Skip to content

Instantly share code, notes, and snippets.

@mertcangokgoz

mertcangokgoz/mertcangokgoz.conf

Created October 28, 2023 19:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mertcangokgoz/e10644dd54784b43c75a6f75e822dcb0 to your computer and use it in GitHub Desktop.
Save mertcangokgoz/e10644dd54784b43c75a6f75e822dcb0 to your computer and use it in GitHub Desktop.
Download ZIP
mertcangokgoz.com nginx.conf
Raw
mertcangokgoz.conf
server {
listen 8080;
listen [::]:8080;
server_name mertcangokgoz.com;
{{root}}
try_files $uri $uri/ /index.php?$args;
index index.php index.html;
error_page 404 = @notfound;
location @notfound {
return 404;
}
error_page 500 502 503 504 = @internalerr;
location @internalerr {
return 503;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
if (-f $request_filename) {
break;
}
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2 reuseport;
listen [::]:443 ssl http2 reuseport;
{{ssl_certificate_key}}
{{ssl_certificate}}
server_name mertcangokgoz.com;
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}
location ~ /.well-known {
auth_basic off;
allow all;
}
{{settings}}
try_files $uri $uri/ /index.php?$args;
index index.php index.html;
include /etc/nginx/bots.d/blockbots.conf;
include /etc/nginx/bots.d/ddos.conf;
# Security Headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
location ~/(wp-admin/|wp-login.php) {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
proxy_max_temp_file_size 0;
proxy_connect_timeout 7200;
proxy_send_timeout 7200;
proxy_read_timeout 7200;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
location / {
{{varnish_proxy_pass}}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Varnish;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_connect_timeout 720;
proxy_send_timeout 720;
proxy_read_timeout 720;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
# assets, media
location ~* \.(jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires max;
log_not_found off;
access_log off;
}
location ~* \.(?:css(\.map)?|js(\.map)?|pdf)$ {
expires max;
}
location ~* ^(/wp-content/.+)\.(png|jpe?g)$ {
set $base $1;
set $webp_uri $base$webp_suffix;
set $webp_old_uri $base.$2$webp_suffix;
add_header Vary Accept;
try_files $webp_uri $webp_old_uri $uri =404;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires max;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0"; expires -1;
log_not_found off;
access_log off;
allow all;
}
# WordPress: deny wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
deny all;
}
# WordPress: deny wp-content/uploads nasty stuff
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
deny all;
}
# WordPress: deny wp-content/plugins (except earlier rules)
location ~ ^/wp-content/plugins {
deny all;
}
# WordPress: SEO plugin
location ~* ^/wp-content/plugins/wordpress-seo(?:-premium)?/css/main-sitemap\.xsl$ {}
# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
deny all;
}
location ~/\.git {
deny all;
}
location ~ ^/\.user\.ini {
deny all;
}
# SEOPress rules
location ~ (([^/]*)sitemap(.*)|news|author|video(.*))\.x(m|s)l$ {
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0"; expires -1;
## SEOPress
rewrite ^.*/sitemaps\.xml$ /index.php?seopress_sitemap=1 last;
rewrite ^.*/news.xml$ /index.php?seopress_news=$1 last;
rewrite ^.*/video.xml$ /index.php?seopress_video=$1 last;
rewrite ^.*/author.xml$ /index.php?seopress_author=$1 last;
rewrite ^.*/sitemaps_xsl\.xsl$ /index.php?seopress_sitemap_xsl=1 last;
rewrite ^.*/sitemaps_video_xsl\.xsl$ /index.php?seopress_sitemap_video_xsl=1 last;
rewrite ^.*/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?seopress_cpt=$1&seopress_paged=$2 last;
}
location /wp-cron.php { add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0"; expires -1; }
location = /wp-content/wp-cloudflare-super-page-cache/mertcangokgoz.com/debug.log { access_log off; deny all; }
# Rewrite Rules
# Feed
rewrite ^/feed.xml$ /feed/ permanent;
rewrite ^/sitemap_index.xml$ /sitemaps.xml permanent;
rewrite ^/sitemap.xml$ /sitemaps.xml permanent;
# Disable AMP and Redirect Main Url Schema
rewrite ^(.*/)amp/$ $1 permanent;
if ($args ~* "(amp|noamp)") {
rewrite ^(.*)$ $uri? permanent;
}
# .html suffix remover
rewrite ^(.*)\.html$ $1 permanent;
# Rewrite Rules For Changed URLs start
# Rewrite Rules For Changed URLs end
if (-f $request_filename) {
break;
}
# Block Empty User-agent
if ($http_user_agent = "") { return 403; }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment