mdimai666/wordpress.nginx.conf

## wordpress.nginx.conf
server {

  #listen 80;
  set $root_path '/var/www/wordpress/';
  root $root_path;

  index index.php; # index defined to be served under directory
  server_name _;

    include d_ssl;

    error_log /var/log/nginx/example.com-error.log;
    access_log /var/log/nginx/example.com-access.log;


  set $skip_cache 0;

  # POST requests and urls with a query string should always go to PHP
  if ($request_method = POST) {
    set $skip_cache 1;
  }
  if ($query_string != "") {
    set $skip_cache 1;
  }

  # Don't cache uris containing the following segments
  if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
    set $skip_cache 1;
  }

    # Don't use the cache for logged in users or recent commenters
  if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
    set $skip_cache 1;
  }

  location ~* \.(gif|jpg|jpeg|png|ico|bmp|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|woff|woff2|exe|eot|svg|ttf)$ {
    root $root_path;
    expires 14d;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    log_not_found off;
  }

  #    Common deny or internal locations, to help prevent access to areas of
  #    the site that should not be public
  location ~* wp-admin/includes { deny all; }
  location ~* wp-includes/theme-compat/ { deny all; }
  location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
  location /wp-content/ { internal; }
  location /wp-includes/ { internal; }

  #    The next line protects the wp-config.php file from being accessed, but
  #    we need to be able to run the file for the initial site setup. Uncomment
  #    the next line after setup is completed and reload Nginx.
  location ~* wp-config.php { deny all; }

  #    Prevent any potentially-executable files in the uploads directory from
  #    being executed by forcing their MIME type to text/plain
  location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
    types { }
    default_type text/plain;
  }
  location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  error_page 404 /404.html;

  error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root /usr/share/nginx/www;
  }

  location ~ \.php$ {
    try_files $uri =404;

    fastcgi_pass unix:/var/run/php7.4-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;

    fastcgi_split_path_info       ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO       $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_read_timeout    3600;

    fastcgi_cache_bypass $skip_cache;
    fastcgi_no_cache $skip_cache;

    fastcgi_cache WORDPRESS;
    fastcgi_cache_valid  5m;
  }
}


ALSO file /etc/nginx/nginx.conf
    ##
    # Fastcgi Params
    ##
    fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
    fastcgi_cache_key "$scheme$request_method$host$request_uri";
    fastcgi_cache_use_stale error timeout invalid_header http_500;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

ALSO file /etc/nginx/d_ssl; snipped

    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate     /etc/lego/certificates/example.com.crt;
    ssl_certificate_key /etc/lego/certificates/example..com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_session_cache           shared:SSL:20m;
    ssl_session_timeout         10m;

    resolver                    8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout            10s;


#https://websiteforstudents.com/install-wordpress-on-ubuntu-18-04-lts-bata-with-nginx-mariadb-and-php-fpm/
	server {

	#listen 80;
	set $root_path '/var/www/wordpress/';
	root $root_path;

	index index.php; # index defined to be served under directory
	server_name _;

	include d_ssl;

	error_log /var/log/nginx/example.com-error.log;
	access_log /var/log/nginx/example.com-access.log;


	set $skip_cache 0;

	# POST requests and urls with a query string should always go to PHP
	if ($request_method = POST) {
	set $skip_cache 1;
	}
	if ($query_string != "") {
	set $skip_cache 1;
	}

	# Don't cache uris containing the following segments
	if ($request_uri ~* "/wp-admin/\|/xmlrpc.php\|wp-.*.php\|/feed/\|index.php\|sitemap(_index)?.xml") {
	set $skip_cache 1;
	}

	# Don't use the cache for logged in users or recent commenters
	if ($http_cookie ~* "comment_author\|wordpress_[a-f0-9]+\|wp-postpass\|wordpress_no_cache\|wordpress_logged_in") {
	set $skip_cache 1;
	}

	location ~* \.(gif\|jpg\|jpeg\|png\|ico\|bmp\|wmv\|3gp\|avi\|mpg\|mpeg\|mp4\|flv\|mp3\|mid\|js\|css\|woff\|woff2\|exe\|eot\|svg\|ttf)$ {
	root $root_path;
	expires 14d;
	add_header Pragma public;
	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
	access_log off;
	log_not_found off;
	}

	# Common deny or internal locations, to help prevent access to areas of
	# the site that should not be public
	location ~* wp-admin/includes { deny all; }
	location ~* wp-includes/theme-compat/ { deny all; }
	location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
	location /wp-content/ { internal; }
	location /wp-includes/ { internal; }

	# The next line protects the wp-config.php file from being accessed, but
	# we need to be able to run the file for the initial site setup. Uncomment
	# the next line after setup is completed and reload Nginx.
	location ~* wp-config.php { deny all; }

	# Prevent any potentially-executable files in the uploads directory from
	# being executed by forcing their MIME type to text/plain
	location ~* ^/wp-content/uploads/.*.(html\|htm\|shtml\|php)$ {
	types { }
	default_type text/plain;
	}
	location / {
	try_files $uri $uri/ /index.php?q=$uri&$args;
	}

	error_page 404 /404.html;

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/www;
	}

	location ~ \.php$ {
	try_files $uri =404;

	fastcgi_pass unix:/var/run/php7.4-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;

	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_read_timeout 3600;

	fastcgi_cache_bypass $skip_cache;
	fastcgi_no_cache $skip_cache;

	fastcgi_cache WORDPRESS;
	fastcgi_cache_valid 5m;
	}
	}



	ALSO file /etc/nginx/nginx.conf
	##
	# Fastcgi Params
	##
	fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
	fastcgi_cache_key "$scheme$request_method$host$request_uri";
	fastcgi_cache_use_stale error timeout invalid_header http_500;
	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

	ALSO file /etc/nginx/d_ssl; snipped

	listen 443 ssl;
	listen [::]:443 ssl;

	ssl_certificate /etc/lego/certificates/example.com.crt;
	ssl_certificate_key /etc/lego/certificates/example..com.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 10m;

	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 10s;


	#https://websiteforstudents.com/install-wordpress-on-ubuntu-18-04-lts-bata-with-nginx-mariadb-and-php-fpm/