{"id":21429385,"url":"https://github.com/nystudio107/nginx-craft","last_synced_at":"2025-04-06T23:17:35.281Z","repository":{"id":50922745,"uuid":"72492773","full_name":"nystudio107/nginx-craft","owner":"nystudio107","description":"An Nginx virtual host configuration for Craft CMS that implements a number of best-practices.","archived":false,"fork":false,"pushed_at":"2022-09-21T16:32:35.000Z","size":122,"stargazers_count":307,"open_issues_count":3,"forks_count":36,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-03-30T07:32:36.404Z","etag":null,"topics":["craftcms","nginx"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nystudio107.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-01T01:30:52.000Z","updated_at":"2025-03-12T10:45:11.000Z","dependencies_parsed_at":"2023-01-18T16:25:42.813Z","dependency_job_id":null,"html_url":"https://github.com/nystudio107/nginx-craft","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nystudio107%2Fnginx-craft","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nystudio107%2Fnginx-craft/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nystudio107%2Fnginx-craft/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nystudio107%2Fnginx-craft/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nystudio107","download_url":"https://codeload.github.com/nystudio107/nginx-craft/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247563941,"owners_count":20958971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["craftcms","nginx"],"created_at":"2024-11-22T22:17:36.828Z","updated_at":"2025-04-06T23:17:35.255Z","avatar_url":"https://github.com/nystudio107.png","language":null,"funding_links":[],"categories":["Resources"],"sub_categories":["Dev Tools"],"readme":"# nginx-craft\n\nAn Nginx virtual host configuration for Craft CMS that implements a number of best-practices.\n\n## Overview\n\n### What it handles\n\nThe Nginx-Craft configuration handles:\n\n* Redirecting from HTTP to HTTPS\n* Canonical domain rewrites from www.SOMEDOMAIN.com to SOMEDOMAIN.com\n* 301 Redirect URLs with trailing /'s as per https://webmasters.googleblog.com/2010/04/to-slash-or-not-to-slash.html\n* Setting `PATH_INFO` properly via php-fpm -\u003e PHP\n* Setting `HTTP_HOST` to mitigate [HTTP_HOST Security Issues](https://expressionengine.com/blog/http-host-and-server-name-security-issues)\n* \"Far-future\" Expires headers\n* Enable serving of static gzip files via [gzip_static](http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html)\n* Adding XSS and other security headers\n* Gzip compression\n* Filename-based cache busting for static resources\n* IPv4 and IPv6 support\n* http2 support\n* Reasonable SSL cipher suites and TLS protocols\n* Localized sites\n* Server-side includes\n* Optionally includes [Dotenvy](https://github.com/nystudio107/dotenvy) generated `.env` files\n\n### Assumptions made\n\nThe following are assumptions made in this configuration:\n\n* The site is https\n* The SSL certificate is from LetsEncrypt.com\n* The canonical domain is SOMEDOMAIN.com (no www.)\n* Nginx is version 1.9.5 or later (and thus supports http2)\n* Paths are standard Ubuntu, change as needed\n* You're using php7.1 via php-fpm\n* You have `'omitScriptNameInUrls' =\u003e true,` in your `craft/general.php`\n\nIf any of these assumptions are invalid, make the appropriate changes.\n\n**Note**: We disable TLSv1.0 because it is insecure, but IE 8, 9 \u0026 10 need to have support for TLSv1.1 [manually enabled or they will not be able to connect](https://answers.microsoft.com/en-us/ie/forum/ie10-windows_other/disabling-tlsv10-breaks-compatibility-with-ie-9/80e77823-0f0c-49a8-b525-15ce6d7a570d?auth=1).\n\n### What's included\n\nThis Nginx configuration comes in two parts:\n\n* `sites-available/somedomain.com.conf` - an Nginx virtual host configuration file tailored for Craft CMS; it will require some minor customization for your domain\n* `nginx-partials` - some Nginx configuration partials used by all of the virtual hosts, logically segregated.  These don't need to be changed, but can be selectively disabled by changing the suffix to `.off` (or anything other than `.conf`)\n\n## Using Nginx-Craft\n\n1. Obtain an SSL certificate for your domain via [LetsEncrypt.com](https://letsencrypt.org/) (or via other certificate authorities).  LetsEncrypt.com is free, and it's automated.  You will need a basic server up and running that responds to port 80 to do this, [LetsEnecrypt/Nginx tutorial](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)\n2. Create a `dhparam.pem` via `sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048`\n3. Download your Issuer certificate via `mkdir /etc/nginx/ssl; sudo wget -O /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem \"https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem\"`\n4. Upload the entire `nginx-partials` folder to `/etc/nginx/`\n5. Rename the `somedomain.com.conf` file to `yourdomain.com.conf`\n6. Do a search \u0026 replace in `yourdomain.com.conf` to change `SOMEDOMAIN` -\u003e `yourdomain`\n7. Tweak any paths that may need changing on your server\n8. Change the `fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;` line to reflect whatever version of PHP you're running\n9. Restart nginx via `sudo nginx -s reload`\n\nIf you're using [Forge](https://forge.laravel.com/), it takes care of a number of these things for you, but still needs tuning. \n\nThe same applies for CloudWays, ServerPilot, Homestead, MAMP, etc.\n\nA [Forge Template](https://forge.laravel.com/docs/1.0/servers/nginx-templates.html) is provided in `forge-templates/NginxTemplate.conf` that you can use to [automate setting up](https://blog.laravel.com/forge-nginx-templates) your Forge servers.\n\nFor this to work, you must clone the repo into `/home/forge` via:\n```\ngit clone https://github.com/nystudio107/nginx-craft.git /home/forge\n```\n\nFor further information on TLS optimization, see the [How to properly configure your nginx for TLS](https://medium.com/@mvuksano/how-to-properly-configure-your-nginx-for-tls-564651438fe0) article.\n\n## Forge \u0026 opcache\n\n**N.B.:** Forge now has `opcache` functionality baked-in, you can enable it via the Server settings, so this information is largely deprecated.\n\nIf you're using Forge, understand that `opcache` is off by default. To enable it, go to your server in Forge, click on *Edit Files* and choose *Edit PHP FPM Configuration* and search on `opcache`. Here are the defaults I use; tweak them to suit your needs:\n\n    [opcache]\n    ; Determines if Zend OPCache is enabled\n    opcache.enable=1\n\n    ; Determines if Zend OPCache is enabled for the CLI version of PHP\n    ;opcache.enable_cli=0\n\n    ; The OPcache shared memory storage size.\n    opcache.memory_consumption=256\n\n    ; The amount of memory for interned strings in Mbytes.\n    opcache.interned_strings_buffer=16\n\n    ; The maximum number of keys (scripts) in the OPcache hash table.\n    ; Only numbers between 200 and 100000 are allowed.\n    opcache.max_accelerated_files=8000\n\n    ; If disabled, all PHPDoc comments are dropped from the code to reduce the\n    ; size of the optimized code.\n    opcache.save_comments=0\n\nMore about tweaking `opcache` can be found in the [Fine-Tune Your Opcache Configuration to Avoid Caching Suprises](https://tideways.io/profiler/blog/fine-tune-your-opcache-configuration-to-avoid-caching-suprises) article. The [Best Zend OpCache Settings/Tuning/Config](https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html) article is very useful as well.\n\n## Local Development\n\nWhile all of the configuration in the `somedomain.com.conf` will work fine in local development as well, some people might want a simpler setup for local development.\n\nThere is a `basic_localdev.com.conf` that you can use for a basic Nginx configuration that will work with Craft without any of the bells, whistles, or optimizations found in the `somedomain.com.conf`.\n\nWhile this is suitable for getting up and running quickly for local development, do not use it in production. There are a number of performance optimizations missing from it.\n\nBrought to you by [nystudio107](https://nystudio107.com/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnystudio107%2Fnginx-craft","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnystudio107%2Fnginx-craft","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnystudio107%2Fnginx-craft/lists"}