Created
October 5, 2017 09:39
-
-
Save marcinkieruzel/9c2a00093afe8b5c5ff930fcc8b44a4f to your computer and use it in GitHub Desktop.
Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GNU nano 2.2.6 File: szkoly.superkoderzy.pl | |
map $http_host $blogid { | |
default 0; | |
include /var/www/superkoderzytest/wp-content/uploads/nginx-helper/map.conf; | |
} | |
server { | |
listen 80; | |
listen [::]:80; | |
client_max_body_size 20M; | |
server_name szkoly.superkoderzy.pl; | |
root /var/www/superkoderzytest; | |
access_log /var/log/nginx/superkoderzytest.pl-access.log; | |
error_log /var/log/nginx/superkoderzytest.pl-error.log; | |
#include conf.d/restrictions.conf; | |
################################## | |
# Restrictions ################### | |
# Global restrictions configuration file. | |
# Designed to be included in any server {} block.</p> | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~ /\\. { | |
deny all; | |
} | |
# Deny access to any files with a .php extension in the uploads directory | |
# Works in sub-directory installs and also in multisite network | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~* /(?:uploads|files)/.*\\.php$ { | |
deny all; | |
} | |
include /var/www/superkoderzytest/nginx.conf; | |
#include conf.d/wordpress-mu.conf; | |
################################## | |
# Wordpress MU ################## | |
# WordPress multisite subdirectory rules. | |
# Designed to be included in any server {} block. | |
index index.php; | |
# This order might seem weird - this is attempted to match last if rules below fail. | |
# http://wiki.nginx.org/HttpCoreModule | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
add_header 'Access-Control-Allow-Origin' '*' always; | |
add_header 'Access-Control-Allow-Credentials' 'false'; | |
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
} | |
# Add trailing slash to */wp-admin requests. | |
rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
# Pass all .php files onto a php-fpm/php-fcgi server. | |
location ~ \.php$ { | |
# Zero-day exploit defense. | |
# http://forum.nginx.org/read.php?2,88845,page=3 | |
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi. | |
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked. | |
try_files $uri =404; | |
# fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini | |
include fastcgi_params; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
#fastcgi_intercept_errors on; | |
fastcgi_pass php5-fpm; | |
} | |
location ~ ^/files/(.*)$ { | |
try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ; | |
# access_log on; log_not_found on; expires max; | |
} | |
#avoid php readfile() | |
location ^~ /blogs.dir { | |
internal; | |
alias /var/www/superkoderzytest/wp-content/blogs.dir ; | |
access_log off; log_not_found off; expires max; | |
} | |
# Directives to send expires headers and turn off 404 error logging. | |
location ~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { | |
access_log off; log_not_found off; expires max; | |
} | |
if (!-e $request_filename) { | |
rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last; | |
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last; | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment