kjprince/Wordpress Nginx Config

## 2 changes: 1 addition & 1 deletion Wordpress Nginx Config
@@ -52,7 +52,7 @@ location ~ /\. {

    # SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING

    ###########
###########


            location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|$
        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|$

            location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {

            access_log                      off;
        access_log                      off;

            log_not_found                   off;
        log_not_found                   off;

            expires                         max;
        expires                         max;


## 6 changes: 4 additions & 2 deletions Wordpress Nginx Config
@@ -1,5 +1,6 @@

    ############
############

    #
#

    ##################################
##################################

    # WORDPRESS NGINX CONFIGURATIONS
# WORDPRESS NGINX CONFIGURATIONS

    ##################################
##################################

    # /etc/nginx/wordpress.conf
# /etc/nginx/wordpress.conf

    #
#

    # Contains a common configuration for use by nginx on a WordPress
# Contains a common configuration for use by nginx on a WordPress
@@ -9,6 +10,7 @@

    #       include                         /etc/nginx/wordpress.config;
#       include                         /etc/nginx/wordpress.config;

    #
#


    # Attempt to rewrite wordpress in sub directory
# Attempt to rewrite wordpress in sub directory

    rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;

    rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;


## 4 changes: 2 additions & 2 deletions Wordpress Nginx Config
@@ -1,12 +1,12 @@

    ############
############

    #
#

    # nginx-wp-common.conf
# nginx-wp-common.conf

    # /etc/nginx/wordpress.conf
# /etc/nginx/wordpress.conf

    #
#

    # Contains a common configuration for use by nginx on a WordPress
# Contains a common configuration for use by nginx on a WordPress

    # installation. This file should be included in any WordPress site
# installation. This file should be included in any WordPress site

    # nginx virtual host config located in sites-available  with the following line:
# nginx virtual host config located in sites-available  with the following line:

    #
#

    #       include                         /etc/nginx/wp-common.config;
#       include                         /etc/nginx/wp-common.config;

    #       include                         /etc/nginx/wordpress.config;
#       include                         /etc/nginx/wordpress.config;

    #
#


    rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;


## 159 changes: 159 additions & 0 deletions Wordpress Nginx Config
@@ -0,0 +1,159 @@

    ############
############

    #
#

    # nginx-wp-common.conf
# nginx-wp-common.conf

    #
#

    # Contains a common configuration for use by nginx on a WordPress
# Contains a common configuration for use by nginx on a WordPress

    # installation. This file should be included in any WordPress site
# installation. This file should be included in any WordPress site

    # nginx virtual host config located in sites-available  with the following line:
# nginx virtual host config located in sites-available  with the following line:

    #
#

    #       include                         /etc/nginx/wp-common.config;
#       include                         /etc/nginx/wp-common.config;

    #
#


    rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;

    rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;


    location / {
location / {

        index                               index.php index.html;
    index                               index.php index.html;

        try_files                           $uri $uri/ /index.php?$args;
    try_files                           $uri $uri/ /index.php?$args;

    }
}


    #############
#############

    # Specify a charset
# Specify a charset

    ############
############

            charset                         utf-8;
        charset                         utf-8;


    ############
############

    # GZIP
# GZIP

    ###########
###########


            gzip                            off;
        gzip                            off;


    #############
#############

    # Add trailing slash to */wp-admin requests.
# Add trailing slash to */wp-admin requests.

    ############
############


            rewrite /wp-admin$ $scheme://$host$uri/ permanent;
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;


    ############
############

    # this prevents hidden files (beginning with a period) from being served
# this prevents hidden files (beginning with a period) from being served

    ############
############


    location ~ /\. {
location ~ /\. {

            access_log                      off;
        access_log                      off;

            log_not_found                   off;
        log_not_found                   off;

            deny                            all;
        deny                            all;

    }
}


    ###########
###########

    # SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING

    ###########
###########


            location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|$
        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|$

            access_log                      off;
        access_log                      off;

            log_not_found                   off;
        log_not_found                   off;

            expires                         max;
        expires                         max;

    }
}


    ############
############

    # Pass uploaded files to wp-includes/ms-files.php.
# Pass uploaded files to wp-includes/ms-files.php.

    ############
############


    #       rewrite                         /files/$ /index.php last;
#       rewrite                         /files/$ /index.php last;


    if ($uri !~ wp-content/plugins) {
if ($uri !~ wp-content/plugins) {

            rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
        rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;

    }
}


    # Rewrite multisite in a subdirectory '.../wp-.*' and '.../*.php'.
# Rewrite multisite in a subdirectory '.../wp-.*' and '.../*.php'.

    # if (!-e $request_filename) {
# if (!-e $request_filename) {

    #    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;

    #    rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last;

    #    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;

    #}
#}


    # Rewrite multisite '.../wp-.*' and '.../*.php'.
# Rewrite multisite '.../wp-.*' and '.../*.php'.

    if (!-e $request_filename) {
if (!-e $request_filename) {

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

        rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) /wp$1 last;
    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) /wp$1 last;

        rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ /wp$1 last;
    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ /wp$1 last;

    }
}


    ############
############

    # Pass all .php files onto a php-fpm or php-cgi server
# Pass all .php files onto a php-fpm or php-cgi server

    ############
############


    location ~ \.php$ {
location ~ \.php$ {


            # Try the files specified in order. In our case, try the requested URI and if
        # Try the files specified in order. In our case, try the requested URI and if

            # that fails, try (successfully) to pass a 404 error.
        # that fails, try (successfully) to pass a 404 error.

            # zero day exploit defense
        # zero day exploit defense


            try_files                       $uri =404;
        try_files                       $uri =404;


            # Include the fastcgi_params defaults provided by nginx
        # Include the fastcgi_params defaults provided by nginx


            include                         /etc/nginx/fastcgi_params;
        include                         /etc/nginx/fastcgi_params;


            # The amount of time for upstream to wait for a fastcgi process to send data.
        # The amount of time for upstream to wait for a fastcgi process to send data.

            # We keep this *extremely* high so that one can be lazy when remote debugging.
        # We keep this *extremely* high so that one can be lazy when remote debugging.


            fastcgi_read_timeout            3600s;
        fastcgi_read_timeout            3600s;


             # Buffer size for reading the header of the backend FastCGI process.
         # Buffer size for reading the header of the backend FastCGI process.

            # This defaults to the value of a single fastcgi_buffers, so does not
        # This defaults to the value of a single fastcgi_buffers, so does not

            # need to be specified in our case, but it's good to be explicit.
        # need to be specified in our case, but it's good to be explicit.


            fastcgi_buffer_size             128k;
        fastcgi_buffer_size             128k;


            # The number and size of the buffers into which the reply from the FastCGI
        # The number and size of the buffers into which the reply from the FastCGI

            # process in the backend is read.
        # process in the backend is read.

            #
        #

            # 4 buffers at 128k means that any reply by FastCGI greater than 512k goes
        # 4 buffers at 128k means that any reply by FastCGI greater than 512k goes

            # to disk and replies under 512k are handled directly in memory.
        # to disk and replies under 512k are handled directly in memory.


            fastcgi_buffers                 4 128k;
        fastcgi_buffers                 4 128k;


            # SCRIPT_FILENAME is a required parameter for things to work properly,
        # SCRIPT_FILENAME is a required parameter for things to work properly,

            # but was missing in the default fastcgi_params on upgrade to nginx 1.4.
        # but was missing in the default fastcgi_params on upgrade to nginx 1.4.

            # We define it here to be sure that it exists.
        # We define it here to be sure that it exists.


            fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;


     # Use the upstream for php5-fpm that we defined in nginx.conf
 # Use the upstream for php5-fpm that we defined in nginx.conf


            fastcgi_pass                    unix:/var/run/php5-fpm.sock;
        fastcgi_pass                    unix:/var/run/php5-fpm.sock;


            # And get to serving the file!
        # And get to serving the file!


            fastcgi_index                   index.php;
        fastcgi_index                   index.php;

    }
}


    ############
############

    # ROBOTS
# ROBOTS

    ###########
###########


            # location = /robots.txt {
        # location = /robots.txt {

            #       allow all;
        #       allow all;

            #       log_not_found off;
        #       log_not_found off;

            #       access_log off;
        #       access_log off;

            #}
        #}


    ############
############

    # RESTRICTIONS
# RESTRICTIONS

    ############
############


    # Deny access to any files with a .php extension in the uploads directory
# Deny access to any files with a .php extension in the uploads directory

    # Works in sub-directory installs and also in multisite network
# Works in sub-directory installs and also in multisite network

    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)

    location ~* /(?:uploads|files)/.*\.php$ {
location ~* /(?:uploads|files)/.*\.php$ {

     deny all;
 deny all;

    }
}