Skip to content

Instantly share code, notes, and snippets.

@Tusko
Created May 19, 2024 13:42
Show Gist options
  • Save Tusko/2c4fb8c8d2480b7a892ca8e32ca61dcf to your computer and use it in GitHub Desktop.
Save Tusko/2c4fb8c8d2480b7a892ca8e32ca61dcf to your computer and use it in GitHub Desktop.
Hestia Nginx/PHP-FPM for WP Fastest Cache
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
server {
listen %ip%:%web_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
try_files $uri $uri/ /index.php?$args;
log_not_found off;
access_log off;
}
location ~ /\.(?!well-known\/) {
deny all;
return 404;
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
return 403;
}
location / {
error_page 418 = @cachemiss; # to handle cache misses
error_page 419 = @mobileaccess; # to handle mobile visits
recursive_error_pages on;
set $pathDomain "/wp-content/cache/${host}/all${uri}"; # path domain for multisite
set $path "/wp-content/cache/all${uri}";
# bypass POST requests
if ($request_method = POST) { return 418; }
# uncommenting the following degrades the performance on certain sites. YMMV
# if ($query_string != "") { return 418; }
# bypass cache for common query strings
if ($arg_s != "") { return 418; } # search query
if ($arg_p != "") { return 418; } # request a post / page by ID
if ($args ~ "amp") { return 418; } # amp test
if ($arg_preview = "true") { return 418; } # preview post / page
if ($arg_ao_noptimize != "") { return 418; } # support for Autoptimize plugin
# if WP related cookies are found, skip cache
if ($http_cookie ~* "wordpress_logged_in_") { return 418; }
if ($http_cookie ~* "comment_author_") { return 418; }
if ($http_cookie ~* "wp_postpass_") { return 418; }
# avoid duplicate content on Amazon CloudFront and KeyCDN.
if ( $http_user_agent = "Amazon CloudFront" ) { return 403; access_log off; }
if ($http_x_pull = "KeyCDN") { return 403; access_log off; }
# look for cached version; if-not-found, then send the request to PHP
try_files "${path}index.html" "${path}/index.html" "${pathDomain}index.html" "${pathDomain}/index.html" $uri $uri/ /index.php$is_args$args;
add_header "X-Cache" "HIT - WP Fastest Cache";
add_header "X-CF-Powered-By" "WP Fastest Cache";
add_header "Vary" "Cookie";
expires 1h;
add_header "Cache-Control" "must-revalidate";
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 30d;
fastcgi_hide_header "Set-Cookie";
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
return 404;
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
return 403;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 30d;
fastcgi_hide_header "Set-Cookie";
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
return 404;
}
location ~ [^/]\.php(/|$) {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
set $no_cache 1;
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
set $no_cache 1;
}
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
proxy_hide_header Upgrade;
location @cachemiss {
# on cache miss, send the request to PHP
try_files $uri $uri/ /index.php$is_args$args;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
try_files $uri $uri/ /index.php?$args;
log_not_found off;
access_log off;
}
location ~ /\.(?!well-known\/) {
deny all;
return 404;
}
location / {
error_page 418 = @cachemiss; # to handle cache misses
error_page 419 = @mobileaccess; # to handle mobile visits
recursive_error_pages on;
set $pathDomain "/wp-content/cache/${host}/all${uri}"; # path domain for multisite
set $path "/wp-content/cache/all${uri}";
# bypass POST requests
if ($request_method = POST) { return 418; }
# uncommenting the following degrades the performance on certain sites. YMMV
# if ($query_string != "") { return 418; }
# bypass cache for common query strings
if ($arg_s != "") { return 418; } # search query
if ($arg_p != "") { return 418; } # request a post / page by ID
if ($args ~ "amp") { return 418; } # amp test
if ($arg_preview = "true") { return 418; } # preview post / page
if ($arg_ao_noptimize != "") { return 418; } # support for Autoptimize plugin
# if WP related cookies are found, skip cache
if ($http_cookie ~* "wordpress_logged_in_") { return 418; }
if ($http_cookie ~* "comment_author_") { return 418; }
if ($http_cookie ~* "wp_postpass_") { return 418; }
# avoid duplicate content on Amazon CloudFront and KeyCDN.
if ( $http_user_agent = "Amazon CloudFront" ) { return 403; access_log off; }
if ($http_x_pull = "KeyCDN") { return 403; access_log off; }
# look for cached version; if-not-found, then send the request to PHP
try_files "${path}index.html" "${path}/index.html" "${pathDomain}index.html" "${pathDomain}/index.html" $uri $uri/ /index.php$is_args$args;
add_header "X-Cache" "HIT - WP Fastest Cache";
add_header "X-CF-Powered-By" "WP Fastest Cache";
add_header "Vary" "Cookie";
expires 1h;
add_header "Cache-Control" "must-revalidate";
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 30d;
fastcgi_hide_header "Set-Cookie";
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
return 404;
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
return 403;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 30d;
fastcgi_hide_header "Set-Cookie";
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
return 404;
}
location ~ [^/]\.php(/|$) {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
set $no_cache 1;
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
set $no_cache 1;
}
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
proxy_hide_header Upgrade;
location @cachemiss {
# on cache miss, send the request to PHP
try_files $uri $uri/ /index.php$is_args$args;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment