NGINX – HTTPS-Konfiguration
# Varnish Upstream with NGINX Fallback | |
upstream wordpress-varnish { | |
server 127.0.0.1:6081 weight=5 max_fails=1 fail_timeout=5s; | |
server 127.0.0.1:8080 backup; | |
} | |
# HTTPS Server | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name www.sitename.tld; | |
# SSL Configuration | |
ssl_certificate /etc/letsencrypt/live/www.sitename.tld/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/www.sitename.tld/privkey.pem; | |
# Whitelist | |
location ~ /wp-admin/admin-ajax\.php$ { | |
include snippets/proxy.conf; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_pass http://wordpress-varnish; | |
} | |
# Append trailing slash | |
location ~ ^/wp-admin$ { | |
rewrite ^([^.]*[^/])$ $1/ permanent; | |
} | |
# Password Protection | |
location ~ /wp-login\.php$|^/wp-admin|^/install|/readme\.html|/liesmich\.html|/license\.txt|/wp-activate\.php$|/wp-config\.php$|/wp-cron\.php$|/wp-login\.php$|/wp-settings\.php$|/wp-signup\.php$ { | |
auth_basic "Bitte anmelden"; | |
auth_basic_user_file /var/www/htpasswd/www.sitename.tld/.htpasswd; | |
include snippets/proxy.conf; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_pass http://wordpress-varnish; | |
} | |
location / { | |
include snippets/cache.conf; | |
include snippets/proxy.conf; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_pass http://wordpress-varnish; | |
} | |
} | |
# Varnish Server | |
server { | |
listen 8080; | |
listen [::]:8080; | |
server_name www.sitename.tld; | |
root /var/www/www.sitename.tld; | |
index index.php; | |
access_log off; | |
log_not_found off; | |
autoindex off; | |
error_page 403 =404; | |
gzip off; | |
location / { | |
try_files $uri $uri/ /index.php$is_args$args; | |
} | |
# PHP | |
location ~ \.php(/.*)?$ { | |
try_files $uri /index.php$is_args$args; | |
include snippets/fastcgi-php.conf; | |
} | |
# Avoid php readfile() | |
location ^~ /uploads { | |
internal; | |
alias /var/www/www.sitename.tld/wp-content/uploads ; | |
access_log off; | |
log_not_found off; | |
expires max; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment