Instantly share code, notes, and snippets.

Embed
What would you like to do?
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.server.name server.name;
return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server;
listen [::]:443 default_server ipv6only=on;
server_name www.server.name server.name;
root /var/www;
index index.php;
charset utf-8;
error_log /var/log/nginx/server.name.log crit;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#The following only works on nginx 1.6 or newer
#ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 208.67.220.220 208.67.222.222 8.8.4.4 8.8.8.8;
resolver_timeout 2s;
client_max_body_size 20M;
include /etc/nginx/conf.d/*;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# Block PHP files in uploads directory.
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
deny all;
}
# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
deny all;
}
# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
deny all;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment