Skip to content

Instantly share code, notes, and snippets.

Last active August 27, 2020 03:33
Show Gist options
  • Save exodus4d/791f2742e6b2ee5ef481 to your computer and use it in GitHub Desktop.
Save exodus4d/791f2742e6b2ee5ef481 to your computer and use it in GitHub Desktop.
pathfinder.conf for Pathfinder (Nginx v1.11.8)
# www to non-www redirect -- duplicate content is BAD:
# Choose between www and non-www, listen on the *wrong* one and redirect to
# the right one --
# rewrite to HTTPS
server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
# rewrite HTTPS to www.HTTPS
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL =======================================================================================================================
# Certificate path
ssl_certificate /var/www/;
ssl_certificate_key /var/www/;
return 301 https://www.$server_name$request_uri;
# listen to HTTP:/
server {
listen [::]:443 ssl http2;
listen 443 ssl http2 backlog=16384 reuseport;
# The host name to respond
# Path to static files
root /var/www/;
# index index.php index.html index.htm;
# Specify a charset
charset utf-8;
# SSL =======================================================================================================================
# Certificate root
ssl_certificate /var/www/;
ssl_certificate_key /var/www/;
# Include the basic SSL h5bp config set
include h5bp/directive-only/ssl.conf;
# Logging ===================================================================================================================
access_log /var/www/ main_ext if=$log_production;
error_log /var/www/ warn;
location / {
# auth_basic "Admin Login";
# auth_basic_user_file /etc/nginx/admin_pass;
index index.php;
try_files $uri $uri/ /index.php?$query_string;
# Protct /setup with password
location /setup {
auth_basic "Setup Login";
auth_basic_user_file /etc/nginx/.setup_pass;
try_files $uri $uri/ /index.php?$query_string;
# PHP socket configuration
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# CGI caching
#fastcgi_cache MYAPP;
#fastcgi_cache_valid 200 60m;
include fastcgi_params;
# static sources
location /public/ {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10s;
sendfile_max_chunk 512k;
# WebSocket ReverseProxy setup [optional]
location /ws/map/update {
proxy_pass http://ws_prod_map_update;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 8h;
proxy_send_timeout 5s;
proxy_connect_timeout 3s;
proxy_buffering off;
# Include the basic h5bp config set
include h5bp/basic.conf;
Copy link

Tupsi commented Mar 11, 2016

you should add something like:
location ^~ /app {
deny all;
return 404;

otherwise the world can see your config as there are .ini files and not .php.

Copy link

Derjyn commented Aug 4, 2018

This seems like it should be updated... Some weird stuff going on with the www and non-www blocks. Seems like this could be condensed and optimized a bit.

Copy link

I download h5bp from github. but the directory is missing. Its must set it or not?

Include the basic SSL h5bp config set

include h5bp/directive-only/ssl.conf;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment