Created
December 21, 2018 09:07
-
-
Save nalakawula/825ae20c763a51d47c75742e0675c7ca to your computer and use it in GitHub Desktop.
Konfigurasi nginx untuk wordpress https://blog.sumarsono.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/conf.d/blog.sumarsono.com.conf | |
server { | |
server_name blog.sumarsono.com; | |
root /var/www/html/blog; | |
index index.php index.html index.htm; | |
client_max_body_size 100M; | |
include /etc/nginx/default.d/global_wordpress.conf; | |
location / { | |
#try_files $uri $uri/ /index.php; | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
listen 443 ssl; # managed by Certbot | |
ssl_certificate /etc/letsencrypt/live/blog.sumarsono.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/blog.sumarsono.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
} | |
server { | |
if ($host = blog.sumarsono.com) { | |
return 301 https://$host$request_uri; | |
} # managed by Certbot | |
listen 80; | |
server_name blog.sumarsono.com; | |
return 404; # managed by Certbot | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/default.d/global_wordpress.conf | |
# Global restrictions configuration file. | |
# Designed to be included in any server {} block. | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
# robots.txt fallback to index.php | |
location = /robots.txt { | |
# Some WordPress plugin gererate robots.txt file | |
allow all; | |
try_files $uri $uri/ /index.php?$args @robots; | |
access_log off; | |
log_not_found off; | |
} | |
# additional fallback if robots.txt doesn't exist | |
location @robots { | |
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n"; | |
} | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac) excepted .well-known directory. | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~ /\.(?!well-known\/) { | |
deny all; | |
} | |
# Deny access to any files with a .php extension in the uploads directory for the single site | |
location /wp-content/uploads { | |
location ~ \.php$ { | |
deny all; | |
} | |
} | |
# Deny access to any files with a .php extension in the uploads directory | |
# Works in sub-directory installs and also in multisite network | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~* /(?:uploads|files)/.*\.php$ { | |
deny all; | |
} | |
########## | |
location = /wp-login.php { | |
## prevent brute force attacks (must enable in nginx.conf) | |
limit_req zone=one burst=1 nodelay; | |
## re-include basic FCGI settings for PHP files | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |
fastcgi_index index.php; | |
## older nginx versions use: include fastcgi_params | |
include fastcgi.conf; | |
} | |
## block any attempted access to dotfiles | |
location ~ /\. { | |
deny all; | |
log_not_found off; | |
access_log off; | |
} | |
## block any attempted XMLRPC attacks | |
location = /xmlrpc.php { | |
deny all; | |
} | |
## comment this until WP is properly setup (blocks access) | |
location = /wp-config.php { | |
deny all; | |
} | |
## block access to hackers checking WP version | |
location ~* (licence|readme|license)\.(html|txt) { | |
deny all; | |
} | |
## deny access to PHP files in various directories | |
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ { | |
deny all; | |
} | |
## avoid any font problems in Firefox and IE | |
location ~ \.(eot|ttf|ttc|otf|woff|woff2|svg|css|js)$ { | |
add_header Access-Control-Allow-Origin "*"; | |
} | |
## set maximum expiry times for static files | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico|mp4|svg|svgz|ogg|ogv|webm|htc)$ { | |
log_not_found off; | |
access_log off; | |
} | |
## define error pages in the web directory | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment