Skip to content

Instantly share code, notes, and snippets.

@cgrymala

cgrymala/default Secret

Last active September 5, 2024 01:37
Show Gist options
  • Save cgrymala/f1870b4c4d966b72c4b1 to your computer and use it in GitHub Desktop.
Save cgrymala/f1870b4c4d966b72c4b1 to your computer and use it in GitHub Desktop.
nginx config at UMW
server {
proxy_cache_valid 200 30m;
listen 80; ## listen for ipv4
server_name www.example.com;
access_log /var/log/nginx/access.log combined;
# Set the real IP.
proxy_set_header X-Real-IP $remote_addr;
# Set the hostname
proxy_set_header Host $host;
#Set the forwarded-for header.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#set the cache key
set $cache_key "$scheme://$host$request_uri ";
location / {
# If logged in, don't cache.
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}
# cache mobile devices separately
if ($http_user_agent ~* "(iphone|ipod|incognito|webmate|android|dream|cupcake|froyo|blackberry|mobile|webos|s8000|bada)" ) {
set $mobile "m";
}
# exclude iPad from mobile devices
if ($http_user_agent ~* "(ipad)" ) {
set $mobile "";
}
proxy_cache_key "$cache_key$mobile$do_not_cache";
proxy_cache staticfilecache;
proxy_pass http://wordpressapache;
}
location ~* wp\-.*\.php|wp\-admin {
# Don't static file cache admin-looking things.
proxy_pass http://wordpressapache;
}
# For the Nginx Proxy Cache Purge plugin
location ~ /purge(/.*) {
proxy_cache_purge staticfilecache "$scheme://$host$1 ";
}
location ~ /mobilepurge(/.*) {
proxy_cache_purge staticfilecache "$scheme://$host$1 m";
}
location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
# Cache static-looking files for 120 minutes, setting a 10 day expiry time in the HTTP header,
# whether logged in or not (may be too heavy-handed).
expires 864000;
proxy_pass http://wordpressapache;
proxy_cache staticfilecache;
}
location ~* \/[^\/]+\/(feed|\.xml)\/? {
# Cache RSS looking feeds for 45 minutes unless logged in.
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}
# cache mobile devices separately
if ($http_user_agent ~* "(iphone|ipod|incognito|webmate|android|dream|cupcake|froyo|blackberry|mobile|webos|s8000|bada)" ) {
set $mobile "m";
}
# exclude iPad from mobile devices
if ($http_user_agent ~* "(ipad)" ) {
set $mobile "";
}
proxy_cache_key "$cache_key$mobile$do_not_cache";
proxy_cache staticfilecache;
proxy_pass http://wordpressapache;
}
location = /50x.html {
root /var/www/nginx-default;
}
# No access to .htaccess files.
location ~ /\.ht {
deny all;
}
}
# HTTPS server
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/www.crt;
ssl_certificate_key /etc/ssl/private/www.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers ALL:!ADH:!EXPORT56:!LOW:!EXP:!aNULL:!eNULL:RC4+RSA:+HIGH:+MEDIUM:+SSLv3;
ssl_prefer_server_ciphers on;
proxy_cache_valid 200 30m;
access_log /var/log/nginx/access.log combined;
# Set the real IP.
proxy_set_header X-Real-IP $remote_addr;
# Set the hostname
proxy_set_header Host $host;
#Set the forwarded-for header.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#set the cache key
set $cache_key "$scheme://$host$request_uri ";
location / {
# If logged in, don't cache.
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}
proxy_cache_key "$cache_key$do_not_cache";
proxy_cache staticfilecache;
proxy_pass http://wordpressapache;
}
location ~* wp\-.*\.php|wp\-admin {
# Don't static file cache admin-looking things.
proxy_pass http://wordpressapache;
}
location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
# Cache static-looking files for 120 minutes, setting a 10 day expiry time in the HTTP header,
# whether logged in or not (may be too heavy-handed).
expires 864000;
proxy_pass http://wordpressapache;
proxy_cache staticfilecache;
}
location ~* \/[^\/]+\/(feed|\.xml)\/? {
# Cache RSS looking feeds for 45 minutes unless logged in.
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}
proxy_cache_key "$cache_key$do_not_cache";
proxy_cache staticfilecache;
proxy_pass http://wordpressapache;
}
# For the Nginx Proxy Cache Purge plugin
location ~ /purge(/.*) {
proxy_cache_purge staticfilecache "$scheme://$host$1 ";
}
location = /50x.html {
root /var/www/nginx-default;
}
# No access to .htaccess files.
location ~ /\.ht {
deny all;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment