Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#---------------------------------------------------------------------------
# @(#)$Id$
#title :/etc/nginx/common/wpcommon.conf
#description :ftmon cluster nginx common configurations for Wordpress.
#author :Danny W Sheehan
#date :July 2014
#website :ftmon.org
#
# This is a work in progress. A lot of trial and error and man hours have
# gone into this configuration. I have referenced sources that have been
# helpful.
#
# ftmon cluster is tuned for KVM with 1G of memory and 1 cpu.
#
# Final configuration will be available at https://github.com/ftmon as
# opensource.
#---------------------------------------------------------------------------
# WordPress Common Settings
# Based on the following with improvements and simplifications.
# https://raw.github.com/rtCamp/easyengine/master/etc/nginx/common/wpcommon.conf
# multisite redirects.
location @wpmulti {
# wp multisite permalinks
if (!-e $request_filename) {
# Redirect wp-admin To wp-admin/
rewrite /wp-admin$ $real_scheme://$host$uri/ permanent;
# Redirect wp-* Files/Folders
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
# Redirect Other PHP Files
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
}
}
# The following allows the wordpress error page to be displayed
# when directories and non recognized .php files are entered.
# rather than the default nginx page, which tells hackers you are
# using NGINX this will use wordpress 404 handling.
error_page 405 = @handler;
error_page 404 = @handler;
location @handler {
rewrite / /index.php;
}
# Deny areas that should not be public
# http://blog.bigdinosaur.org/wordpress-on-nginx/
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
location /wp-content/ { internal; }
location /wp-includes/ { internal; }
# Stop anyone from executing uploaded files by forcing their MIME type
# to text/plain
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
types { }
default_type text/plain;
}
## Pass PHP scripts to PHP-FPM
location ~ \.php$ {
# Zero-day exploit defence.
# http://forum.nginx.org/read.php?2,88845,page=3
# This method obviously won't work properly (404 error) if your
# php-fpm server is on a remote server.
try_files $uri =404;
# set "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_pass wpm-php-servers;
fastcgi_index index.php;
fastcgi_read_timeout 500;
# avoid "upstream sent too big header while reading response header" errors
fastcgi_buffers 16 32k;
fastcgi_buffer_size 32k;
# fastcgi_keep_conn on;
# In PHP the SCRIPT_FILENAME parameter is used for determining the
# script name and the QUERY_STRING parameter is used to pass request
# parameters.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# The documentation at http://fr2.php.net/manual/en/reserved.variables.server.php states:
# 'HTTPS'
# Set to a non-empty value if the script was queried through the HTTPS protocol.
# http://techtalk.virendrachandak.com/php-isset-vs-empty-vs-is_null/
# http://phpsnips.com/571/Check-if-we-are-using-HTTPS-or-not#.U6S2DPmSx8E
fastcgi_param HTTPS $real_ssl;
fastcgi_param HTTP_SCHEME $real_scheme;
fastcgi_param SERVER_PORT $real_port;
# If you want the real host name of your vistors to appear in your logs.
# There is an obvious performance hit if you have a high traffic blog.
#fastcgi_param REMOTE_HOST $rdns_hostname;
#rdns double;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.