Niemi/gist:549a7d9f1d49e1be59c2

## gistfile1.txt
#---------------------------------------------------------------------------
# @(#)$Id$
#title          :/etc/nginx/common/wpcommon.conf
#description    :ftmon cluster nginx common configurations for Wordpress.
#author         :Danny W Sheehan
#date           :July 2014
#website        :ftmon.org
#
# This is a work in progress. A lot of trial and error and man hours have
# gone into this configuration. I have referenced sources that have been
# helpful.
#
# ftmon cluster is tuned for KVM with 1G of memory and 1 cpu.
#
# Final configuration will be available at https://github.com/ftmon as
# opensource.
#---------------------------------------------------------------------------
# WordPress Common Settings

# Based on the following with improvements and simplifications.
# https://raw.github.com/rtCamp/easyengine/master/etc/nginx/common/wpcommon.conf

# multisite redirects.
location @wpmulti {


  # wp multisite permalinks
  if (!-e $request_filename) {

    # Redirect wp-admin To wp-admin/
    rewrite /wp-admin$ $real_scheme://$host$uri/ permanent;

    # Redirect wp-* Files/Folders
    rewrite ^(/[^/]+)?(/wp-.*) $2 last;

    # Redirect Other PHP Files
    rewrite ^(/[^/]+)?(/.*\.php) $2 last;

    # PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
    rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
    rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
  }
}

# The following allows the wordpress error page to be displayed
# when directories and non recognized .php files are entered.
# rather than the default nginx page, which tells hackers you are
# using NGINX this will use wordpress 404 handling.
error_page   405   = @handler;
error_page   404   = @handler;

location @handler {
  rewrite / /index.php;
}


# Deny areas that should not be public
# http://blog.bigdinosaur.org/wordpress-on-nginx/
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }

location /wp-content/ { internal; }
location /wp-includes/ { internal; }

# Stop anyone from executing uploaded files by forcing their MIME type
# to text/plain
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
  types { }
  default_type text/plain;
}


## Pass PHP scripts to PHP-FPM
location ~ \.php$ {

  # Zero-day exploit defence.
  #  http://forum.nginx.org/read.php?2,88845,page=3
  # This method obviously won't work properly (404 error) if your
  # php-fpm server is on a remote server.
  try_files $uri =404;

  # set "cgi.fix_pathinfo = 0;" in php.ini
  fastcgi_split_path_info ^(.+\.php)(/.+)$;

  include fastcgi_params;

  fastcgi_pass wpm-php-servers;
  fastcgi_index index.php;

  fastcgi_read_timeout 500;

  # avoid "upstream sent too big header while reading response header" errors
  fastcgi_buffers 16 32k;
  fastcgi_buffer_size 32k;

  # fastcgi_keep_conn   on;

  # In PHP the SCRIPT_FILENAME parameter is used for determining the
  # script name and the QUERY_STRING parameter is used to pass request
  # parameters.
  fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;

  # The documentation at http://fr2.php.net/manual/en/reserved.variables.server.php states:
  # 'HTTPS'
  # Set to a non-empty value if the script was queried through the HTTPS protocol.
  # http://techtalk.virendrachandak.com/php-isset-vs-empty-vs-is_null/
  # http://phpsnips.com/571/Check-if-we-are-using-HTTPS-or-not#.U6S2DPmSx8E
  fastcgi_param HTTPS            $real_ssl;
  fastcgi_param HTTP_SCHEME      $real_scheme;
  fastcgi_param SERVER_PORT      $real_port;

  # If you want the real host name of your vistors to appear in your logs.
  # There is an obvious performance hit if you have a high traffic blog.
  #fastcgi_param REMOTE_HOST     $rdns_hostname;
  #rdns double;
}
	#---------------------------------------------------------------------------
	# @(#)$Id$
	#title :/etc/nginx/common/wpcommon.conf
	#description :ftmon cluster nginx common configurations for Wordpress.
	#author :Danny W Sheehan
	#date :July 2014
	#website :ftmon.org
	#
	# This is a work in progress. A lot of trial and error and man hours have
	# gone into this configuration. I have referenced sources that have been
	# helpful.
	#
	# ftmon cluster is tuned for KVM with 1G of memory and 1 cpu.
	#
	# Final configuration will be available at https://github.com/ftmon as
	# opensource.
	#---------------------------------------------------------------------------
	# WordPress Common Settings

	# Based on the following with improvements and simplifications.
	# https://raw.github.com/rtCamp/easyengine/master/etc/nginx/common/wpcommon.conf

	# multisite redirects.
	location @wpmulti {


	# wp multisite permalinks
	if (!-e $request_filename) {

	# Redirect wp-admin To wp-admin/
	rewrite /wp-admin$ $real_scheme://$host$uri/ permanent;

	# Redirect wp-* Files/Folders
	rewrite ^(/[^/]+)?(/wp-.*) $2 last;

	# Redirect Other PHP Files
	rewrite ^(/[^/]+)?(/.*\.php) $2 last;

	# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
	rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
	}
	}

	# The following allows the wordpress error page to be displayed
	# when directories and non recognized .php files are entered.
	# rather than the default nginx page, which tells hackers you are
	# using NGINX this will use wordpress 404 handling.
	error_page 405 = @handler;
	error_page 404 = @handler;

	location @handler {
	rewrite / /index.php;
	}


	# Deny areas that should not be public
	# http://blog.bigdinosaur.org/wordpress-on-nginx/
	location ~* wp-admin/includes { deny all; }
	location ~* wp-includes/theme-compat/ { deny all; }
	location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }

	location /wp-content/ { internal; }
	location /wp-includes/ { internal; }

	# Stop anyone from executing uploaded files by forcing their MIME type
	# to text/plain
	location ~* ^/wp-content/uploads/.*.(html\|htm\|shtml\|php)$ {
	types { }
	default_type text/plain;
	}


	## Pass PHP scripts to PHP-FPM
	location ~ \.php$ {

	# Zero-day exploit defence.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# This method obviously won't work properly (404 error) if your
	# php-fpm server is on a remote server.
	try_files $uri =404;

	# set "cgi.fix_pathinfo = 0;" in php.ini
	fastcgi_split_path_info ^(.+\.php)(/.+)$;

	include fastcgi_params;

	fastcgi_pass wpm-php-servers;
	fastcgi_index index.php;

	fastcgi_read_timeout 500;

	# avoid "upstream sent too big header while reading response header" errors
	fastcgi_buffers 16 32k;
	fastcgi_buffer_size 32k;

	# fastcgi_keep_conn on;

	# In PHP the SCRIPT_FILENAME parameter is used for determining the
	# script name and the QUERY_STRING parameter is used to pass request
	# parameters.
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

	# The documentation at http://fr2.php.net/manual/en/reserved.variables.server.php states:
	# 'HTTPS'
	# Set to a non-empty value if the script was queried through the HTTPS protocol.
	# http://techtalk.virendrachandak.com/php-isset-vs-empty-vs-is_null/
	# http://phpsnips.com/571/Check-if-we-are-using-HTTPS-or-not#.U6S2DPmSx8E
	fastcgi_param HTTPS $real_ssl;
	fastcgi_param HTTP_SCHEME $real_scheme;
	fastcgi_param SERVER_PORT $real_port;

	# If you want the real host name of your vistors to appear in your logs.
	# There is an obvious performance hit if you have a high traffic blog.
	#fastcgi_param REMOTE_HOST $rdns_hostname;
	#rdns double;
	}