Last active
March 11, 2019 22:27
-
-
Save reatlat/6892fef1bc01db8ff0fee3c83ee41ed3 to your computer and use it in GitHub Desktop.
Nginx config for WP Fastest Cache
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set expires for static files | |
| # Note to self (and to anyone forks it) | |
| # Some sites create robots.txt and sitemap(.xml(.gz)) files on the fly | |
| # If you are sure that they are indeed static, uncomment the following location blocks for each and adject the expires headers to fit your site's needs | |
| # location = /robots.txt { expires 1d; log_not_found off; access_log off; } | |
| # location ~ \.xml(\.gz)?$ { expires 600s; log_not_found off; access_log off; } | |
| # For CSS / JS | |
| location ~ \.(?:css|js)$ { | |
| expires max; | |
| log_not_found off; | |
| access_log off; | |
| add_header X-Content-Type-Options "nosniff"; | |
| } | |
| # Web fonts needs some special care | |
| # Reference: http://jmoiron.net/blog/serving-fonts-aws-cloudfront/ | |
| location ~ \.(?:ttf|ttc|eot|woff|woff2|otf|svg)$ { | |
| # Safe to use the following line | |
| add_header Access-Control-Allow-Origin "*"; | |
| # use the following with caution! | |
| # add_header Access-Control-Allow-Origin "http://*.example.com"; | |
| expires max; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| # Referers for images | |
| location ~ \.(?:gif|ico|webp)$ { | |
| ### Please change the domainname before uncommenting the following | |
| # valid_referers none blocked www.example.com example.com; | |
| # if ($invalid_referer) { return 403; } | |
| expires max; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~* ^.+\.(png|jpe?g)$ { | |
| ### Please change the domainname before uncommenting the following | |
| # valid_referers none blocked www.example.com example.com; | |
| # if ($invalid_referer) { return 403; } | |
| # add_header Vary Accept; | |
| # see https://docs.ewww.io/article/16-ewww-io-and-webp-images | |
| try_files $uri$webp_suffix $uri =404; | |
| expires max; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| # Feeds | |
| location ~ \.(?:rss|atom)$ { | |
| expires 600s; # 10 minutes | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| ... | |
| include /etc/nginx/extra/restrictions.conf; | |
| include /etc/nginx/extra/assets.conf; | |
| set $cache_uri $request_uri; | |
| set $cache_folder "all"; | |
| # POST requests and urls with a query string should always go to PHP | |
| if ($request_method = POST) { | |
| set $cache_uri 'null cache'; | |
| } | |
| if ($query_string != "") { | |
| set $cache_uri 'null cache'; | |
| } | |
| # Don't cache uris containing the following segments | |
| if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { | |
| set $cache_uri 'null cache'; | |
| } | |
| # Don't use the cache for logged in users or recent commenters | |
| if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") { | |
| set $cache_uri 'null cache'; | |
| } | |
| # uncomment the following two lines to support mobile cache | |
| if ( $http_user_agent ~* "2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800|iPad" ) { | |
| set $cache_uri "User-Agent"; | |
| set $cache_folder "wpfc-mobile-cache"; | |
| } | |
| # uncomment the following if deemed fit | |
| if ( $http_user_agent ~* "w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-|ipad" ) { | |
| set $cache_uri "User-Agent"; | |
| set $cache_folder "wpfc-mobile-cache"; | |
| } | |
| set $x_cache_header "MISS"; | |
| set $x_cf_powered_by "Voodoo Magic"; | |
| set $cache_control "no-cache"; | |
| if ($cache_uri != 'null cache') { | |
| set $x_cache_header "HIT"; | |
| set $x_cf_powered_by "WP Fastest Cache"; | |
| set $cache_control "must-revalidate"; | |
| } | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location = /robots.txt { | |
| allow all; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location / { | |
| add_header "X-Cache" $x_cache_header; | |
| add_header "X-CF-Powered-By" $x_cf_powered_by; | |
| add_header "Cache-Control" $cache_control; | |
| add_header "Vary" "Accept-Encoding, Cookie"; | |
| if ($cache_uri != 'null cache') { | |
| expires 30m; | |
| } | |
| # Use cached or actual file if they exists, otherwise pass request to WordPress | |
| try_files /wp-content/cache/$cache_folder/$cache_uri/index.html $uri $uri/ /index.php?$args ; | |
| if (!-e $request_filename) | |
| { | |
| rewrite ^(.+)$ /index.php?q=$1 last; | |
| } | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| if (!-f $document_root$fastcgi_script_name) { | |
| return 404; | |
| } | |
| include /etc/nginx/extra/wp_security_admin_access.conf; | |
| fastcgi_pass %backend_lsnr%; | |
| fastcgi_index index.php; | |
| fastcgi_read_timeout 300; | |
| include /etc/nginx/fastcgi_params; | |
| } | |
| } | |
| ... | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| # see: https://docs.ewww.io/article/16-ewww-io-and-webp-images | |
| map $http_accept $webp_suffix { | |
| default ""; | |
| "~*webp" ".webp"; | |
| } | |
| ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Global restrictions configuration file. | |
| # Designed to be included in any server {} block. | |
| # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac), .git. | |
| location /.git { deny all; } | |
| location /.htaccess { deny all; } | |
| location /.htpasswd { deny all; } | |
| location /.user.ini { deny all; } | |
| location /nginx.conf { deny all; } | |
| # this actually covers every dot file, except what follows below it (ex: CertBot) | |
| location ~ ^/\. { deny all; } | |
| # but allow CertBot - see http://stackoverflow.com/a/34262192 | |
| location ^~ /.well-known/acme-challenge { | |
| auth_basic off; | |
| try_files $uri =404; | |
| expires -1; | |
| } | |
| # Deny access to any files with a .php extension in the uploads directory | |
| location ~* /uploads/.*\.php$ { deny all; } | |
| # Deny access to any files with a .php extension in the uploads directory for multisite | |
| location ~* /files/.*\.php$ { deny all; } | |
| # Since version 2.5.7, Akismet introduced a new .htaccess file to block direct access to php files | |
| # Ref: http://wordpress.org/extend/plugins/akismet/changelog/ | |
| location ~* /akismet/.*\.php$ { deny all; } | |
| # Deny access to any files with a .php extension in the wp-includes directory | |
| location ~* /wp-includes/.*.php$ { deny all; } | |
| # Deny access to any files with a .php extension in the wp-content directory | |
| location ~* /wp-content/.*.php$ { deny all; } | |
| # Restrict direct access to cached content | |
| location /wp-content/cache/ { deny all; } | |
| # Deny access to backup files! | |
| #location ~ ~$ { deny all; } | |
| # Deny access to any files with a .php extension in the themes directory | |
| location ~* /themes/.*.php$ { deny all; } | |
| # Deny access to any files with a .php extension in the plugins directory | |
| location ~* /plugins/.*.php$ { deny all; } | |
| # Restrict direct access to xmlrpc | |
| location ~ /xmlrpc.php { deny all; } | |
| # Allow direct access to admin-ajax | |
| location ~ /wp-admin/admin-ajax.php { allow all; } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment