Настройка nginx для Yii

Yii 1.1

Пример из руководства по установке ru / en

yii 1.1 nginx

server {
    set $host_path "/www/mysite";
    access_log  /www/mysite/log/access.log  main;

    server_name  mysite;
    root   $host_path/htdocs;
    set $yii_bootstrap "index.php";

    charset utf-8;

    location / {
        index  index.html $yii_bootstrap;
        try_files $uri $uri/ /$yii_bootstrap?$args;
    }

    location ~ ^/(protected|framework|themes/\w+/views) {
        deny  all;
    }

    # отключаем обработку запросов фреймворком к несуществующим статичным файлам
    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
        try_files $uri =404;
    }

    # передаем PHP-скрипт серверу FastCGI, прослушивающему адрес 127.0.0.1:9000
    location ~ \.php {
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

        # позволяем yii перехватывать запросы к несуществующим PHP-файлам
        set $fsn /$yii_bootstrap;
        if (-f $document_root$fastcgi_script_name){
            set $fsn $fastcgi_script_name;
        }

        fastcgi_pass   127.0.0.1:9000;
        include fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fsn;

        # PATH_INFO и PATH_TRANSLATED могут быть опущены, но стандарт RFC 3875 определяет для CGI
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fsn;
    }

    # не позволять nginx отдавать файлы, начинающиеся с точки (.htaccess, .svn, .git и прочие)
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}

Yii 2

https://www.nginx.com/resources/wiki/start/topics/recipes/yii/

Recommended Nginx Configuration

recommended nginx

server {
    charset utf-8;
    client_max_body_size 128M;

    listen 80; ## listen for ipv4
    #listen [::]:80 default_server ipv6only=on; ## listen for ipv6

    server_name mysite.test;
    root        /path/to/basic/web;
    index       index.php;

    access_log  /path/to/basic/log/access.log;
    error_log   /path/to/basic/log/error.log;

    location / {
        # Redirect everything that isn't a real file to index.php
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # uncomment to avoid processing of calls to non-existing static files by Yii
    #location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
    #    try_files $uri =404;
    #}
    #error_page 404 /404.html;

    # deny accessing php files for the /assets directory
    location ~ ^/assets/.*\.php$ {
        deny all;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000;
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        try_files $uri =404;
    }

    location ~* /\. {
        deny all;
    }
}

Таймауты и буферы

По советам Yii гуру

buffer

fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;

timeout

fastcgi_connect_timeout 600s;
fastcgi_send_timeout    600s;
fastcgi_read_timeout    600s;

Оффтоп для Apache

proxy_connect_timeout 900;
proxy_send_timeout    900;
proxy_read_timeout    900;
send_timeout          900;

Закрыть прямой доступ к каталогам yii

Для версии yii1

location ~ ^/(protected|framework|themes/\w+/views) {
        deny  all;
    }

Для версии yii2

location ~ ^/assets/.*\.php$ {
        deny all;
    }

location ~ /(protected|service|static|tools|vendor) {
        deny all;
        access_log off;
        log_not_found off;
    }

Secure cookie

Пример

'components' => [
        'session' => [
            'cookieParams' => [
                'httpOnly' => true,
                'secure' => true
            ]
        ],
        'cookies' => [
            'class' => 'yii\web\Cookie',
            'httpOnly' => true,
            'secure' => true
        ],
        'request' => [
            ....
            'csrfCookie' => [
                'httpOnly' => true,
                'secure' => true
            ]
        ],
        'user' => [
            ....
            'identityCookie' => [
                'name' => '_identity',
                'httpOnly' => true,
                'secure' => true,
            ],
        ],