adjust commented-out sample blocks for PHP and SSL configurations:

- add a small shared SSL session cache
- disable rc4 ciphers in sample config
- switch to a unix socket for php-fpm
- use try_files to avoid passing non-existing files to php
http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP

ok robert@

1 files changed, 7 insertions, 6 deletions

diff --git a/usr.sbin/nginx/conf/nginx.conf b/usr.sbin/nginx/conf/nginx.conf
index 227c0d4a5fb..8c7ba3ff59b 100644
--- a/usr.sbin/nginx/conf/nginx.conf
+++ b/usr.sbin/nginx/conf/nginx.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: nginx.conf,v 1.17 2014/03/20 12:34:28 sthen Exp $
+# $OpenBSD: nginx.conf,v 1.18 2014/03/27 10:40:42 sthen Exp $
 
 # Take note of http://wiki.nginx.org/Pitfalls
 
@@ -75,13 +75,13 @@ http {
         #    proxy_pass   http://127.0.0.1;
         #}
 
-        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        # pass the PHP scripts to FastCGI server listening on unix socket
         #
         #location ~ \.php$ {
-        #    root           /var/www/htdocs;
-        #    fastcgi_pass   127.0.0.1:9000;
+        #    try_files      $uri $uri/ =404;
+        #    fastcgi_pass   unix:run/php-fpm.sock;
         #    fastcgi_index  index.php;
-        #    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        #    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
         #    include        fastcgi_params;
         #}
 
@@ -116,8 +116,9 @@ http {
     #    ssl_certificate_key  /etc/ssl/private/server.key;
 
     #    ssl_session_timeout  5m;
+    #    ssl_session_cache    shared:SSL:1m;
 
-    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_ciphers  HIGH:!aNULL:!MD5:!RC4;
     #    ssl_prefer_server_ciphers   on;
     #}