ansulev/nginx-pcache-default.conf

## nginx-pcache-default.conf
#fix 504 gateway timeouts, can go in nginx.conf
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;

#set the location of the cached files, zone, name, size (100 MB) and how long to cache for 600 minutes
proxy_cache_path /var/run/proxy-cache levels=1:2 keys_zone=WORDPRESS:10m max_size=100m
inactive=600m;
proxy_cache_key $scheme$host$request_uri;

#prevent header too large errors
proxy_buffers 256 16k;
proxy_buffer_size 32k;

#httpoxy exploit protection
proxy_set_header Proxy "";

server {
listen 443 default;

 ssl on;
 ssl_certificate /srv/certificates/cert.crt;
 ssl_certificate_key /srv/certificates/private.key;
 ssl_session_timeout 5m;
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
 ssl_prefer_server_ciphers on;

access_log /var/log/nginx/proxy-access.log;
error_log /var/log/nginx/proxy-error.log;
add_header X-Cache $upstream_cache_status;

set $do_not_cache '';
set $bypass '';

#security for bypass (put your external ip here)
if ($remote_addr ~ "^(127.0.0.1|XXX.XXX.XXX.XXX)$") {
set $bypass $http_secret_header;
}

if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}

location / {
proxy_set_header Host $host;
proxy_redirect off;
proxy_cache WORDPRESS;
proxy_cache_revalidate on;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache_bypass $bypass $do_not_cache;
proxy_no_cache $do_not_cache;
proxy_cache_valid 200 301 302 500m;
proxy_cache_valid 404 1m;

#can rename PURGE to whatever you want, should restrict it to back-end server requests for security
#proxy_cache_purge PURGE from 127.0.0.1 XXX.XXX.XXX.XXX;
proxy_pass https://127.0.0.1:8443;
}

location ~ /purge(/.*) {
allow 127.0.0.1;
allow 130.211.71.194;
deny all;
#proxy_cache_purge WORDPRESS $scheme$host$1;
}
}
	#fix 504 gateway timeouts, can go in nginx.conf
	proxy_connect_timeout 600;
	proxy_send_timeout 600;
	proxy_read_timeout 600;
	send_timeout 600;

	#set the location of the cached files, zone, name, size (100 MB) and how long to cache for 600 minutes
	proxy_cache_path /var/run/proxy-cache levels=1:2 keys_zone=WORDPRESS:10m max_size=100m
	inactive=600m;
	proxy_cache_key $scheme$host$request_uri;

	#prevent header too large errors
	proxy_buffers 256 16k;
	proxy_buffer_size 32k;

	#httpoxy exploit protection
	proxy_set_header Proxy "";

	server {
	listen 443 default;

	ssl on;
	ssl_certificate /srv/certificates/cert.crt;
	ssl_certificate_key /srv/certificates/private.key;
	ssl_session_timeout 5m;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;

	access_log /var/log/nginx/proxy-access.log;
	error_log /var/log/nginx/proxy-error.log;
	add_header X-Cache $upstream_cache_status;

	set $do_not_cache '';
	set $bypass '';

	#security for bypass (put your external ip here)
	if ($remote_addr ~ "^(127.0.0.1\|XXX.XXX.XXX.XXX)$") {
	set $bypass $http_secret_header;
	}

	if ($http_cookie ~* "comment_author_\|wordpress_(?!test_cookie)\|wp-postpass_" ) {
	set $do_not_cache 1;
	}

	location / {
	proxy_set_header Host $host;
	proxy_redirect off;
	proxy_cache WORDPRESS;
	proxy_cache_revalidate on;
	proxy_ignore_headers Expires Cache-Control;
	proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
	proxy_cache_bypass $bypass $do_not_cache;
	proxy_no_cache $do_not_cache;
	proxy_cache_valid 200 301 302 500m;
	proxy_cache_valid 404 1m;

	#can rename PURGE to whatever you want, should restrict it to back-end server requests for security
	#proxy_cache_purge PURGE from 127.0.0.1 XXX.XXX.XXX.XXX;
	proxy_pass https://127.0.0.1:8443;
	}

	location ~ /purge(/.*) {
	allow 127.0.0.1;
	allow 130.211.71.194;
	deny all;
	#proxy_cache_purge WORDPRESS $scheme$host$1;
	}
	}