I've been working on some changes to your D7 branch that you may be interested in and I'd like to hear your feedback.
I started by decoupling the upstream blocks from nginx.conf and the apps config files as I needed to be able to host different applications on the same nginx server while using different backends for each.
I also decoupled the zones (limit_conn_zone, limit_req_zone and microcache zones) so nginx.conf need not be modified when adding or removing one; I need this flexibility to use fail2ban.
I added a blockips.conf file which I also need for fail2ban (but can be used independently of it, of course), as well as map_mobile_useragent.conf which implements the change for the fastcgi_cache_key you documented in https://gist.github.com/perusio/1326701.
Still needs a bit of updating in the documentation of the example vhost but, basically, to select a backend for a vhost you'd just set the variable $upstream_id to the upstream name.
I'm not particularly crazy about the "proxy 0.0.0.0/0;" in the ACLs but I haven't seen any other solution to blocking access to status pages while behind a proxy (maybe it should default to /32 instead to be consistent with the real_ip config).
I've only tested this with PHP 5.5.9-1ubuntu4.5 (fpm-fcgi) and nginx/1.7.7 on Ubuntu 14.04.1, and only with drupal.conf but everything seems to be working as it should.
Hi!
I've been working on some changes to your D7 branch that you may be interested in and I'd like to hear your feedback.
I started by decoupling the upstream blocks from nginx.conf and the apps config files as I needed to be able to host different applications on the same nginx server while using different backends for each. I also decoupled the zones (limit_conn_zone, limit_req_zone and microcache zones) so nginx.conf need not be modified when adding or removing one; I need this flexibility to use fail2ban. I added a blockips.conf file which I also need for fail2ban (but can be used independently of it, of course), as well as map_mobile_useragent.conf which implements the change for the fastcgi_cache_key you documented in https://gist.github.com/perusio/1326701.
Still needs a bit of updating in the documentation of the example vhost but, basically, to select a backend for a vhost you'd just set the variable $upstream_id to the upstream name.
I'm not particularly crazy about the "proxy 0.0.0.0/0;" in the ACLs but I haven't seen any other solution to blocking access to status pages while behind a proxy (maybe it should default to /32 instead to be consistent with the real_ip config).
I've only tested this with PHP 5.5.9-1ubuntu4.5 (fpm-fcgi) and nginx/1.7.7 on Ubuntu 14.04.1, and only with drupal.conf but everything seems to be working as it should.
Looking forward to hearing from you