Skip to content

Instantly share code, notes, and snippets.

@advename

advename/nginx-lemp-config-file.md

Last active February 19, 2020 19:55
Show Gist options
  • Save advename/e09f91c6f9525809fe845bc545d8d269 to your computer and use it in GitHub Desktop.
Save advename/e09f91c6f9525809fe845bc545d8d269 to your computer and use it in GitHub Desktop.
Download ZIP
NGINX LEMP config file
Raw
nginx-lemp-config-file.md

NGINX LEMP config file

This is a basic configuration file for NGINX

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        client_max_body_size 256M;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        #Which domain names will this vhost respond to
        server_name  _ ;

        location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }
        error_page 404 /index.php;

        location ~ \.php$ {
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
          fastcgi_index index.php;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_intercept_errors off;
          fastcgi_buffer_size 16k;
          fastcgi_buffers 4 16k;
          fastcgi_connect_timeout 600;
          fastcgi_send_timeout 600;
          fastcgi_read_timeout 600;
        }

    location ~ /\.ht {
        deny all;
    }
    
    # Deny access to any git repository
    location ~ /\.git {
        deny all;
    }
    
    # Deny access to xmlrpc.php - a common brute force target against Wordpress
    location = /xmlrpc.php {
        deny all;
        access_log off;
        log_not_found off;
        return 444; 
    }    
    

}

Explanation:

Here’s what each of these directives and location blocks do:

  • listen — Defines what port Nginx will listen on. In this case, it will listen on port 80, the default port for HTTP.
  • root — Defines the document root where the files served by the website are stored.
  • index — Configures Nginx to prioritize serving files named index.php when an index file is requested, if they’re available.
  • server_name — Defines which server block should be used for a given request to your server. Point this directive to your server's domain name or public IP address. If you currently only use an IP address, use _ as the value.
  • location / — The first location block includes a try_files directive, which checks for the existence of files matching a URI request. If Nginx cannot find the appropriate file, it will return a 404 error.
  • location ~ \.php$ — This location block handles the actual PHP processing by pointing Nginx to the fastcgi-php.conf configuration file and the php7.2-fpm.sock file, which declares what socket is associated with php-fpm.
  • location ~ /\.ht — The last location block deals with .htaccess files, which Nginx does not process. By adding the deny all directive, if any .htaccess files happen to find their way into the document root they will not be served to visitors.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment