11# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
22### Nginx configuration for using Boost with Drupal. This
3- ### configuration makes use of drush
4- ### (http:///drupal.org/project/drush) for site maintenance and like
5- ### tasks:
3+ ### configuration makes use of drush (http:///drupal.org/project/drush)
4+ ### for site maintenance and like tasks:
65###
76### 1. Run the cronjobs.
87### 2. Run the DB and code updates: drush up or drush upc followed by
@@ -65,9 +64,9 @@ location / {
6564 log_not_found off ;
6665 }
6766
68- ## If accessing an image generated by imagecache, serve it directly if
69- ## available, if not relay the request to Drupal to (re)generate the
70- ## image.
67+ ## If accessing an image generated by Drupal 6 imagecache, serve it
68+ ## directly if available, if not relay the request to Drupal to (re)generate
69+ ## the image.
7170 location ~* /imagecache/ {
7271 ## Image hotlinking protection. If you want hotlinking
7372 ## protection for your images uncomment the following line.
@@ -81,6 +80,10 @@ location / {
8180 ## Drupal 7 generated image handling, i.e., imagecache in core. See:
8281 ## http://drupal.org/node/371374.
8382 location ~* /files/styles/ {
83+ ## Image hotlinking protection. If you want hotlinking
84+ ## protection for your images uncomment the following line.
85+ #include apps/drupal/hotlinking_protection.conf;
86+
8487 access_log off ;
8588 expires 30d ;
8689 try_files $escaped_uri @drupal;
@@ -111,7 +114,7 @@ location / {
111114 }
112115
113116 ## All static files will be served directly.
114- location ~* ^.+\.(?:css|cur|js|jpg|jpeg|gif|ico|png|html|xml)$ {
117+ location ~* ^.+\.(?:css|cur|js|jpg|jpeg|gif|htc| ico|png|html|xml)$ {
115118 access_log off ;
116119 expires 30d ;
117120 ## No need to bleed constant updates. Send the all shebang in one
@@ -152,6 +155,9 @@ location / {
152155
153156 ## Pseudo streaming of FLV files:
154157 ## http://wiki.nginx.org/HttpFlvStreamModule.
158+ ## If pseudo streaming isn't working, try to comment
159+ ## out in nginx.conf line with:
160+ ## add_header X-Frame-Options SAMEORIGIN;
155161 location ^~ /sites/default/files/video/flv {
156162 location ~* ^/sites/default/files/video/flv/.*\.flv$ {
157163 flv;
@@ -195,7 +201,7 @@ location / {
195201 ## Replicate the Apache <FilesMatch> directive of Drupal standard
196202 ## .htaccess. Disable access to any code files. Return a 404 to curtail
197203 ## information disclosure. Hide also the text files.
198- location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
204+ location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot| sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
199205 return 404 ;
200206 }
201207
@@ -262,7 +268,7 @@ location @drupal {
262268
263269 ## Filefield Upload progress
264270 ## http://drupal.org/project/filefield_nginx_progress support
265- ## through the NgninxUploadProgress modules.
271+ ## through the NginxUploadProgress modules.
266272 track_uploads uploads 60s ;
267273}
268274
@@ -283,12 +289,28 @@ location @drupal-no-args {
283289 #include apps/drupal/microcache_proxy_auth.conf;
284290}
285291
286- ## Disallow access to .git directory : return 404 as not to disclose
292+ ## Disallow access to .bzr, . git, .hg, .svn, .cvs directories : return 404 as not to disclose
287293## information.
294+ location ^~ /.bzr {
295+ return 404 ;
296+ }
297+
288298location ^~ /.git {
289299 return 404 ;
290300}
291301
302+ location ^~ /.hg {
303+ return 404 ;
304+ }
305+
306+ location ^~ /.svn {
307+ return 404 ;
308+ }
309+
310+ location ^~ /.cvs {
311+ return 404 ;
312+ }
313+
292314## Disallow access to patches directory.
293315location ^~ /patches {
294316 return 404 ;
0 commit comments