Last active
May 3, 2018 21:23
-
-
Save Smackouze/36cbe9341c1e0a5eab74b1a6b8d0f3b9 to your computer and use it in GitHub Desktop.
mydomain.com.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ansible managed | |
server { | |
listen [::]:443 ssl http2; | |
listen 443 ssl http2; | |
server_name www.mydomain.com; | |
access_log /srv/www/mydomain.com/logs/access.log main; | |
error_log /srv/www/mydomain.com/logs/error.log; | |
root /srv/www/mydomain.com/current/web; | |
index index.php index.htm index.html; | |
add_header Fastcgi-Cache $upstream_cache_status; | |
# Specify a charset | |
charset utf-8; | |
# Set the max body size equal to PHP's max POST size. | |
client_max_body_size 25m; | |
# Fastcgi cache conditions | |
set $skip_cache 0; | |
if ($query_string != "") { | |
set $skip_cache 1; | |
} | |
if ($request_uri ~* "/wp-admin/|/wp-json/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { | |
set $skip_cache 1; | |
} | |
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { | |
set $skip_cache 1; | |
} | |
# SSL configuration | |
include h5bp/directive-only/ssl.conf; | |
include h5bp/directive-only/ssl-stapling.conf; | |
ssl_dhparam /etc/nginx/ssl/dhparams.pem; | |
ssl_buffer_size 1400; # 1400 bytes to fit in one MTU | |
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; "; | |
ssl_certificate /etc/nginx/ssl/letsencrypt/mydomain.com-ee9923e-bundled.cert; | |
ssl_certificate_key /etc/nginx/ssl/letsencrypt/mydomain.com.key; | |
include acme-challenge-location.conf; | |
include includes.d/all/*.conf; | |
include includes.d/mydomain.com/*.conf; | |
# Prevent PHP scripts from being executed inside the uploads folder. | |
location ~* /app/uploads/.*\.php$ { | |
deny all; | |
} | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
include h5bp/directive-only/cache-file-descriptors.conf; | |
include h5bp/directive-only/extra-security.conf; | |
include h5bp/directive-only/x-ua-compatible.conf; | |
include h5bp/location/cross-domain-fonts.conf; | |
include h5bp/location/protect-system-files.conf; | |
location ~ \.php$ { | |
try_files $uri /index.php; | |
# Fastcgi cache settings | |
fastcgi_cache wordpress; | |
fastcgi_cache_valid 30s; | |
fastcgi_cache_bypass $skip_cache; | |
fastcgi_no_cache $skip_cache; | |
include fastcgi_params; | |
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; | |
fastcgi_param DOCUMENT_ROOT $realpath_root; | |
fastcgi_pass unix:/var/run/php-fpm-wordpress.sock; | |
} | |
} | |
# Redirect to https | |
server { | |
listen [::]:80; | |
listen 80; | |
server_name www.mydomain.com; | |
include acme-challenge-location.conf; | |
include includes.d/all/*.conf; | |
include includes.d/mydomain.com/*.conf; | |
location / { | |
return 301 https://$host$request_uri; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment