NGINX config files

[segera]

I think I got it to work for about 95% so please let me know what I am missing...

 

in /etc/nginx/conf.d/MYDOMAIN.conf

server {
        listen 80;
        listen [::]:80;
        server_name MYDOMAIN.TLD;
        return 301 https://www.MYDOMAIN.TLD$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name www.MYDOMAIN.TLD;

        root /var/www/MYDOMAIN.TLD;

        ssl_certificate /etc/letsencrypt/live/www.MYDOMAIN.TLD/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.MYDOMAIN.TLD/privkey.pem;

        include /etc/nginx/includes/loc_deny;
        #include /etc/nginx/includes/cloudflare;
        include /etc/nginx/includes/prestashop7;
        include /etc/nginx/includes/php;
}

in /etc/nginx/includes/loc_deny ==> I use this for different sites using different apps

location ~ /\. { deny all; access_log off; log_not_found off; } # .htaccess, .htpasswd, .DS_Store (Mac)
location ~ \.tpl$ { deny all;}
location ~ ~$ { access_log off; log_not_found off; deny all; }
location = /CVS { deny all; access_log off; log_not_found off; }
location ~* /(?:uploads|files|upload)/.*\.php$ { deny all; access_log off; log_not_found off; }
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; access_log off; log_not_found off; }
location ~ ^/(bin|SQL)/ { deny all; access_log off; log_not_found off; }
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ { deny all; access_log off; log_not_found off; }
location ~* wp-config.php { deny all; access_log off; log_not_found off; }
location ~ ^/\.user\.ini { deny all; access_log off; log_not_found off; }

in /etc/nginx/includes/prestashop7  ==> change MY_ADMIN_FOLDER to your admin folder

    error_page 404 /index.php?controller=404;
    error_page 403 /index.php?controller=404; # fake that the source does not exist when access deny

    # jpg relocation
    location ~* ^/([0-9])([0-9])?([0-9])?([0-9])?([0-9]?)([0-9])?([0-9])?([0-9])?(-[_a-zA-Z0-9-]*)/([_a-zA-Z0-9-]*)(.jpg)$ {
        rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
        rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
    }

    location ~ ^/c/(.*){
        rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
    }

    include /etc/nginx/includes/loc_allow; #allow image, js & css files etc...

    # close the door please... extensions in loc_allow are already allowed, so close the rest...
    location  ~ ^/(app|bin|cache|classes|config|controllers|docs|download|js|localization|mails|modules|override|pdf|src|themes|tools|vendor)/(.*)$
        {deny all; access_log off; log_not_found off;}

    # Symfony controllers
    location  ~ ^/MY_ADMIN_FOLDER/index.php/(.*) {
        try_files $uri $uri/ /MY_ADMIN_FOLDER/index.php$is_args$args;
    }

    # language alias
    location ~ ^/([a-zA-Z][a-zA-Z])/(.*) {
        try_files $uri /index.php$is_args$args;
    }

    # api alias
    location ~ ^/api/(.*) {
        try_files $uri /webservice/dispatcher.php?url=$1;
    }

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

in /etc/nginx/includes/loc_allow ==> I use this for different sites using different apps

location = /robots.txt { allow all; log_not_found off; access_log off; }
location ~ /\.well-known { allow all; } # ssl
#location ~* \.(eot|otf|ttf|woff|woff2)$ { add_header Access-Control-Allow-Origin *; } # Cloudflare

location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|cur)$ {
        allow all; access_log off; log_not_found off; expires max;
}

location ~* ^.+\.(js|css)$ {allow all; access_log off; log_not_found off; expires 30d;}

in /etc/nginx/includes/php

location ~ [^/]\.php(/|$) {

    try_files $uri =403;

    include        fastcgi_params;
    fastcgi_index  index.php;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO       $fastcgi_path_info;

    fastcgi_keep_conn on;
    fastcgi_intercept_errors on;
    fastcgi_max_temp_file_size 0;
    fastcgi_temp_file_write_size 256k;
    fastcgi_buffer_size 8k;
    fastcgi_buffers 64 8k;
    fastcgi_busy_buffers_size 8k;
    fastcgi_send_timeout 180s; # send to php waiting
    fastcgi_read_timeout 300s; # wait for php to respond
    client_max_body_size 10m;  # size of request

    fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

Edited December 21, 2016 by segera (see edit history)

[dariodipa]

Hi Segera, with this works for u , the combination tab on Product ? and add specific prices.

[segera]

I updated the config and removed "translations" from the "close the door" part in /etc/nginx/includes/prestashop7

 

Yes combinations are shown... 

Edited December 19, 2016 by segera (see edit history)

[segera]

I think I got it working now... I altered my first post...

 

Please let me know if something still doesn't work...

[dariodipa]

dont work products tab and modules tab 

[segera]

your admin folder must be put here:

# Symfony controllers
location ~ ^/MY_ADMIN_FOLDER/index.php/(.*) {
    try_files $uri $uri/ /MY_ADMIN_FOLDER/index.php$is_args$args;
}

[dariodipa]

my bad.... works, but product combination tab on product still stuck.

[segera]

Could you please hit F12 in the browser then go to console and reload the page?

report any errors and/or file not found errors...

[dariodipa]

Yes, i add... specific works works fine, just dont work this combination tabs

 

error :

 

error after F5 (refresh) 

 

Edited December 21, 2016 by dariodipa (see edit history)

[segera]

I don't think you are using all of my files... or at least the latest version shown in my original post as you would not see teh 403 forbidden due to this line:

 error_page 403 /index.php?controller=404; # fake that the source does not exist when access deny

However 403 tells me more then 404.

Your javascript files are blocked probably because you don't use the loc_allow that allows all css and js files:

 include /etc/nginx/includes/loc_allow; #allow image, js & css files etc...

If you don't want to have the different files, but want to use them inside one single file you have to respect the order in which the files are included as that is very important.

then past the content of that included file at the moment it is included

[dariodipa]

sorry, u have right, i put the lines of loc_allow , bottom on a single file , so dont work.

i check the correct order, and works!!!!!!! i think is 100% functional, i told you by another if a found!

[dariodipa]

Hi, i updated presta 1.7.0.3 and every goes wrong haha.