server { | |
listen 80 default_server; | |
listen [::]:80 default_server ipv6only=on; | |
server_name www.server.name server.name; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 default_server; | |
listen [::]:443 default_server ipv6only=on; | |
server_name www.server.name server.name; | |
root /var/www; | |
index index.php; | |
charset utf-8; | |
error_log /var/log/nginx/server.name.log crit; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server.crt; | |
ssl_certificate_key /etc/ssl/private/server.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
#The following only works on nginx 1.6 or newer | |
#ssl_session_tickets off; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_dhparam /etc/ssl/certs/dhparam.pem; | |
resolver 208.67.220.220 208.67.222.222 8.8.4.4 8.8.8.8; | |
resolver_timeout 2s; | |
client_max_body_size 20M; | |
include /etc/nginx/conf.d/*; | |
location / { | |
# First attempt to serve request as file, then | |
# as directory, then fall back to displaying a 404. | |
try_files $uri $uri/ /index.php?$args; | |
} | |
error_page 404 /404.html; | |
# redirect server error pages to the static page /50x.html | |
# | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
# Block PHP files in uploads directory. | |
location ~* /(?:uploads|files)/.*\.php$ { | |
deny all; | |
} | |
# Block PHP files in content directory. | |
location ~* /wp-content/.*\.php$ { | |
deny all; | |
} | |
# Block PHP files in includes directory. | |
location ~* /wp-includes/.*\.php$ { | |
deny all; | |
} | |
# Block PHP files in uploads, content, and includes directory. | |
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ { | |
deny all; | |
} | |
location ~ \.php$ { | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
include fastcgi_params; | |
fastcgi_buffers 16 16k; | |
fastcgi_buffer_size 32k; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment