NGINX + PHP FastCGI для 1С-Битрикс

Установка и настройка NGINX + PHP FastCGI

Конфиг PHP FastCGI для сайта (/etc/php-fpm.d/site.net.conf)

[site.net]
user = site
group = site
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
;pm.max_requests = 500
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = /home/site/site.net/logs/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
slowlog = /home/site/site.net/logs/slow.log
;request_slowlog_timeout = 0
;request_slowlog_trace_depth = 20
;request_terminate_timeout = 0
;rlimit_files = 1024
;rlimit_core = 0
;chroot =
chdir = /home/site/site.net/public
;catch_workers_output = yes
;clear_env = no
;security.limit_extensions = .php .php3 .php4 .php5 .php7

;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /home/site/site.net/logs
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_admin_value[mbstring.func_overload] = 2
php_admin_value[mbstring.internal_encoding] = UTF-8
php_value[session.save_handler] = files
php_value[session.save_path]    = /home/site/site.net/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
;php_value[opcache.file_cache]  = /var/lib/php/opcache

Конфиг NGINX битрикса (/etc/nginx/bx/general.conf)

set $test_file "bitrix/html_pages/$host$uri/index@$args.html";
set $storedAuth "";
set $usecache "";

# check user auth
if ( $cookie_BITRIX_SM_LOGIN != "" ) { set $storedAuth "A"; }
if ( $cookie_BITRIX_SM_UIDH != "" ) { set $storedAuth "${storedAuth}B"; }
if ( $cookie_BITRIX_SM_CC != "Y" ) { set $storedAuth "${storedAuth}C"; }

# check all conditions for enable composite
if ( $http_bx_action_type = "" )     { set $usecache "A"; }
if ( $request_method = "GET" ) { set $usecache "${usecache}B"; }
if ( $cookie_BITRIX_SM_NCC = "" ) { set $usecache "${usecache}C"; }
if ( $http_x_forwarded_scheme !~ "https" ){ set $usecache "${usecache}D"; }
if ( $storedAuth !~ "ABC" ) { set $usecache "${usecache}E"; }

## cache location
location ~* @.*\.html$ {
	internal;
	root $fastcgi_root/bitrix/cache;
}

location / {
	root   $fastcgi_root;
	index index.php  index.html index.htm;
	if (!-e $request_filename){
		rewrite ^(.*)$ /bitrix/urlrewrite.php last;
	}
	if ( -f "$document_root/$test_file" ) { set $usecache "${usecache}F"; }
	if ($usecache = "ABCDEF" ){ rewrite .* /$test_file last; }
	gzip_min_length 1100;
}

if ($request_filename ~* \.(css|js|gif|png|jpg|jpeg|ico)$) {
	break;
}

location ~ \.php$ {
	root           $fastcgi_root;
	fastcgi_pass   127.0.0.1:$fastcgi_port;
	fastcgi_index  index.php;
	fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
	include        fastcgi_params;
	if (!-f $request_filename) {
		rewrite  ^(.*)/index.php$  $1/ redirect;
	}
	set $test_file "bitrix/html_pages/$host$1@$args.html";
	if ( -f "$document_root/$test_file" ) { set $usecache "${usecache}F"; }
	if ($usecache = "ABCDEF" ){ rewrite .* /$test_file last; }
}

Конфиг NGINX для сайта (/etc/nginx/conf.d/site.net.conf)

server {
    listen       80;
    server_name  site.net www.site.net;

    access_log  /home/site/site.net/logs/host.access.log  main;

    location / {
        location / {
			return 301 https://$host$request_uri;
		}
    }
}

server {
	listen	443 http2 ssl;
    server_name	site.net www.site.net;
	
	set $fastcgi_port	9001;
	set $fastcgi_root	/home/site/site.net/public;
	
	root	/home/site/site.net/public;
	index	index.php;

    charset	utf-8;
    access_log	/home/site/site.net/logs/host.access.ssl.log  main;
	
	ssl_certificate	"/var/www/ssl/site.net/certificate.pem";
	ssl_certificate_key	"/var/www/ssl/site.net/private.pem";
	ssl_session_cache	shared:SSL:1m;
	ssl_session_timeout	10m;
	ssl_ciphers	HIGH:!SSLv2:!SSLv3;
	ssl_prefer_server_ciphers	on;
	
	gzip	on;
	gzip_comp_level	7;
	gzip_types	application/x-javascript application/javascript text/css;
	
	include /etc/nginx/bx/general.conf;
}