Skip to content

Instantly share code, notes, and snippets.

@stefanandres

stefanandres/nginx_wordpress_podlove_https

Last active February 6, 2016 15:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stefanandres/8edf6c92be90d1af2e5d to your computer and use it in GitHub Desktop.
Save stefanandres/8edf6c92be90d1af2e5d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx_wordpress_podlove_https
server {
listen 80;
server_name www.domain.tld domain.tld;
access_log /var/log/nginx/domain.tld.access_log andre;
error_log /var/log/nginx/domain.tld.error_log warn;
# iTunes podcast does not accept SSL in 2016 :-(
root /var/www/domain.tld/htdocs/;
location /wp-content/uploads/podcastepisodes/ {
try_files $uri $uri/ /index.php;
}
location /wp-content/cache/podlove/ {
try_files $uri $uri/ /index.php;
}
location /feed/mp3 {
try_files $uri $uri/ /index.php ;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 256 4k;
}
set $redirect 1;
location / {
if ($request_uri ~ ^/feed/mp3/.*$) {
set $redirect 0;
}
if ($request_uri ~ ^/wp-content/uploads/podcastepisodes/.*$) {
set $redirect 0;
}
if ($request_uri ~ ^/wp-content/cache/podlove/.*$) {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://www.domain.tld$request_uri;
}
subs_filter_types text/html text/css text/xml;
subs_filter https://www.domain.tld http://www.domain.tld g;
try_files $uri $uri/ /index.php ;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 256 4k;
}
}
server {
listen 443 ssl;
server_name www.domain.tld domain.tld;
ssl on;
ssl_certificate /var/www/domain.tld/www.domain.tld.crt_intermediate_key.pem;
ssl_certificate_key /var/www/domain.tld/www.domain.tld.crt_intermediate_key.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:RSA+AESGCM:RSA+AES:ECDHE+3DES:RSA+3DES:!aNULL:!MD5:!DSS;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Server ssl;
proxy_set_header HTTPS 1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/log/nginx/www.domain.tld.access_log andre;
error_log /var/log/nginx/www.domain.tld.error_log warn;
#auth_basic "Restricted";
#auth_basic_user_file /var/www/domain.tld/.htpasswd;
root /var/www/domain.tld/htdocs/;
set $cache_uri $request_uri;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
set $cache_uri 'null cache';
}
# Use cached or actual file if they exists, otherwise pass request to WordPress
location = /wp-login.php {
auth_basic "Restricted";
auth_basic_user_file /var/www/domain.tld/.htpasswd;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 256 4k;
}
#try_files $uri $uri/ /index.php?$query_string;
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php ;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 256 4k;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment