ok, I'm including my entire config for you here. There are a few things you should probably be aware of:
1) The main app served at '/' is a rails 3 app. I'm using rvm to manage gem sets and make sure the app is owned an run as a local user, not the nginx daemon user.
2) I'm using passenger standalone bound to a unix domain socket for raw speed on the rails app.
3) Wordpress is being served from a subdirectory, or rather what appears to the end-user to be a subdirectory, and am using php-fpm to serve up a fastcgi process.
4) I use capistrano for deployment, two separate deployments, actually... one for rails, one for the main wordpress files.
5) This thing runs wickedly fast. :-)
Hope this helps. Let me know how you end up.
#####################################
# Some Variables have been changed to protect the innocent ;-)
#####################################
#####################################
# First up, nginx.conf
#####################################
user <daemon_owner_user> <daemon_owner_group>;
worker_processes 10;
error_log logs/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log logs/access.log combined;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_comp_level 9;
gzip_types text/plain text/xml text/css text/x-js application/x-javascript;
gzip_disable "MSIE [1-6]\.";
include sites-enabled/*.conf;
}
#####################################
# Next, www.mysite.tld.conf
#####################################
upstream php {
server unix:/var/sock/php-fpm.sock;
}
server {
listen <listening_ip_addy>:80;
server_name mysite.tld;
rewrite ^(.*) http://www.mysite.tld$1 permanent;
}
server {
listen <listening_ip_addy>:80;
server_name www.atbbq.com;
include sites-available/www.mysite.tld.common;
}
server {
listen <listening_ip_addy>:443;
ssl on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL;
ssl_certificate_key /usr/local/nginx/ssl/www.mysite.tld.clearkey;
ssl_certificate /usr/local/nginx/ssl/www.mysite.tld.bundle.crt;
include sites-available/www.mysite.tld.common;
}
#####################################
# Then, www.mysite.tld.common
#####################################
location / {
proxy_redirect off;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/<app_user>/www.mysite.tld/root/passenger.sock:/;
}
# optimize exec regexp
location /blogsubdir/ {
root /home/<app_user>/www.mysite.tld/blogsubdir/current;
index index.php;
error_page 404 = @wp;
# PHP ($document_root = alias section)
location ~ ^/blogsubdir/.+\.php {
fastcgi_index index.php;
#fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_read_timeout 180;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_pass unix:/var/sock/php-fpm.sock;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
include fastcgi_params;
}
# static
location ~* ^/blogsubdir/(.+\.(jpg|js|jpeg|png|ico|gif|txt|js|css|swf|zip|rar|avi|exe|mpg|mp3|wav|mpeg|asf|wmv))$ {
# dynamic path
root /home/<app_user>/www.mysite.tld/blogsubdir/current;
}
}
location @wp {
rewrite ^/blogsubdir/(.+)$ /blogsubdir/index.php?q=$1 last;
}
# general static
location ~* ^.+\.(jpg|js|jpeg|png|ico|gif|txt|js|css|swf|zip|rar|avi|exe|mpg|mp3|wav|mpeg|asf|wmv)$ {
root /home/<app_user>/www.mysite.tld/root/current/public;
}
#####################################
# Finally, just in case you need it, here's the fastcgi_params
#####################################
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;