My nginx config example

I use PHP+nginx for most projects, it scales well, and behaves as expected. I use spawn-fcgi to spawn a few php workers, then communicate with them with fastcgi component in nginx.

I wont go in to any specifics, as the setup of the individual pieces varies per distribution and use case. I will however attach my nginx.conf and an example site.conf for reference.

My distribution of choice is Debian, so there are debianisms in my configs.

nginx.conf

user www-data;
worker_processes  8;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;

    access_log off;

    sendfile       on;

    keepalive_timeout  45;

    client_max_body_size 30m;
    client_body_buffer_size 256k;

    server_name_in_redirect off;
    server_tokens off;

    gzip  on;
    gzip_buffers      16 8k;
    gzip_comp_level   9;
    gzip_http_version 1.0;
    gzip_min_length   0;
    gzip_types        text/plain text/css image/x-icon;
    gzip_vary         on;

    include /etc/nginx/conf.d/*.conf;


    # local host listener for server-status hosting (can plot data in cacti)
    server {
        listen   127.0.0.1:80;

        location / {
                root   /var/www;
                index  index.html;
        }

        location /server-status {
                stub_status on;
                access_log   off;
                allow 127.0.0.1/32;
                deny all;
        }
    }

    include /etc/nginx/sites-enabled/*;
}

site.conf

server {
        listen 80;
        listen 443 ssl;

        ssl_certificate /path/to/mydomain.crt;
        ssl_certificate_key /path/to/mydomain.key;

        ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
        ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        server_name mydomain.com;

        error_page 502 504 @maintenance;

        access_log off;
        error_log /var/log/nginx/error.log;

        root /path/to/site/root/;

        # only allow sane http methods
        if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
                return 405;
        }

        location / {
                index index.php;
                try_files $uri /index.php?$uri&$args;
        }

        location ~ \.php$ {
                include /etc/nginx/fastcgi_params;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root/index.php;
                fastcgi_pass 127.0.0.1:9000;
        }

	# all the directories where static content is held
        location ~ ^/(assets|downloads|scripts|themes)/ { 
                gzip_static on;
                expires max;
                add_header Cache-Control public;
                add_header Last-Modified "";
                add_header ETag "";
                break;
        }
		
	# the stupid favicon
        location = /favicon.ico {
                expires max;
                add_header Cache-Control public;
        }

        # deny all sensitive directories/content
        location /. { deny all; }
        location ^~ /config/ { deny all; }
        location ^~ /lang/ { deny all; }
        location ^~ /tests/ { deny all; }

	# you can define your own maintenance handling here, my maintenance.html includes a basic meta refresh to maintenance.mydomain.com
        location @maintenance {
                root   /path/to/site/root/;
                rewrite ^(.*)$ /maintenance.html break;
        }
}

chote.net migrated, now for some content

Well, I made some final tweaks to the theme, pushed up some image assets and then pointed the domain here. Tonight I will spend some time adding some relevant content.