NGINX configuration

The below is a sample nginx.conf configuration from a working NGIX installation with fastcgi PHP support.

It is intended as inspiration/starting point for your configuration - as-is and by no means as a final, complete configuration.

#user  nobody;
worker_processes  4;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/;

events {
    worker_connections  1024;

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  2700;

	gzip on;
	gzip_vary on;
	gzip_min_length 1024;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/javascript application/xml application/json;
	gzip_disable "MSIE [1-6]\.";

	fastcgi_connect_timeout 2700s;
	fastcgi_keep_conn off;
	fastcgi_read_timeout 2700s;
	fastcgi_send_timeout 2700s;

	client_max_body_size 256m;

	server {
		   listen         80;
		   server_name    <YOUR_SERVER_FQDN>;
		   return         301 https://$server_name$request_uri;

    # HTTPS server
    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      <SYSTEM_PATH_TO_THE_SERVER_CERTIFICATED DIRECTORY>/your_server-cert.crt;
        ssl_certificate_key  <SYSTEM_PATH_TO_THE_SERVER_CERTIFICATED DIRECTORY>/your_server-private-key.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        root   <SYSTEM_PATH_TO_THE_SERVER_INSTALL>/public;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        # cache static frontend version content "forever" (rather one year) 
        location ~* ^/apps/browser-v[0-9\.]+(\-rc\d+)?-prod/.+\.(js|css|jpg|jpeg|png|gif|js|css|ico|swf|woff|woff2)$ {
            expires 1y;
            etag off;
            if_modified_since off;
			add_header Pragma "public";
            add_header Cache-Control "public, no-transform";

        # cache static portal content for one day 
        location ~* ^/(libs|doc|css|js)/.+\.(html|svg|js|css|jpg|jpeg|png|gif|ico|swf|woff|woff2)$ {
            expires 1d;
            etag off;
            if_modified_since off;
			add_header Pragma "public";
            add_header Cache-Control "public, no-transform";

		location / {
			index  index.html index.php;
			try_files $uri $uri/ /index.php$is_args$args;

		location ~ \.php$ {
			if ($request_uri ~* "^(.*/)index\.php$") {
				return 301 $1;
			try_files $uri =404;
			include        fastcgi_params;
			fastcgi_index  index.php;
			fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
		#error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        location ~ /\.ht {
            deny  all;