Created
July 2, 2018 11:21
-
-
Save kirtangajjar/e4ffaf95f82042750f78e319c1c237f0 to your computer and use it in GitHub Desktop.
Config file for single wpredis site on ee3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # configuration file /etc/nginx/nginx.conf: | |
| user www-data; | |
| worker_processes auto; | |
| worker_rlimit_nofile 100000; | |
| pid /run/nginx.pid; | |
| events { | |
| worker_connections 4096; | |
| multi_accept on; | |
| } | |
| http { | |
| ## | |
| # EasyEngine Settings | |
| ## | |
| sendfile on; | |
| tcp_nopush on; | |
| tcp_nodelay on; | |
| keepalive_timeout 30; | |
| types_hash_max_size 2048; | |
| server_tokens off; | |
| reset_timedout_connection on; | |
| add_header X-Powered-By "EasyEngine 3.8.1"; | |
| add_header rt-Fastcgi-Cache $upstream_cache_status; | |
| # Limit Request | |
| limit_req_status 403; | |
| limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; | |
| # Proxy Settings | |
| # set_real_ip_from proxy-server-ip; | |
| # real_ip_header X-Forwarded-For; | |
| fastcgi_read_timeout 300; | |
| client_max_body_size 100m; | |
| ## | |
| # SSL Settings | |
| ## | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 10m; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHADHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!ECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ## | |
| # Basic Settings | |
| ## | |
| # server_names_hash_bucket_size 64; | |
| # server_name_in_redirect off; | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| ## | |
| # Logging Settings | |
| ## | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log; | |
| # Log format Settings | |
| log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' | |
| '$http_host "$request" $status $body_bytes_sent ' | |
| '"$http_referer" "$http_user_agent"'; | |
| ## | |
| # Gzip Settings | |
| ## | |
| gzip on; | |
| gzip_disable "msie6"; | |
| gzip_vary on; | |
| gzip_proxied any; | |
| gzip_comp_level 6; | |
| gzip_buffers 16 8k; | |
| gzip_http_version 1.1; | |
| gzip_types | |
| application/atom+xml | |
| application/javascript | |
| application/json | |
| application/rss+xml | |
| application/vnd.ms-fontobject | |
| application/x-font-ttf | |
| application/x-web-app-manifest+json | |
| application/xhtml+xml | |
| application/xml | |
| font/opentype | |
| image/svg+xml | |
| image/x-icon | |
| text/css | |
| text/plain | |
| text/x-component | |
| text/xml | |
| text/javascript; | |
| ## | |
| # Virtual Host Configs | |
| ## | |
| include /etc/nginx/conf.d/*.conf; | |
| include /etc/nginx/sites-enabled/*; | |
| } | |
| #mail { | |
| # # See sample authentication script at: | |
| # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript | |
| # | |
| # # auth_http localhost/auth.php; | |
| # # pop3_capabilities "TOP" "USER"; | |
| # # imap_capabilities "IMAP4rev1" "UIDPLUS"; | |
| # | |
| # server { | |
| # listen localhost:110; | |
| # protocol pop3; | |
| # proxy on; | |
| # } | |
| # | |
| # server { | |
| # listen localhost:143; | |
| # protocol imap; | |
| # proxy on; | |
| # } | |
| #} | |
| # configuration file /etc/nginx/mime.types: | |
| types { | |
| text/html html htm shtml; | |
| text/css css; | |
| text/xml xml; | |
| image/gif gif; | |
| image/jpeg jpeg jpg; | |
| application/javascript js; | |
| application/atom+xml atom; | |
| application/rss+xml rss; | |
| text/mathml mml; | |
| text/plain txt; | |
| text/vnd.sun.j2me.app-descriptor jad; | |
| text/vnd.wap.wml wml; | |
| text/x-component htc; | |
| image/png png; | |
| image/tiff tif tiff; | |
| image/vnd.wap.wbmp wbmp; | |
| image/x-icon ico; | |
| image/x-jng jng; | |
| image/x-ms-bmp bmp; | |
| image/svg+xml svg svgz; | |
| image/webp webp; | |
| application/font-woff woff; | |
| application/java-archive jar war ear; | |
| application/json json; | |
| application/mac-binhex40 hqx; | |
| application/msword doc; | |
| application/pdf pdf; | |
| application/postscript ps eps ai; | |
| application/rtf rtf; | |
| application/vnd.apple.mpegurl m3u8; | |
| application/vnd.ms-excel xls; | |
| application/vnd.ms-fontobject eot; | |
| application/vnd.ms-powerpoint ppt; | |
| application/vnd.wap.wmlc wmlc; | |
| application/vnd.google-earth.kml+xml kml; | |
| application/vnd.google-earth.kmz kmz; | |
| application/x-7z-compressed 7z; | |
| application/x-cocoa cco; | |
| application/x-java-archive-diff jardiff; | |
| application/x-java-jnlp-file jnlp; | |
| application/x-makeself run; | |
| application/x-perl pl pm; | |
| application/x-pilot prc pdb; | |
| application/x-rar-compressed rar; | |
| application/x-redhat-package-manager rpm; | |
| application/x-sea sea; | |
| application/x-shockwave-flash swf; | |
| application/x-stuffit sit; | |
| application/x-tcl tcl tk; | |
| application/x-x509-ca-cert der pem crt; | |
| application/x-xpinstall xpi; | |
| application/xhtml+xml xhtml; | |
| application/xspf+xml xspf; | |
| application/zip zip; | |
| application/octet-stream bin exe dll; | |
| application/octet-stream deb; | |
| application/octet-stream dmg; | |
| application/octet-stream iso img; | |
| application/octet-stream msi msp msm; | |
| application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; | |
| application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; | |
| application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; | |
| audio/midi mid midi kar; | |
| audio/mpeg mp3; | |
| audio/ogg ogg; | |
| audio/x-m4a m4a; | |
| audio/x-realaudio ra; | |
| video/3gpp 3gpp 3gp; | |
| video/mp2t ts; | |
| video/mp4 mp4; | |
| video/mpeg mpeg mpg; | |
| video/quicktime mov; | |
| video/webm webm; | |
| video/x-flv flv; | |
| video/x-m4v m4v; | |
| video/x-mng mng; | |
| video/x-ms-asf asx asf; | |
| video/x-ms-wmv wmv; | |
| video/x-msvideo avi; | |
| } | |
| # configuration file /etc/nginx/conf.d/blockips.conf: | |
| # Block IP Address | |
| # deny 1.1.1.1; | |
| # configuration file /etc/nginx/conf.d/fastcgi.conf: | |
| # FastCGI cache settings | |
| fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m inactive=60m; | |
| fastcgi_cache_key "$scheme$request_method$host$request_uri"; | |
| fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503; | |
| fastcgi_cache_valid 200 301 302 404 1h; | |
| fastcgi_buffers 16 16k; | |
| fastcgi_buffer_size 32k; | |
| fastcgi_param SERVER_NAME $http_host; | |
| fastcgi_ignore_headers Cache-Control Expires Set-Cookie; | |
| fastcgi_keep_conn on; | |
| # configuration file /etc/nginx/conf.d/redis.conf: | |
| # Log format Settings | |
| log_format rt_cache_redis '$remote_addr $upstream_response_time $srcache_fetch_status [$time_local] ' | |
| '$http_host "$request" $status $body_bytes_sent ' | |
| '"$http_referer" "$http_user_agent"'; | |
| # configuration file /etc/nginx/conf.d/upstream.conf: | |
| # Common upstream settings | |
| upstream php { | |
| # server unix:/run/php5-fpm.sock; | |
| server 127.0.0.1:9000; | |
| } | |
| upstream debug { | |
| # Debug Pool | |
| server 127.0.0.1:9001; | |
| } | |
| upstream redis { | |
| server 127.0.0.1:6379; | |
| keepalive 10; | |
| } | |
| # configuration file /etc/nginx/sites-enabled/22222: | |
| # EasyEngine admin NGINX CONFIGURATION | |
| server { | |
| listen 22222 default_server ssl http2; | |
| access_log /var/log/nginx/22222.access.log rt_cache; | |
| error_log /var/log/nginx/22222.error.log; | |
| ssl_certificate /var/www/22222/cert/22222.crt; | |
| ssl_certificate_key /var/www/22222/cert/22222.key; | |
| # Force HTTP to HTTPS | |
| error_page 497 =200 https://$host:22222$request_uri; | |
| root /var/www/22222/htdocs; | |
| index index.php index.htm index.html; | |
| # Turn on directory listing | |
| autoindex on; | |
| # HTTP Authentication on port 22222 | |
| include common/acl.conf; | |
| location / { | |
| try_files $uri $uri/ /index.php?$args; | |
| } | |
| # Display menu at location /fpm/status/ | |
| location = /fpm/status/ {} | |
| location ~ /fpm/status/(.*) { | |
| try_files $uri =404; | |
| include fastcgi_params; | |
| fastcgi_param SCRIPT_NAME /status; | |
| fastcgi_pass $1; | |
| } | |
| location ~ \.php$ { | |
| try_files $uri =404; | |
| include fastcgi_params; | |
| fastcgi_pass php; | |
| } | |
| # ViMbAdmin Rules | |
| location = /vimbadmin/ { | |
| return 301 $scheme://$host:22222/vimbadmin/public/; | |
| } | |
| location ~* \.(js|css|jpg|gif|png)$ { | |
| root /var/www/22222/htdocs/; | |
| } | |
| location ~* /vimbadmin/public/(.*)/(.*) { | |
| root /var/www/22222/htdocs/vimbadmin/public; | |
| try_files $uri $uri/ /vimbadmin/public/index.php?$args; | |
| } | |
| location ~* /vimbadmin/public/(.*) { | |
| root /var/www/22222/htdocs/vimbadmin/public; | |
| try_files $uri $uri/ /vimbadmin/public/index.php?$args; | |
| } | |
| } | |
| # configuration file /etc/nginx/common/acl.conf: | |
| # EasyEngine (ee) protect locations using | |
| # HTTP authentication || IP address | |
| satisfy any; | |
| auth_basic "Restricted Area"; | |
| auth_basic_user_file htpasswd-ee; | |
| # Allowed IP Address List | |
| allow 127.0.0.1; | |
| deny all; | |
| # configuration file /etc/nginx/fastcgi_params: | |
| fastcgi_param QUERY_STRING $query_string; | |
| fastcgi_param REQUEST_METHOD $request_method; | |
| fastcgi_param CONTENT_TYPE $content_type; | |
| fastcgi_param CONTENT_LENGTH $content_length; | |
| fastcgi_param SCRIPT_FILENAME $request_filename; | |
| fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
| fastcgi_param REQUEST_URI $request_uri; | |
| fastcgi_param DOCUMENT_URI $document_uri; | |
| fastcgi_param DOCUMENT_ROOT $document_root; | |
| fastcgi_param SERVER_PROTOCOL $server_protocol; | |
| fastcgi_param HTTPS $https if_not_empty; | |
| fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |
| fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; | |
| fastcgi_param REMOTE_ADDR $remote_addr; | |
| fastcgi_param REMOTE_PORT $remote_port; | |
| fastcgi_param SERVER_ADDR $server_addr; | |
| fastcgi_param SERVER_PORT $server_port; | |
| fastcgi_param SERVER_NAME $server_name; | |
| # PHP only, required if PHP was built with --enable-force-cgi-redirect | |
| fastcgi_param REDIRECT_STATUS 200; | |
| # To fix CGI application vulnerability - https://httpoxy.org | |
| fastcgi_param HTTP_PROXY ""; | |
| # configuration file /etc/nginx/sites-enabled/abc.com: | |
| server { | |
| server_name abc.com www.abc.com; | |
| access_log /var/log/nginx/abc.com.access.log rt_cache_redis; | |
| error_log /var/log/nginx/abc.com.error.log; | |
| root /var/www/abc.com/htdocs; | |
| index index.php index.html index.htm; | |
| include common/redis.conf; | |
| include common/wpcommon.conf; | |
| include common/locations.conf; | |
| include /var/www/abc.com/conf/nginx/*.conf; | |
| } | |
| # configuration file /etc/nginx/common/redis.conf: | |
| # Redis NGINX CONFIGURATION | |
| # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) | |
| set $skip_cache 0; | |
| # POST requests and URL with a query string should always go to php | |
| if ($request_method = POST) { | |
| set $skip_cache 1; | |
| } | |
| if ($query_string != "") { | |
| set $skip_cache 1; | |
| } | |
| # Don't cache URL containing the following segments | |
| if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { | |
| set $skip_cache 1; | |
| } | |
| # Don't use the cache for logged in users or recent commenter or customer with items in cart | |
| if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { | |
| set $skip_cache 1; | |
| } | |
| # Use cached or actual file if they exists, Otherwise pass request to WordPress | |
| location / { | |
| try_files $uri $uri/ /index.php?$args; | |
| } | |
| location /redis-fetch { | |
| internal ; | |
| set $redis_key $args; | |
| redis_pass redis; | |
| } | |
| location /redis-store { | |
| internal ; | |
| set_unescape_uri $key $arg_key ; | |
| redis2_query set $key $echo_request_body; | |
| redis2_query expire $key 14400; | |
| redis2_pass redis; | |
| } | |
| location ~ \.php$ { | |
| set $key "nginx-cache:$scheme$request_method$host$request_uri"; | |
| try_files $uri =404; | |
| srcache_fetch_skip $skip_cache; | |
| srcache_store_skip $skip_cache; | |
| srcache_response_cache_control off; | |
| set_escape_uri $escaped_key $key; | |
| srcache_fetch GET /redis-fetch $key; | |
| srcache_store PUT /redis-store key=$escaped_key; | |
| more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; | |
| more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; | |
| include fastcgi_params; | |
| fastcgi_pass php; | |
| } | |
| # configuration file /etc/nginx/common/wpcommon.conf: | |
| # WordPress COMMON SETTINGS | |
| # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) | |
| # Limit access to avoid brute force attack | |
| location = /wp-login.php { | |
| limit_req zone=one burst=1 nodelay; | |
| include fastcgi_params; | |
| fastcgi_pass php; | |
| } | |
| # Disable wp-config.txt | |
| location = /wp-config.txt { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Disallow php in upload folder | |
| location /wp-content/uploads/ { | |
| location ~ \.php$ { | |
| #Prevent Direct Access Of PHP Files From Web Browsers | |
| deny all; | |
| } | |
| } | |
| # configuration file /etc/nginx/common/locations.conf: | |
| # NGINX CONFIGURATION FOR COMMON LOCATION | |
| # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) | |
| # Basic locations files | |
| location = /favicon.ico { | |
| access_log off; | |
| log_not_found off; | |
| expires max; | |
| } | |
| location = /robots.txt { | |
| # Some WordPress plugin gererate robots.txt file | |
| # Refer #340 issue | |
| try_files $uri $uri/ /index.php?$args; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Cache static files | |
| location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ { | |
| add_header "Access-Control-Allow-Origin" "*"; | |
| access_log off; | |
| log_not_found off; | |
| expires max; | |
| } | |
| # Security settings for better privacy | |
| # Deny hidden files | |
| location ~ /\.well-known { | |
| allow all; | |
| } | |
| location ~ /\. { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Deny backup extensions & log files | |
| location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) | |
| if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") { | |
| return 403; | |
| } | |
| # Status pages | |
| location = /nginx_status { | |
| stub_status on; | |
| access_log off; | |
| include common/acl.conf; | |
| } | |
| location ~ ^/(status|ping)$ { | |
| include fastcgi_params; | |
| fastcgi_pass php; | |
| include common/acl.conf; | |
| } | |
| # EasyEngine (ee) utilities | |
| # phpMyAdmin settings | |
| location = /pma { | |
| return 301 https://$host:22222/db/pma; | |
| } | |
| location = /phpMyAdmin { | |
| return 301 https://$host:22222/db/pma; | |
| } | |
| location = /phpmyadmin { | |
| return 301 https://$host:22222/db/pma; | |
| } | |
| # Adminer settings | |
| location = /adminer { | |
| return 301 https://$host:22222/db/adminer; | |
| } | |
| # configuration file /etc/nginx/sites-enabled/default: | |
| ## | |
| # You should look at the following URL's in order to grasp a solid understanding | |
| # of Nginx configuration files in order to fully unleash the power of Nginx. | |
| # http://wiki.nginx.org/Pitfalls | |
| # http://wiki.nginx.org/QuickStart | |
| # http://wiki.nginx.org/Configuration | |
| # | |
| # Generally, you will want to move this file somewhere, and start with a clean | |
| # file but keep this around for reference. Or just disable in sites-enabled. | |
| # | |
| # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. | |
| ## | |
| # Default server configuration | |
| # | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| # SSL configuration | |
| # | |
| # listen 443 ssl default_server; | |
| # listen [::]:443 ssl default_server; | |
| # | |
| # Self signed certs generated by the ssl-cert package | |
| # Don't use them in a production server! | |
| # include snippets/snakeoil.conf; | |
| # | |
| # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE | |
| # ssl_ciphers HIGH:!aNULL:!MD5; | |
| # ssl_prefer_server_ciphers on; | |
| root /var/www/html; | |
| # Add index.php to the list if you are using PHP | |
| index index.html index.htm index.nginx-debian.html; | |
| server_name _; | |
| location / { | |
| # First attempt to serve request as file, then | |
| # as directory, then fall back to displaying a 404. | |
| try_files $uri $uri/ =404; | |
| } | |
| # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
| # | |
| #location ~ \.php$ { | |
| # include snippets/fastcgi-php.conf; | |
| # | |
| # # With php5-cgi alone: | |
| # fastcgi_pass 127.0.0.1:9000; | |
| # # With php5-fpm: | |
| # fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| #} | |
| # deny access to .htaccess files, if Apache's document root | |
| # concurs with nginx's one | |
| # | |
| #location ~ /\.ht { | |
| # | |
| # You can move that to a different file under sites-available/ and symlink that | |
| # to sites-enabled/ to enable it. | |
| # | |
| #server { | |
| # listen 80; | |
| # listen [::]:80; | |
| # | |
| # server_name example.com; | |
| # | |
| # root /var/www/example.com; | |
| # index index.html; | |
| # | |
| # location / { | |
| # try_files $uri $uri/ =404; | |
| # } | |
| #} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment