worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; keepalive_timeout 65; server { listen 80; server_name localhost; root /srv/http/bugzilla; # optional if you don't have the autoindex module or have it off already autoindex off; # these do not conflict. see nginx's "location" documentation for more # information. location /attachments { return 403; } location /Bugzilla { return 403; } location /lib { return 403; } location /template { return 403; } location /contrib { return 403; } location /t { return 403; } location /xt { return 403; } location /data { return 403; } location /graphs { return 403; } location /rest { rewrite ^/rest/(.*)$ rest.cgi/$1 last; } location ~ (\.pm|\.pl|\.psgi|\.tmpl|localconfig.*|cpanfile)$ { return 403; } # if you are using webdot. adjust the IP to point to your webdot server. #location ~ ^/data/webdot/[^/]*\.dot$ { allow 127.0.0.1; deny all; } location ~ ^/data/webdot/[^/]*\.png$ { } location ~ ^/graphs/[^/]*\.(png|gif) { } location ~ \.(css|js)$ { expires 1y; add_header Cache-Control public; } location ~ \.cgi$ { location ~ ^/(json|xml)rpc\.cgi { # authenticated queries contain plain text passwords in the # query string, so we replace $request with $uri. adjust if you # aren't using "combined" log format. access_log /var/log/nginx/bugzilla.log combined; # '$remote_addr - $remote_user [$time_local] ' # '"$uri" $status $body_bytes_sent ' # '"$http_referer" "$http_user_agent"'; } include fastcgi_params; # omit the following two lines if using fcgiwrap fastcgi_index index.cgi; fastcgi_param SCRIPT_NAME ''; fastcgi_param PATH_INFO $uri; fastcgi_param BZ_CACHE_CONTROL 1; fastcgi_pass unix:/tmp/bugzilla.sock; } # optional but highly recommended due to the large sizes of these files gzip on; # add whatever global types you have specified; this option does not stack. gzip_types text/xml application/rdf+xml; } }