nystudio107/nginx-craft nystudio107/nginx-craft

  • Stars
    star
    307
  • Rank 135,683 (Top 3 %)
  • Language
  • License
    MIT License
  • Created almost 8 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
nystudio107/nginx-craft
github

nystudio107

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An Nginx virtual host configuration for Craft CMS that implements a number of best-practices.

nginx-craft

An Nginx virtual host configuration for Craft CMS that implements a number of best-practices.

Overview

What it handles

The Nginx-Craft configuration handles:

  • Redirecting from HTTP to HTTPS
  • Canonical domain rewrites from www.SOMEDOMAIN.com to SOMEDOMAIN.com
  • 301 Redirect URLs with trailing /'s as per https://webmasters.googleblog.com/2010/04/to-slash-or-not-to-slash.html
  • Setting PATH_INFO properly via php-fpm -> PHP
  • Setting HTTP_HOST to mitigate HTTP_HOST Security Issues
  • "Far-future" Expires headers
  • Enable serving of static gzip files via gzip_static
  • Adding XSS and other security headers
  • Gzip compression
  • Filename-based cache busting for static resources
  • IPv4 and IPv6 support
  • http2 support
  • Reasonable SSL cipher suites and TLS protocols
  • Localized sites
  • Server-side includes
  • Optionally includes Dotenvy generated .env files

Assumptions made

The following are assumptions made in this configuration:

  • The site is https
  • The SSL certificate is from LetsEncrypt.com
  • The canonical domain is SOMEDOMAIN.com (no www.)
  • Nginx is version 1.9.5 or later (and thus supports http2)
  • Paths are standard Ubuntu, change as needed
  • You're using php7.1 via php-fpm
  • You have 'omitScriptNameInUrls' => true, in your craft/general.php

If any of these assumptions are invalid, make the appropriate changes.

Note: We disable TLSv1.0 because it is insecure, but IE 8, 9 & 10 need to have support for TLSv1.1 manually enabled or they will not be able to connect.

What's included

This Nginx configuration comes in two parts:

  • sites-available/somedomain.com.conf - an Nginx virtual host configuration file tailored for Craft CMS; it will require some minor customization for your domain
  • nginx-partials - some Nginx configuration partials used by all of the virtual hosts, logically segregated. These don't need to be changed, but can be selectively disabled by changing the suffix to .off (or anything other than .conf)

Using Nginx-Craft

  1. Obtain an SSL certificate for your domain via LetsEncrypt.com (or via other certificate authorities). LetsEncrypt.com is free, and it's automated. You will need a basic server up and running that responds to port 80 to do this, LetsEnecrypt/Nginx tutorial
  2. Create a dhparam.pem via sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
  3. Download your Issuer certificate via mkdir /etc/nginx/ssl; sudo wget -O /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
  4. Upload the entire nginx-partials folder to /etc/nginx/
  5. Rename the somedomain.com.conf file to yourdomain.com.conf
  6. Do a search & replace in yourdomain.com.conf to change SOMEDOMAIN -> yourdomain
  7. Tweak any paths that may need changing on your server
  8. Change the fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; line to reflect whatever version of PHP you're running
  9. Restart nginx via sudo nginx -s reload

If you're using Forge, it takes care of a number of these things for you, but still needs tuning.

The same applies for CloudWays, ServerPilot, Homestead, MAMP, etc.

A Forge Template is provided in forge-templates/NginxTemplate.conf that you can use to automate setting up your Forge servers.

For this to work, you must clone the repo into /home/forge via:

git clone https://github.com/nystudio107/nginx-craft.git /home/forge

For further information on TLS optimization, see the How to properly configure your nginx for TLS article.

Forge & opcache

N.B.: Forge now has opcache functionality baked-in, you can enable it via the Server settings, so this information is largely deprecated.

If you're using Forge, understand that opcache is off by default. To enable it, go to your server in Forge, click on Edit Files and choose Edit PHP FPM Configuration and search on opcache. Here are the defaults I use; tweak them to suit your needs:

[opcache]
; Determines if Zend OPCache is enabled
opcache.enable=1

; Determines if Zend OPCache is enabled for the CLI version of PHP
;opcache.enable_cli=0

; The OPcache shared memory storage size.
opcache.memory_consumption=256

; The amount of memory for interned strings in Mbytes.
opcache.interned_strings_buffer=16

; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 100000 are allowed.
opcache.max_accelerated_files=8000

; If disabled, all PHPDoc comments are dropped from the code to reduce the
; size of the optimized code.
opcache.save_comments=0

More about tweaking opcache can be found in the Fine-Tune Your Opcache Configuration to Avoid Caching Suprises article. The Best Zend OpCache Settings/Tuning/Config article is very useful as well.

Local Development

While all of the configuration in the somedomain.com.conf will work fine in local development as well, some people might want a simpler setup for local development.

There is a basic_localdev.com.conf that you can use for a basic Nginx configuration that will work with Craft without any of the bells, whistles, or optimizations found in the somedomain.com.conf.

While this is suitable for getting up and running quickly for local development, do not use it in production. There are a number of performance optimizations missing from it.

Brought to you by nystudio107

More Repositories

1

annotated-webpack-config

This is the companion github repo for the "An Annotated webpack 4 Config for Frontend Web Development" article.
JavaScript
434
star
2

craft-scripts

Shell scripts to manage database backups, asset backups, file permissions, asset syncing, cache clearing, and database syncing between Craft CMS environments
Shell
364
star
3

seomatic

DEPRECATED A turnkey SEO implementation for Craft CMS 2.x that is comprehensive, powerful, and flexible
PHP
357
star
4

craft

nystudio107 Craft 3 CMS scaffolding project
Twig
289
star
5

craft-imageoptimize

Automatically create & optimize responsive image transforms, using either native Craft transforms or a service like Imgix, with zero template changes.
PHP
235
star
6

retour

DEPRECATED Retour allows you to intelligently redirect legacy URLs, so that you don't lose SEO value when rebuilding & restructuring a website.
PHP
168
star
7

craft-seomatic

SEOmatic facilitates modern SEO best practices & implementation for Craft CMS 3. It is a turnkey SEO system that is comprehensive, powerful, and flexible.
PHP
163
star
8

minify

DEPRECATED A simple plugin that allows you to minify blocks of HTML, CSS, and JS inline in Craft CMS templates
PHP
107
star
9

instantanalytics

DEPRECATED Instant Analytics brings full Google Analytics support to your Twig templates and automatic Craft Commerce integration with Google Enhanced Ecommerce.
PHP
101
star
10

craft-twigpack

Twigpack is a bridge between Twig and webpack, with manifest.json & webpack-dev-server HMR support
PHP
97
star
11

rollup-plugin-critical

Vite.js & Rollup plugin for generating critical CSS
TypeScript
88
star
12

devmode

Website for the devMode.fm podcast
Twig
85
star
13

craft-multi-environment

Efficient and flexible multi-environment config for Craft CMS
PHP
83
star
14

vitejs-docker-dev

Local development environment for developing vite.js via Docker container
Makefile
80
star
15

generator-craftplugin

generator-craftplugin is a Yeoman generator for Craft CMS plugins
PHP
73
star
16

craft3-multi-environment

DEPRECATED Efficient and flexible multi-environment config for Craft CMS
72
star
17

craft-typogrify

Typogrify prettifies your web typography by preventing ugly quotes and 'widows' and more
PHP
70
star
18

cookies

DEPRECATED Secure Cookies for Twig Templates in Craft CMS
PHP
68
star
19

generator-craftinstall

DEPRECATED generator-craftinstall is a Yeoman generator for Craft CMS installs
JavaScript
57
star
20

craft-vite

Allows the use of the Vite.js next generation frontend tooling with Craft CMS
PHP
50
star
21

buffer

DEPRECATED Send social updates to Twitter, Facebook, etc. through Buffer.com via Twig templates, URLs, and plugins.
PHP
44
star
22

richvariables

DEPRECATED Allows you to easily use Craft Globals as variables in Rich Text fields
PHP
44
star
23

craft-transcoder

Transcode video & audio files to various formats, and provide video thumbnails
PHP
43
star
24

craft-autocomplete

Provides Twig template IDE autocomplete of Craft CMS & plugin variables
PHP
41
star
25

recipe

DEPRECATED A comprehensive recipe FieldType for Craft CMS that includes metric/imperial conversion, portion calculation, and JSON-LD microdata support
PHP
38
star
26

craft-cookies

A simple plugin for setting and getting cookies from within Craft CMS templates.
PHP
37
star
27

craft-retour

Retour allows you to intelligently redirect legacy URLs, so that you don't lose SEO value when rebuilding & restructuring a website
PHP
36
star
28

craft-minify

A simple plugin that allows you to minify blocks of HTML, CSS, and JS inline in Craft CMS templates
PHP
36
star
29

twig-bundle-installer

Install, update, and manage Twig template bundles via Composer
PHP
35
star
30

dotenvy

Speed up your production sites by ditching .env for key/value variable pairs as Apache, Nginx, and shell equivalents
PHP
32
star
31

spin-up-craft

Spin up a working Craft CMS instance quickly & easily with Docker
Dockerfile
31
star
32

craft-routemap

Returns a list of Craft/Vue/React route rules and element URLs for ServiceWorkers from Craft entries
PHP
31
star
33

craft-recipe

A comprehensive recipe FieldType for Craft CMS that includes metric/imperial conversion, portion calculation, and JSON-LD microdata support
PHP
28
star
34

routemap

DEPRECATED Returns a list of Craft/Vue/React route rules and entry & asset URLs for ServiceWorkers from Craft entries
PHP
28
star
35

craft-similar

Similar for Craft lets you find elements, Entries, Categories, Commerce Products, etc, that are similar, based on... other related elements.
PHP
26
star
36

disqus

DEPRECATED Integrate the Disqus commenting system into Craft CMS websites, including Single Sign On (SSO) and custom login/logout URLs.
PHP
26
star
37

craft-emptycoalesce

Empty Coalesce adds the ??? operator to Twig that will return the first thing that is defined, not null, and not empty
PHP
26
star
38

eagerbeaver

DEPRECATED Allows you to eager load elements from auto-injected Entry elements on demand from your templates.
PHP
25
star
39

transcoder

DEPRECATED Transcode videos to various formats, and provide thumbnails of the video
PHP
25
star
40

craft-richvariables

Allows you to easily use Craft Globals as variables in Rich Text fields
PHP
25
star
41

craft-webperf

Webperf helps you build & maintain high quality websites through Real User Measurement of your website's performance
PHP
25
star
42

plugindev

nystudio107 Craft CMS plugin development environment scaffolding
PHP
23
star
43

fastcgicachebust

DEPRECATED Bust the Nginx FastCGI Cache when entries are saved or created.
PHP
22
star
44

craft-closure

Allows you to use arrow function closures in Twig
PHP
22
star
45

craft-twigprofiler

Twig Profiler allows you to profile sections of your Twig templates, and see the resulting timings in the Yii2 Debug Toolbar
PHP
21
star
46

craft-templatecomments

Adds a HTML comment with performance timings to demarcate `{% block %}`s and each Twig template that is included or extended.
PHP
20
star
47

craft-instantanalytics

Instant Analytics brings full Google Analytics support to your Twig templates and automatic Craft Commerce integration with Google Enhanced Ecommerce.
PHP
20
star
48

pathtools

DEPRECATED This twig plugin for the Craft CMS brings convenient path & url manipulation functions & filters to your Twig templates.
PHP
20
star
49

craft-fastcgicachebust

Bust the Nginx FastCGI Cache when entries are saved or created.
PHP
20
star
50

spin-up-statamic

Spin up a working Statamic instance quickly & easily with Docker
PHP
18
star
51

site-module

An example module for Craft CMS 3 that lets you enhance your websites with a custom site module
PHP
18
star
52

save-remote-file-webpack-plugin

webpack 4 plugin to download remote files, and save them locally
JavaScript
17
star
53

craft-youtubeliveembed

This plugin allows you to embed a YouTube live stream and/or live chat on your webpage
PHP
17
star
54

craft-connect

Allows you to connect to external databases and perform db queries
PHP
16
star
55

craft-twigfield

DEPRECATED: Provides a twig editor field with Twig & Craft API autocomplete
PHP
15
star
56

craft-eagerbeaver

DEPRECATED: Allows you to eager load elements from auto-injected Entry elements on demand from your templates.
PHP
14
star
57

tailwind-css-performance

Small repo to demonstrate the slow building of Tailwind CSS using `webpack-dev-server` HMR & PostCSS
JavaScript
13
star
58

docker-images

Docker image source files
Dockerfile
13
star
59

disclosedassets

DEPRECATED Allow your clients to find asset sub-folders by disclosing them by default
PHP
13
star
60

craft-disqus

Integrates the Disqus commenting system into Craft 3 websites, including Single Sign On (SSO) and custom login/logout URLs
PHP
12
star
61

vanillaforums

DEPRECATED Single Sign On plugin for VanillaForums/jsConnect and CraftCMS
PHP
11
star
62

craft-pathtools

This twig plugin for the Craft CMS brings convenient path & url manipulation functions & filters to your Twig templates.
PHP
11
star
63

craft-plugin-vite

Plugin Vite is the conduit between Craft CMS plugins and Vite, with manifest.json & HMR support
PHP
10
star
64

craft-units

Units is a plugin that can convert between any units of measure, and comes with a Field for content authors to use
PHP
9
star
65

craft-icalendar

Tools for parsing & formatting the RFC 2445 iCalendar (.ics) specification
PHP
8
star
66

gatsby-concurrent-mode

Enable Concurrent Mode in in React for Gatsby projects.
JavaScript
8
star
67

charcuterie-vue-vitest

charcuterie-vue-vitest
TypeScript
6
star
68

get-webpack-config

Utilities to help you modularize your webpack configs
JavaScript
6
star
69

craft-plugin-vite-buildchain

A drop-in buildchain for using Vite in your Craft CMS plugins or modules
TypeScript
6
star
70

create-symlink-webpack-plugin

webpack 4 plugin to generate symlinks
JavaScript
5
star
71

spin-up-statamic-starter

Starter kit to add Spin Up Statamic to your existing Statamic project
PHP
4
star
72

craft-code-field

Provides a Code Field that has a full-featured code editor with syntax highlighting & autocomplete
PHP
4
star
73

craft-code-editor

Provides a code editor field with Twig & Craft API autocomplete
PHP
4
star
74

craft-plugin-manifest

Plugin Manifest is the conduit between Craft CMS plugins and webpack, with manifest.json & webpack-dev-server HMR support
PHP
4
star
75

matrixfacades

This is a project demonstrates how to improve authoring experience Matrix Faรงades
PHP
4
star
76

.github

3
star
77

craft-vanillaforums

Single Sign On plugin for Vanilla Forums/jsConnect and CraftCMS
PHP
3
star
78

vitepress-starter

Starter repository for VitePress documenation
3
star
79

craft-twig-sandbox

Allows you to easily create a sandboxed Twig environment where you can control what tags, filters, functions, and object methods/properties are allowed
PHP
3
star
80

craft-twig-base-templates

Craft CMS Twig base templates
Twig
3
star
81

craft-instantanalytics-ga4

Instant Analytics brings full Google GA4 server-side analytics support to your Twig templates and automatic Craft Commerce integration
PHP
3
star
82

craft-imageoptimize-thumbor

Provides an Thumbor image transform type for the ImageOptimize plugin
PHP
2
star
83

craft-imageoptimize-imgix

Provides an Imgix image transform type for the ImageOptimize plugin.
PHP
2
star
84

docker-yeoman

node yeoman Docker images
Dockerfile
2
star
85

craft-imageoptimize-sharp

Provides an Sharp image transform type for the ImageOptimize plugin
PHP
2
star
86

fwt

Website for the Friends of Webster Trails website http://webstertrails.org/
Twig
2
star
87

test-twig-bundle

Test bundle of Twig templates for Bundle Installer
Twig
2
star
88

schemagen

Generates PHP models representing schema.org JSON-LD types
PHP
2
star
89

entitydecode

DEPRECATED Decodes HTML Entities
PHP
1
star
90

spin-up-statamic-peak

Spin up a working Statamic Peak quickly & easily with Docker
PHP
1
star
91

srcsetdev

TypeScript
1
star
92

craft-twig-base-components

Craft CMS Twig base components
Twig
1
star