Created
November 3, 2018 11:45
-
-
Save admataz/9ac071fdd072b6010daf94a4c888fb91 to your computer and use it in GitHub Desktop.
wordpess running on nginx with https behind a load balancer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
include global/restrictions.conf; | |
# Global restrictions configuration file. | |
# Designed to be included in any server {} block. | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~ /\. { | |
deny all; | |
} | |
# Deny access to any files with a .php extension in the uploads directory | |
# Works in sub-directory installs and also in multisite network | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~* /(?:uploads|files)/.*\.php$ { | |
deny all; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
} | |
# WordPress single site rules. | |
# Designed to be included in any server {} block. | |
# This order might seem weird - this is attempted to match last if rules below fail. | |
# http://wiki.nginx.org/HttpCoreModule | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
# Add trailing slash to */wp-admin requests. | |
#rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
# Directives to send expires headers and turn off 404 error logging. | |
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { | |
access_log off; log_not_found off; expires max; | |
} | |
# Uncomment one of the lines below for the appropriate caching plugin (if used). | |
#include global/wordpress-wp-super-cache.conf; | |
#include global/wordpress-w3-total-cache.conf; | |
# Pass all .php files onto a php-fpm/php-fcgi server. | |
location ~ [^/]\.php(/|$) { | |
fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
if (!-f $document_root$fastcgi_script_name) { | |
return 404; | |
} | |
# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default) | |
include fastcgi_params; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# fastcgi_intercept_errors on; | |
fastcgi_pass php; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
server_name example.com; | |
root /var/www/html; | |
index index.html index.php; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
if ($http_x_forwarded_proto = "http") { | |
rewrite ^/(.*)$ https://$host/$1 permanent; | |
} | |
include global/restrictions.conf; | |
# Additional rules go here. | |
# Only include one of the files below. | |
include global/wordpress.conf; | |
# listens both on IPv4 and IPv6 on 443 and enables HTTPS and HTTP/2 support. | |
# HTTP/2 is available in nginx 1.9.5 and above. | |
listen 80; | |
client_max_body_size 24M; | |
real_ip_header X-Forwarded-For; | |
set_real_ip_from 192.168.255.0/24; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// this will hopefully save me some time in the future when having to configure WP sites | |
//we are behind a load balancer - and to avoid constant redirects to self when | |
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on'; | |
/* | |
other standard configs | |
*/ | |
// hard code the redirect URLs | |
define('WP_HOME','https://example.com'); | |
define('WP_SITEURL','https://example.com'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment