k4mrul/Wordpress Nginx Config

## Wordpress Nginx Config
##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################
# /etc/nginx/wordpress.conf
#
# Contains a common configuration for use by nginx on a WordPress
# installation. This file should be included in any WordPress site
# nginx virtual host config located in sites-available  with the following line:
#
#       include                         /etc/nginx/wordpress.config;
#

# Attempt to rewrite wordpress in sub directory
rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;


location / {
    index                               index.php index.html;
    try_files                           $uri $uri/ /index.php?$args;
}

#############
# Specify a charset
############
        charset                         utf-8;

############
# GZIP
###########

        gzip                            off;

#############
# Add trailing slash to */wp-admin requests.
############

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;


############
# this prevents hidden files (beginning with a period) from being served
############

location ~ /\. {
        access_log                      off;
        log_not_found                   off;
        deny                            all;
}

###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########

        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log                      off;
        log_not_found                   off;
        expires                         max;
}

############
# Pass uploaded files to wp-includes/ms-files.php.
############

#       rewrite                         /files/$ /index.php last;

if ($uri !~ wp-content/plugins) {
        rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
}

# Rewrite multisite in a subdirectory '.../wp-.*' and '.../*.php'.
# if (!-e $request_filename) {
#    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
#}

# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;
    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) /wp$1 last;
    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ /wp$1 last;
}


############
# Pass all .php files onto a php-fpm or php-cgi server
############

location ~ \.php$ {

        # Try the files specified in order. In our case, try the requested URI and if
        # that fails, try (successfully) to pass a 404 error.
        # zero day exploit defense

        try_files                       $uri =404;

        # Include the fastcgi_params defaults provided by nginx

        include                         /etc/nginx/fastcgi_params;

        # The amount of time for upstream to wait for a fastcgi process to send data.
        # We keep this *extremely* high so that one can be lazy when remote debugging.

        fastcgi_read_timeout            3600s;

         # Buffer size for reading the header of the backend FastCGI process.
        # This defaults to the value of a single fastcgi_buffers, so does not
        # need to be specified in our case, but it's good to be explicit.

        fastcgi_buffer_size             128k;

        # The number and size of the buffers into which the reply from the FastCGI
        # process in the backend is read.
        #
        # 4 buffers at 128k means that any reply by FastCGI greater than 512k goes
        # to disk and replies under 512k are handled directly in memory.

        fastcgi_buffers                 4 128k;

        # SCRIPT_FILENAME is a required parameter for things to work properly,
        # but was missing in the default fastcgi_params on upgrade to nginx 1.4.
        # We define it here to be sure that it exists.

        fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;


 # Use the upstream for php5-fpm that we defined in nginx.conf

        fastcgi_pass                    unix:/var/run/php5-fpm.sock;

        # And get to serving the file!

        fastcgi_index                   index.php;
}


############
# ROBOTS
###########

        # location = /robots.txt {
        #       allow all;
        #       log_not_found off;
        #       access_log off;
        #}


############
# RESTRICTIONS
############

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
 deny all;
}
	##################################
	# WORDPRESS NGINX CONFIGURATIONS
	##################################
	# /etc/nginx/wordpress.conf
	#
	# Contains a common configuration for use by nginx on a WordPress
	# installation. This file should be included in any WordPress site
	# nginx virtual host config located in sites-available with the following line:
	#
	# include /etc/nginx/wordpress.config;
	#

	# Attempt to rewrite wordpress in sub directory
	rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php\|wp-[0-9a-z-]+\.php) /wp/$2;
	rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin\|content\|includes).*) /wp/$2;


	location / {
	index index.php index.html;
	try_files $uri $uri/ /index.php?$args;
	}

	#############
	# Specify a charset
	############
	charset utf-8;

	############
	# GZIP
	###########

	gzip off;

	#############
	# Add trailing slash to */wp-admin requests.
	############

	rewrite /wp-admin$ $scheme://$host$uri/ permanent;


	############
	# this prevents hidden files (beginning with a period) from being served
	############

	location ~ /\. {
	access_log off;
	log_not_found off;
	deny all;
	}

	###########
	# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
	###########

	location ~* ^.+.(xml\|ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|css\|rss\|atom\|js\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	access_log off;
	log_not_found off;
	expires max;
	}

	############
	# Pass uploaded files to wp-includes/ms-files.php.
	############

	# rewrite /files/$ /index.php last;

	if ($uri !~ wp-content/plugins) {
	rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
	}

	# Rewrite multisite in a subdirectory '.../wp-.' and '.../.php'.
	# if (!-e $request_filename) {
	# rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
	# rewrite ^/[_0-9a-zA-Z-]+.(/wp-admin/.\.php)$ $1 last;
	# rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
	#}

	# Rewrite multisite '.../wp-.' and '.../.php'.
	if (!-e $request_filename) {
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;
	rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) /wp$1 last;
	rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ /wp$1 last;
	}


	############
	# Pass all .php files onto a php-fpm or php-cgi server
	############

	location ~ \.php$ {

	# Try the files specified in order. In our case, try the requested URI and if
	# that fails, try (successfully) to pass a 404 error.
	# zero day exploit defense

	try_files $uri =404;

	# Include the fastcgi_params defaults provided by nginx

	include /etc/nginx/fastcgi_params;

	# The amount of time for upstream to wait for a fastcgi process to send data.
	# We keep this extremely high so that one can be lazy when remote debugging.

	fastcgi_read_timeout 3600s;

	# Buffer size for reading the header of the backend FastCGI process.
	# This defaults to the value of a single fastcgi_buffers, so does not
	# need to be specified in our case, but it's good to be explicit.

	fastcgi_buffer_size 128k;

	# The number and size of the buffers into which the reply from the FastCGI
	# process in the backend is read.
	#
	# 4 buffers at 128k means that any reply by FastCGI greater than 512k goes
	# to disk and replies under 512k are handled directly in memory.

	fastcgi_buffers 4 128k;

	# SCRIPT_FILENAME is a required parameter for things to work properly,
	# but was missing in the default fastcgi_params on upgrade to nginx 1.4.
	# We define it here to be sure that it exists.

	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;


	# Use the upstream for php5-fpm that we defined in nginx.conf

	fastcgi_pass unix:/var/run/php5-fpm.sock;

	# And get to serving the file!

	fastcgi_index index.php;
	}


	############
	# ROBOTS
	###########

	# location = /robots.txt {
	# allow all;
	# log_not_found off;
	# access_log off;
	#}


	############
	# RESTRICTIONS
	############

	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}