Jump to content
Digital Human

nGinx configuration (Stable release) v1.7.6.4

Recommended Posts

* nGinx  v1.16.1

* Linux CentOS 7

* PHP 7.2.27 (FastCGI FPM)

 

After struggling to get the latest release (1.7.6.4) up and running on nGinx I finally have it working. Both the admin and shop.

Enjoy! Please comment when you have issues. I tested it quite a bit but nothing is perfect.
 

server
{
    # Port 80 IPv4/6
	# listen 80;
    # listen [::]:80;

    # SSL Ipv4/6
    listen 443 ssl;
    listen [::]:443 ssl;

    # Your SSL Certificates, don't forget to take a look at Certbot (https://certbot.eff.org)
    include /etc/nginx/ssl_params.conf;

    ssl_certificate "/your-certificate.pem";
    ssl_certificate_key "/your-private-key.pem";
    ssl_trusted_certificate "/certificate-chain.pem";

    # [REQUIRED EDIT] Your domain name goes here
    server_name <your domain name>;

    error_log /var/log/nginx/prestashop.error_log;

    # [REQUIRED EDIT] Absolute path to your website root on the filesystem
    root /home/vhost/<your domain name>/shop;

    index index.php index.html;

    # to control the amount that can be uploaded.
    client_max_body_size 50M;

    # set admin folder name
    set $admin_dir /<admin_folder_name>; #Example: admin245tm20au

    location ~ /admin.*/(sell|api|common|_wdt|modules|improve|international|configure|addons|_profiler|product|combination|specific-price)/(.*)$ {
        try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;
    }

    # Cloudflare / Max CDN fix
    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }

    # Do not save logs for these
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        auth_basic off;
        allow all;
        log_not_found off;
        access_log off;
    }

    location / {
        # Redirect pretty urls to index.php
        try_files $uri $uri/ /index.php?$args;

        # Images
        rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
        rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
        rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;

        # AlphaImageLoader for IE and fancybox
        rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;

        # Web service API
        rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
    }

    # Allow access to the ACME Challenge for Let's Encrypt
    location ~ /\.well-known\/acme-challenge {
      allow all;
    }

    # Block all files with these extensions
    location ~ \.(md|tpl)$ {
      deny all;
    }

    # File security
    # .htaccess .DS_Store .htpasswd etc
    location ~ /\. {
        deny all;
    }
    # Source code directories
    location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
        deny all;
    }
    # Prevent exposing other sensitive files
    location ~ \.(yml|log|tpl|twig|sass)$ {
        deny all;
    }

    # Prevent injection of php files
    location /upload {
        location ~ \.php$ {
            deny all;
        }
    }
    location /img {
        add_header Cache-Control public;
        expires 1d;

        location ~ \.php$ {
            deny all;
        }
    }

    location ~ \.php$ {
        # Verify that the file exists, redirect to index if not
        try_files $fastcgi_script_name /index.php$uri&$args;
        fastcgi_index  index.php;
        include fastcgi_params;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;

        fastcgi_pass unix://var/run/php-fpm/php-production.sock;
    }

}

 

  • Like 3

Share this post


Link to post
Share on other sites

I used nginx both and apach. After test your conf file, the front end is not able open. My version is 1.7.7.0 beta. Here is my conf, I tested. The front end and backend can be opened.

server
    {
    
        # Ipv4 & v6
        listen 80;
        listen [::]:80;
        server_name YOUR-WEBSITE;
        index index.php;
        root  /YOUR-WWW-PATH/YOUR-WEBSITE;

        access_log  /YOUR-WWW-PATH/YOUR-WEBSITE.log;
        error_log /YOUR-WWW-PATH/YOUR-WEBSITE-nginx-error.log;
		
		# Redirect 404 errors to prestashop
        error_page 404 /index.php?controller=404;


        # Gzip Settings, convert all types.
        gzip on;
        gzip_vary on;
        gzip_proxied any;

        # Can be enhance to 5, but it can slow you server
        # gzip_comp_level    5;
        # gzip_min_length    256;

        gzip_types
            application/atom+xml
            application/javascript
            application/json
            application/ld+json
            application/manifest+json
            application/rss+xml
            application/vnd.geo+json
            application/vnd.ms-fontobject
            application/x-font-ttf
            application/x-web-app-manifest+json
            application/xhtml+xml
            application/xml
            font/opentype
            image/bmp
            image/svg+xml
            image/x-icon
            text/cache-manifest
            text/css
            text/plain
            text/vcard
            text/vnd.rim.location.xloc
            text/vtt
            text/x-component
            text/x-cross-domain-policy;

        gzip_disable "MSIE [1-6]\.(?!.*SV1)";
        

        
        # HSTS (Force clients to interact with your website using HTTPS only)
		# For enhanced security, register your site here: https://hstspreload.org/
		# WARNING: Don't use this if your site is not fully on HTTPS!
		# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" preload; always;

		# Cloudflare / Max CDN fix
		location ~* \.(eot|otf|ttf|woff(?:2)?)$ {
			add_header Access-Control-Allow-Origin *;
		}

		# Do not save logs for these
		location = /favicon.ico {
			auth_basic off;
			allow all;
			log_not_found off;
			access_log off;
		}

		location = /robots.txt {
			auth_basic off;
			allow all;
			log_not_found off;
			access_log off;
		}

		# [REQUIRED EDIT IF MULTILANG]
		# rewrite ^/fr$ /fr/ redirect;
		# rewrite ^/fr/(.*) /$1;

        # Images
		rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
		rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
		rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
		rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
		rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
		rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
		rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
		rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
		rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
		rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;

		# AlphaImageLoader for IE and fancybox
		rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;

        # Web service API
		rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;


		# Installation sandbox
		rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last;

		# [REQUIRED EDIT] Change this block to your admin folder
		location /adminx/ {
            if (!-e $request_filename) {
            rewrite ^/.*$ /adminx/index.php last; 
            }
        }
        
        # Allow access to the ACME Challenge for Let's Encrypt
        location ~ /\.well-known\/acme-challenge {
          allow all;
        }

		# File security
		# .htaccess .DS_Store .htpasswd etc
		location ~ /\. {
			deny all;
		}
		# Source code directories
		location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
			deny all;
		}
		# vendor in modules directory
		location ~ ^/modules/.*/vendor/ {
			deny all;
		}
		# Prevent exposing other sensitive files
		location ~ \.(yml|log|tpl|twig|md|sass)$ {
			deny all;
		}

		# Prevent injection of php files
		location /upload {
			location ~ \.php$ {
				deny all;
			}
		}
		location /img {
            add_header Cache-Control public;
			location ~ \.php$ {
				deny all;
			}
		}

        location ~* \.(png|jpg|jpeg|gif|ico|js|css|svg)$ {
            expires 1y;
        }
        
        location @apache
        {
            internal;
            proxy_pass http://127.0.0.1:88;
            proxy_connect_timeout 300s;
			proxy_send_timeout   900;
			proxy_read_timeout   1200;
			proxy_buffer_size    32k;
			proxy_buffers     4 32k;
			proxy_busy_buffers_size 64k;
			proxy_redirect     off;
			proxy_hide_header  Vary;
			proxy_set_header   Accept-Encoding '';
			proxy_set_header   Host   $http_host;
			proxy_set_header   Referer $http_referer;
			proxy_set_header   Cookie $http_cookie;
			proxy_set_header   X-Real-IP  $remote_addr;
			proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header   X-Forwarded-Proto $scheme;
			proxy_set_header   X-Forwarded-Host $host;
			proxy_set_header   X-Forwarded-Server $host;
        }
   
        location /
        {
            try_files $uri @apache;
        }
        
        location ~ [^/]\.php(/|$)
        {
            proxy_pass http://127.0.0.1:88;
            proxy_connect_timeout 300s;
			proxy_send_timeout   900;
			proxy_read_timeout   1200;
			proxy_buffer_size    32k;
			proxy_buffers     4 32k;
			proxy_busy_buffers_size 64k;
			proxy_redirect     off;
			proxy_hide_header  Vary;
			proxy_set_header   Accept-Encoding '';
			proxy_set_header   Host   $http_host;
			proxy_set_header   Referer $http_referer;
			proxy_set_header   Cookie $http_cookie;
			proxy_set_header   X-Real-IP  $remote_addr;
			proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header   X-Forwarded-Proto $scheme;
			proxy_set_header   X-Forwarded-Host $host;
			proxy_set_header   X-Forwarded-Server $host;
        }
    }

If anyone tested, found error, please leave a comment. Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More