|
server { |
|
##DM - uncomment following line for domain mapping |
|
listen 443 default_server ssl spdy; |
|
server_name thelastcicada.com www.thelastcicada.com; |
|
##DM - uncomment following line for domain mapping |
|
#server_name_in_redirect off; |
|
|
|
access_log /var/log/nginx/thelastcicada.com.access.log; |
|
error_log /var/log/nginx/thelastcicada.com.error.log; |
|
|
|
root /var/www/html/thelastcicada.com; |
|
index index.php; |
|
|
|
ssl on; |
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
|
ssl_prefer_server_ciphers on; |
|
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; |
|
ssl_buffer_size 8k; |
|
|
|
ssl_dhparam /etc/nginx/ssl/dh4096.pem; |
|
|
|
ssl_session_cache shared:SSL:10m; |
|
|
|
#ssl_certificate /etc/nginx/ssl/thelastcicada_com.crt; |
|
ssl_certificate /etc/nginx/ssl/ssl-bundle6.crt; |
|
ssl_certificate_key /etc/nginx/ssl/thelastcicada.key; |
|
|
|
ssl_session_timeout 10m; |
|
|
|
# Add SSL stapling |
|
ssl_stapling on; |
|
resolver 8.8.8.8; |
|
|
|
# Compress the SSL headers |
|
spdy_headers_comp 6; |
|
|
|
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; |
|
|
|
# Announce the SPDY alternate protocal |
|
add_header Alternate-Protocol 443:npn-spdy/3,443:npn-spdy/2; |
|
#add_header X-Frame-Options DENY; |
|
|
|
if (!-e $request_filename) { |
|
rewrite /wp-admin$ $scheme://$host$uri/ permanent; |
|
rewrite ^(/[^/]+)?(/wp-.*) $2 last; |
|
rewrite ^(/[^/]+)?(/.*\.php) $2 last; |
|
} |
|
|
|
location / { |
|
try_files $uri $uri/ /index.php?$args ; |
|
} |
|
|
|
# Microcaching |
|
#Cache everything by default |
|
set $no_cache 0; |
|
|
|
#Don't cache logged in users or commenters |
|
if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) { |
|
set $no_cache 1; |
|
} |
|
|
|
#Don't cache the following URLs |
|
if ($request_uri ~* "/(wp-admin/|wp-login.php)") |
|
{ |
|
set $no_cache 1; |
|
} |
|
|
|
location ~ \.php$ { |
|
try_files $uri =404; |
|
fastcgi_split_path_info ^(.+\.php)(/.+)$; |
|
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini |
|
|
|
include /etc/nginx/fastcgi_params; |
|
fastcgi_pass unix:/var/run/php5-fpm.sock; |
|
fastcgi_index index.php; |
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
|
|
|
#matches keys_zone in fastcgi_cache_path |
|
fastcgi_cache thelastcicada; |
|
|
|
#don't serve pages defined earlier |
|
fastcgi_cache_bypass $no_cache; |
|
|
|
#don't cache pages defined earlier |
|
fastcgi_no_cache $no_cache; |
|
|
|
#defines the default cache time |
|
fastcgi_cache_valid any 90s; |
|
|
|
#unsure what the impacts of this variable is |
|
fastcgi_max_temp_file_size 2M; |
|
|
|
#Use stale cache items while updating in the background |
|
fastcgi_cache_use_stale updating error timeout invalid_header http_500; |
|
fastcgi_cache_lock on; |
|
fastcgi_cache_lock_timeout 10s; |
|
|
|
add_header X-Cache $upstream_cache_status; |
|
|
|
} |
|
|
|
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { |
|
access_log off; log_not_found off; expires max; |
|
} |
|
|
|
location ~ /\. { deny all; access_log off; log_not_found off; } |
|
|
|
# This should match upload_max_filesize in php.ini |
|
client_max_body_size 20M; |
|
} |
|
|
|
server { |
|
##DM - uncomment following line for domain mapping |
|
#listen 80; |
|
server_name thelastcicada.com *.thelastcicada.com; |
|
|
|
rewrite (.*) https://thelastcicada.com$1 permanent; |
|
|
|
} |
/TheLastCicada.com nginx.conf
Last active