Nginx Configuration for 1C-Bitrix
Out of the box, Nginx has no knowledge of the Bitrix directory structure: try_files for clean URLs is not configured, service directories are not blocked, and static asset caching headers are not set. The typical result is a 404 on URLs without extensions, or open access to /bitrix/backup/.
Configuration Structure for Bitrix
Official Nginx + PHP-FPM configs are available in the Bitrix repository, but they are often used without being understood. The key blocks:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/bitrix;
index index.php;
charset utf-8;
client_max_body_size 100m;
# Bitrix clean URLs (SEF)
location / {
try_files $uri $uri/ /bitrix/urlrewrite.php$is_args$args;
}
# Direct urlrewrite call
location = /bitrix/urlrewrite.php {
fastcgi_pass php-fpm;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# PHP via FPM
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 120;
}
}
Blocking Service Directories
Mandatory security rules for Bitrix:
# Block access to service directories
location ~* ^/bitrix/(backup|modules|php_interface|tools)/ {
deny all;
return 403;
}
# Block .htaccess and hidden files
location ~ /\. {
deny all;
return 404;
}
# Prevent PHP execution in the upload directory
location ~* ^/upload/.*\.php$ {
deny all;
return 403;
}
The /upload directory must serve files but must not execute PHP — it is a common web shell upload vector.
Static Asset Caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf)$ {
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
immutable tells the browser that the file will not change before expires. This works for Bitrix versioned files (/bitrix/cache/css/[hash].css).
gzip Compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 5;
gzip_types
text/plain text/css application/json
application/javascript text/xml application/xml
image/svg+xml;
gzip_comp_level 5 — a balanced trade-off between CPU usage and compression ratio. Levels 7–9 yield minimal additional compression at a noticeable CPU cost.
Bitrix Composite (HTML Cache) and Nginx
Bitrix Composite stores HTML in /bitrix/html_pages/. Nginx can serve these files without invoking PHP:
location / {
# Check whether a cached HTML page exists
set $cache_path "/bitrix/html_pages${uri}";
if (-f "${document_root}${cache_path}.html") {
rewrite ^ ${cache_path}.html last;
}
try_files $uri $uri/ /bitrix/urlrewrite.php$is_args$args;
}
location ~* /bitrix/html_pages/ {
internal;
add_header X-Bitrix-Composite "HIT";
}
Static pages from the HTML cache are served by Nginx without starting PHP-FPM — a 10–50x speedup for unauthenticated visitors.
Case Study: Incorrect try_files
An online store after a server migration: all catalog pages returned 404, while the homepage worked. Cause: the config had try_files $uri $uri/ @bitrix; with a named location @bitrix that was defined incorrectly and did not forward $args. As a result, the URL /catalog/electronics/?SECTION_ID=5 lost its query parameters. Correcting it to the standard try_files $uri $uri/ /bitrix/urlrewrite.php$is_args$args resolved everything.
Estimated time to configure Nginx for Bitrix from scratch: 0.5–1 day.