/authorize.php;
fastcgi_param SCRIPT_FILENAME $document_root/core/authorize.php;
fastcgi_pass drupal;
}

location = /core/modules/statistics/statistics.php {
fastcgi_pass drupal;
}

location = /cron {
include fastcgi_params;
fastcgi_param QUERY_STRING $args;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_pass drupal;
}

location ~* ^/update.php {
include fastcgi_params;
fastcgi_param QUERY_STRING $args;
fastcgi_param SCRIPT_NAME /update.php;
fastcgi_param SCRIPT_FILENAME $document_root/update.php;
fastcgi_pass drupal;
}

location ^~ /patches {
return 404;
}

location ^~ /backup {
return 404;
}

location ~* ^.+\.php$ {
return 404;
}

location ~ /web.config {
return 404;
}
96 changes: 5 additions & 91 deletions roles/drupal/templates/etc/nginx/sites-available/drupal.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,95 +31,7 @@ server {
{% include 'templates/nginx_protection.inc.j2' with context %}
{% endif %}

# This is cool because no php is touched for static content
location / {
try_files $uri /index.php?$query_string;
}

# Regular private file serving (i.e. handled by Drupal).
location ^~ /system/files/ {
try_files $uri @drupal;
}
{% if drupal_multilanguage | length %}

# multi language support
location ~ ^/({{ drupal_multilanguage | join('|') }})/sites/default/files/styles/ {
try_files $uri @drupal;
}

{% for language in drupal_multilanguage %}
location ^~ /{{ language }}/system/files/ {
try_files $uri @drupal;
}
{% endfor %}
{% endif %}

# Drupal 7 or higher generated image handling, i.e., imagecache in core.
# @see https://drupal.org/node/371374.
location ~* /files/(css|js|styles)/ {
expires 1y;
try_files $uri @drupal;
}

location ~* /sites/.+/files/.+\.(?:{{ drupal_nginx_files_dir_static }}) {
expires 1y;

# No need to bleed constant updates. Send the all shebang in one fell swoop.
tcp_nodelay off;

# Set the OS file cache.
open_file_cache max=1000 inactive=30s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}

location ~* /sites/.+/files/optimized/(css|js)/ {
expires max;
add_header ETag '';
add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
add_header Accept-Ranges '';
location ~* /sites/.*/files/optimized/css/.+\.css$ {
access_log off;
add_header Cache-Control "public, max-age=31536000, no-transform, immutable";
try_files $uri @drupal;
}
location ~* /sites/.*/files/optimized/js/.+\.js$ {
access_log off;
add_header Cache-Control "public, max-age=31536000, no-transform, immutable";
try_files $uri @drupal;
}
}

location ~* /admin/reports/hacked/.+/diff/ {
try_files $uri @drupal;
}

# Replica of regex from Drupals core .htaccess.
location ~* {{ drupal_nginx_not_found_regex }} {
return 404;
}

# All static files will be served directly.
location ~* ^.+\.(?:{{ drupal_nginx_files_static }})$ {
access_log off;
expires 30d;

# No need to bleed constant updates. Send the all shebang in one fell swoop.
tcp_nodelay off;

# Set the OS file cache.
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}

# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
location @drupal {
rewrite ^/(.*)$ /index.php?q=$1;
}
{% include 'templates/etc/nginx/drupal_locations.inc.j2' with context %}

# Hide the Drupal header X-Generator.
fastcgi_hide_header 'X-Generator';
Expand All @@ -135,8 +47,6 @@ server {
{% endfor %}
{% endif %}

{% include 'templates/nginx_fpm.inc.j2' with context %}

{% include 'templates/nginx_location.inc.j2' with context %}

{% include 'templates/nginx_rewrite_lines.inc.j2' with context %}
Expand All @@ -150,6 +60,10 @@ server {
{% endif %}
}

upstream drupal {
server unix:{{ php_fpm_base + '-' + instance.with_fpm + '.sock' if instance is defined and instance.with_fpm is defined and instance.with_fpm != 'www' else php_fpm_custom_listen | default(php_fpm_listen) }};
}

{% if instance.vhost_default is defined and instance.vhost_default %}
{% include 'templates/nginx_default_host_redirect.inc.j2' with context %}
{% endif %}
Expand Down

0 comments on commit da1b90e

Please sign in to comment.