Skip to content

Instantly share code, notes, and snippets.

@s0u7a

s0u7a/nginx.conf

Created November 26, 2023 06:11
Show Gist options
  • Save s0u7a/a93852bc5be523ff12073e89f5f5684b to your computer and use it in GitHub Desktop.
Save s0u7a/a93852bc5be523ff12073e89f5f5684b to your computer and use it in GitHub Desktop.
Download ZIP
My LAMP openresty+fastcgi+wordpress's nginx configuration
Raw
nginx.conf
user nobody nogroup;
worker_processes auto;
worker_rlimit_nofile 100000;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events
{
worker_connections 2048;
multi_accept on;
use epoll;
}
http
{
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 3;
client_header_timeout 60;
client_body_timeout 60;
reset_timedout_connection on;
send_timeout 60;
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn addr 100;
#charset UTF-8;
gzip on;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/json;
open_file_cache max=1000 inactive=10s;
open_file_cache_valid 60s;
open_file_cache_min_uses 1;
open_file_cache_errors on;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
resolver_timeout 5s;
server
{
listen 80;
listen [::]:80;
server_name vps.s0u7a.net;
return 301 https://vps.s0u7a.net$request_uri;
}
server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /etc/ssl/certs/origin.pem;
ssl_certificate_key /etc/ssl/private/private_key.pem;
server_name vps.s0u7a.net;
access_log /var/log/webapp/access.log;
error_log /var/log/webapp/error.log;
root html;
# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext text/plain text/xsd text/xsl text/xml image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon application/json application/vnd.ms-access video/webm application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint image/svg+xml application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel;
location ~ \.(css|htc|less|js|js2|js3|js4)$ {
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "public";
add_header Referrer-Policy "no-referrer-when-downgrade";
try_files $uri $uri/ /index.php?$args;
}
location ~ \.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$ {
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "max-age=3600, public";
add_header Referrer-Policy "no-referrer-when-downgrade";
try_files $uri $uri/ /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|avif|avifs|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "public";
add_header Referrer-Policy "no-referrer-when-downgrade";
location ~* ^(?<path>.+)\.(jpe?g|png|gif)$ {
if ( $http_accept !~* "webp|\*/\*" ) {
break;
}
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "public";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Vary Accept;
try_files ${path}.webp $uri /index.php?$args;
}
try_files $uri $uri/ /index.php?$args;
}
add_header Referrer-Policy "no-referrer-when-downgrade";
# END W3TC Browser Cache
location /
{
index index.html index.htm index.php index.py index.rb index.pl index.cgi index.sh;
#return 301 https://$host$request_uri;
}
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
if (!-f $document_root$fastcgi_script_name)
{
return 404;
}
try_files $uri /404.html;
client_max_body_size 100m;
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ \.(cgi|py|pl|rb|sh)$ {
include fastcgi_params;
try_files $uri /404.html;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/spawn-fcgi.socket;
}
location ~ /\.ht
{
deny all;
}
location ~* /wp-config.php
{
deny all;
}
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment