Jump to content
Digital Human

nGinx configuration (Stable release) v1.7.6.4

Recommended Posts

* nGinx  v1.16.1

* Linux CentOS 7

* PHP 7.2.27 (FastCGI FPM)

 

After struggling to get the latest release (1.7.6.4) up and running on nGinx I finally have it working. Both the admin and shop.

Enjoy! Please comment when you have issues. I tested it quite a bit but nothing is perfect.
 

server
{
    # Port 80 IPv4/6
	# listen 80;
    # listen [::]:80;

    # SSL Ipv4/6
    listen 443 ssl;
    listen [::]:443 ssl;

    # Your SSL Certificates, don't forget to take a look at Certbot (https://certbot.eff.org)
    include /etc/nginx/ssl_params.conf;

    ssl_certificate "/your-certificate.pem";
    ssl_certificate_key "/your-private-key.pem";
    ssl_trusted_certificate "/certificate-chain.pem";

    # [REQUIRED EDIT] Your domain name goes here
    server_name <your domain name>;

    error_log /var/log/nginx/prestashop.error_log;

    # [REQUIRED EDIT] Absolute path to your website root on the filesystem
    root /home/vhost/<your domain name>/shop;

    index index.php index.html;

    # to control the amount that can be uploaded.
    client_max_body_size 50M;

    # set admin folder name
    set $admin_dir /<admin_folder_name>; #Example: admin245tm20au

    location ~ /admin.*/(sell|api|common|_wdt|modules|improve|international|configure|addons|_profiler|product|combination|specific-price)/(.*)$ {
        try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;
    }

    # Cloudflare / Max CDN fix
    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }

    # Do not save logs for these
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        auth_basic off;
        allow all;
        log_not_found off;
        access_log off;
    }

    location / {
        # Redirect pretty urls to index.php
        try_files $uri $uri/ /index.php?$args;

        # Images
        rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
        rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
        rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;

        # AlphaImageLoader for IE and fancybox
        rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;

        # Web service API
        rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
    }

    # Allow access to the ACME Challenge for Let's Encrypt
    location ~ /\.well-known\/acme-challenge {
      allow all;
    }

    # Block all files with these extensions
    location ~ \.(md|tpl)$ {
      deny all;
    }

    # File security
    # .htaccess .DS_Store .htpasswd etc
    location ~ /\. {
        deny all;
    }
    # Source code directories
    location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
        deny all;
    }
    # Prevent exposing other sensitive files
    location ~ \.(yml|log|tpl|twig|sass)$ {
        deny all;
    }

    # Prevent injection of php files
    location /upload {
        location ~ \.php$ {
            deny all;
        }
    }
    location /img {
        add_header Cache-Control public;
        expires 1d;

        location ~ \.php$ {
            deny all;
        }
    }

    location ~ \.php$ {
        # Verify that the file exists, redirect to index if not
        try_files $fastcgi_script_name /index.php$uri&$args;
        fastcgi_index  index.php;
        include fastcgi_params;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;

        fastcgi_pass unix://var/run/php-fpm/php-production.sock;
    }

}

 

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More