Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
NGINX – HTTPS-Konfiguration
# Varnish Upstream with NGINX Fallback
upstream wordpress-varnish {
server 127.0.0.1:6081 weight=5 max_fails=1 fail_timeout=5s;
server 127.0.0.1:8080 backup;
}
# HTTPS Server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.sitename.tld;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/www.sitename.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.sitename.tld/privkey.pem;
# Whitelist
location ~ /wp-admin/admin-ajax\.php$ {
include snippets/proxy.conf;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://wordpress-varnish;
}
# Append trailing slash
location ~ ^/wp-admin$ {
rewrite ^([^.]*[^/])$ $1/ permanent;
}
# Password Protection
location ~ /wp-login\.php$|^/wp-admin|^/install|/readme\.html|/liesmich\.html|/license\.txt|/wp-activate\.php$|/wp-config\.php$|/wp-cron\.php$|/wp-login\.php$|/wp-settings\.php$|/wp-signup\.php$ {
auth_basic "Bitte anmelden";
auth_basic_user_file /var/www/htpasswd/www.sitename.tld/.htpasswd;
include snippets/proxy.conf;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://wordpress-varnish;
}
location / {
include snippets/cache.conf;
include snippets/proxy.conf;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://wordpress-varnish;
}
}
# Varnish Server
server {
listen 8080;
listen [::]:8080;
server_name www.sitename.tld;
root /var/www/www.sitename.tld;
index index.php;
access_log off;
log_not_found off;
autoindex off;
error_page 403 =404;
gzip off;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# PHP
location ~ \.php(/.*)?$ {
try_files $uri /index.php$is_args$args;
include snippets/fastcgi-php.conf;
}
# Avoid php readfile()
location ^~ /uploads {
internal;
alias /var/www/www.sitename.tld/wp-content/uploads ;
access_log off;
log_not_found off;
expires max;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment