Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nginx Configuration Files for WordPress. Nginx is installed by YUM. @see:https://codex.wordpress.org/Nginx
server {
listen 80;
server_name dev.hoge.jp;
root /home/httpd/hoge/web/wordpress;
# Gzip
include conf.d/global/gzip.conf;
# WordPress Setting
include conf.d/global/wordpress_restrictions.conf;
#include conf.d/global/wordpress_dev.conf;
include conf.d/global/wordpress_live.conf;
}
#
# PHP-FPM
#
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_intercept_errors on;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_types text/plain
text/xml
text/css
application/xml
application/xhtml+xml
application/rss+xml
application/atom_xml
application/javascript
application/x-javascript
application/x-httpd-php;
gzip_disable "MSIE [1-6]\.";
gzip_buffers 16 8k;
#
# SSL
#
ssl on;
# ssl_certificate /etc/letsencrypt/live/dev.example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/dev.example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#
# WordPress single site rules.
# Designed to be included in any server {} block.
#
index index.php;
charset utf-8;
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
# Disable caching
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control no-cache;
expires off;
sendfile off;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include conf.d/global/fastcgi_php.conf;
client_max_body_size 5M;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
}
#
# WordPress single site rules.
# Designed to be included in any server {} block.
#
index index.php;
charset utf-8;
#
# fastcgi_cache start
# https://codex.wordpress.org/Nginx#Nginx_fastcgi_cache
set $no_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $no_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include conf.d/global/fastcgi_php.conf;
client_max_body_size 5M;
# Enable FastCGI cache
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 200 60m;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
}
#
# Global Restrictions for WordPress site
# Designed to be included in any server {} block.</p>
#
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny all xmlrpc.php access
location = /xmlrpc.php {
deny all;
access_log off;
}
# Deny all REST API access
location ^~ /wp-json/ {
deny all;
access_log off;
}
# Accept for Let's Encrypt(certbot)
location ^~ /.well-known/ {
access_log off;
log_not_found off;
autoindex off;
try_files $uri $uri/ =404;
}
# Deny less files
location ~* ^.+\.(less)$ {
deny all;
access_log off;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# FastCGI Cache
fastcgi_cache_path /var/cache/nginx/fastcgi_www levels=1:2 keys_zone=WORDPRESS:100m inactive=1d;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
include /etc/nginx/conf.d/*.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment