codescribblr/Nginx Wordpress Load Balanced Config.txt

## Nginx Wordpress Load Balanced Config.txt
This setup assumes that there is a valid ssl setup on both servers (same certificate on both).
It also assumes that there is a 3rd server setup to handle mysql all by itself.
The web01 server is the main server. It will handle all the files and wordpress updates. The only writes to the db will be done from this server.
All requests to wp-admin will be handled by this one server.
Web02 is simply a carbon copy (via lsyncd).
db01 is a mysql only server that handles the db remotely.
The load balancer from Digital Ocean serves traffic to both/all servers. It forwards all traffic from port 80 and 443 to the same ports on the 2 web machines.

## web01.lsyncd.conf.lua
settings {
   logfile    = "/var/log/lsyncd/lsyncd.log",
   statusFile = "/var/log/lsyncd/lsyncd-status.log",
   statusInterval = 20
}
servers = {
 "10.209.133.65"
}

for _, server in ipairs(servers) do
sync {
    default.rsyncssh,
    source="/var/www/",
    host=server,
    targetdir="/var/www/",
    rsync = {
     archive = true,
     acls = true,
     verbose = true,
     rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"
   },
}
end

---[[
remote_servers = {
 "138.197.6.115"
}

for _, server in ipairs(remote_servers) do
sync {
    default.rsyncssh,
    source="/var/www/vhosts/cuinsight.com/wp-content/uploads/",
    host=server,
    targetdir="/home/cuinsight/webapps/cuinsight/public/wp-content/uploads/",
    rsync = {
     archive = true,
     acls = true,
     verbose = true,
     rsh = "/usr/bin/ssh -p 22 -l cuinsight -i /home/cuinsight/.ssh/id_rsa -o StrictHostKeyChecking=no"
   },
}
end
--]]

## web01.site-name.nginx.conf
upstream backend {
 # ip_hash;
  server 10.132.24.204;
}
upstream frontend {
  server 10.132.24.204;
  server 10.132.7.238;
}
server {

  root /var/www/kinderup.com/public/;
  index index.php index.html;

  server_name kinderup.com;
  charset utf-8;
 # proxy_set_header Host $http_host;

  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location ~* \.(?:css|js)$ {
    expires 1y;
    add_header Cache-Control "public";
  }

  location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;

    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    fastcgi_intercept_errors on;
  }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/kinderup.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/kinderup.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
  listen 443;
  listen [::]:443;

  root /var/www/kinderup.com/public/;
  index index.php index.html;

  server_name kinderup.com;
  charset utf-8;

  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location ~* \.(?:css|js)$ {
    expires 1y;
    add_header Cache-Control "public";
  }

  location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;

    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    fastcgi_intercept_errors on;
  }
}

server {
    if ($host = kinderup.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;

  server_name kinderup.com;
    return 404; # managed by Certbot


}

## web02.site-name.nginx.conf
upstream backend {
 # ip_hash;
  server 10.132.24.204;
}
upstream frontend {
  server 10.132.24.204;
  server 10.132.7.238;
}
server {

  root /var/www/kinderup.com/public/;
  index index.php index.html;

  server_name kinderup.com;
  charset utf-8;
 # proxy_set_header Host $http_host;

  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location ~* \.(?:css|js)$ {
    expires 1y;
    add_header Cache-Control "public";
  }

  location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;

    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    fastcgi_intercept_errors on;
  }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/kinderup.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/kinderup.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
  listen 443;
  listen [::]:443;

  root /var/www/kinderup.com/public/;
  index index.php index.html;

  server_name kinderup.com;
  charset utf-8;

  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location ~* \.(?:css|js)$ {
    expires 1y;
    add_header Cache-Control "public";
  }

  location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;

    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    fastcgi_intercept_errors on;
  }
}

server {
    if ($host = kinderup.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;

  server_name kinderup.com;
    return 404; # managed by Certbot


}
	This setup assumes that there is a valid ssl setup on both servers (same certificate on both).
	It also assumes that there is a 3rd server setup to handle mysql all by itself.
	The web01 server is the main server. It will handle all the files and wordpress updates. The only writes to the db will be done from this server.
	All requests to wp-admin will be handled by this one server.
	Web02 is simply a carbon copy (via lsyncd).
	db01 is a mysql only server that handles the db remotely.
	The load balancer from Digital Ocean serves traffic to both/all servers. It forwards all traffic from port 80 and 443 to the same ports on the 2 web machines.
	settings {
	logfile = "/var/log/lsyncd/lsyncd.log",
	statusFile = "/var/log/lsyncd/lsyncd-status.log",
	statusInterval = 20
	}
	servers = {
	"10.209.133.65"
	}

	for _, server in ipairs(servers) do
	sync {
	default.rsyncssh,
	source="/var/www/",
	host=server,
	targetdir="/var/www/",
	rsync = {
	archive = true,
	acls = true,
	verbose = true,
	rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"
	},
	}
	end

	---[[
	remote_servers = {
	"138.197.6.115"
	}

	for _, server in ipairs(remote_servers) do
	sync {
	default.rsyncssh,
	source="/var/www/vhosts/cuinsight.com/wp-content/uploads/",
	host=server,
	targetdir="/home/cuinsight/webapps/cuinsight/public/wp-content/uploads/",
	rsync = {
	archive = true,
	acls = true,
	verbose = true,
	rsh = "/usr/bin/ssh -p 22 -l cuinsight -i /home/cuinsight/.ssh/id_rsa -o StrictHostKeyChecking=no"
	},
	}
	end
	--]]
	upstream backend {
	# ip_hash;
	server 10.132.24.204;
	}
	upstream frontend {
	server 10.132.24.204;
	server 10.132.7.238;
	}
	server {

	root /var/www/kinderup.com/public/;
	index index.php index.html;

	server_name kinderup.com;
	charset utf-8;
	# proxy_set_header Host $http_host;

	location ~* \.(?:manifest\|appcache\|html?\|xml\|json)$ {
	expires -1;
	}

	location ~* \.(?:rss\|atom)$ {
	expires 1h;
	add_header Cache-Control "public";
	}

	location ~* \.(?:jpg\|jpeg\|gif\|png\|ico\|cur\|gz\|svg\|svgz\|mp4\|ogg\|ogv\|webm\|htc)$ {
	expires 1M;
	add_header Cache-Control "public";
	}

	location ~* \.(?:css\|js)$ {
	expires 1y;
	add_header Cache-Control "public";
	}

	location ~* \.(?:ttf\|ttc\|otf\|eot\|woff\|woff2)$ {
	expires 1M;
	add_header Cache-Control "public";
	}

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;

	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	fastcgi_intercept_errors on;
	}

	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/kinderup.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/kinderup.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	}

	server {
	listen 443;
	listen [::]:443;

	root /var/www/kinderup.com/public/;
	index index.php index.html;

	server_name kinderup.com;
	charset utf-8;

	location ~* \.(?:manifest\|appcache\|html?\|xml\|json)$ {
	expires -1;
	}

	location ~* \.(?:rss\|atom)$ {
	expires 1h;
	add_header Cache-Control "public";
	}

	location ~* \.(?:jpg\|jpeg\|gif\|png\|ico\|cur\|gz\|svg\|svgz\|mp4\|ogg\|ogv\|webm\|htc)$ {
	expires 1M;
	add_header Cache-Control "public";
	}

	location ~* \.(?:css\|js)$ {
	expires 1y;
	add_header Cache-Control "public";
	}

	location ~* \.(?:ttf\|ttc\|otf\|eot\|woff\|woff2)$ {
	expires 1M;
	add_header Cache-Control "public";
	}

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;

	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	fastcgi_intercept_errors on;
	}
	}

	server {
	if ($host = kinderup.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80;
	listen [::]:80;

	server_name kinderup.com;
	return 404; # managed by Certbot


	}