taosx/Nginx.conf

## Nginx.conf
# The user account used by the worker processes. If following along with Hosting WordPress Yourself,
# it's recommened to set this to your username, but only when running a single user access server.
user nginx;

# Set to number of CPU cores, auto will try to autodetect.
worker_processes auto;

# Maximum open file descriptors per process. Should be greater than worker_connections.
worker_rlimit_nofile 8192;

# File that stores the process ID. Rarely needs changing.
pid /run/nginx.pid;

events {
	# Set the maximum number of connection each worker process can open. Anything higher than this
	# will require Unix optimisations.
	worker_connections 8000;

	# Accept all new connections as they're opened.
	multi_accept on;
}

http {
	# HTTP
    # Hide nginx version information.
    server_tokens off;

	# Speed up file transfer by using sendfile().
    sendfile on;

    # Don't send partial frames, which increases throughput.
    tcp_nopush on;

    # Don't wait to send data in keep-alive state.
    tcp_nodelay on;

	# Specify MIME Types for files.
    include      mime.types;
	default_type application/octet-stream;

    # Update charset_types to match updated mime.types.
    # text/html is always included by charset module.
    charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml
application/xml;

    # Include $http_x_forwarded_for within default format used in log files
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

	# Limits & Timeouts
    # How long each connection should stay open for.
    keepalive_timeout 150;

    # Timeout for reading client request body.
    client_body_timeout 30;

    # Timeout for reading client request header.
    client_header_timeout 30;

    # Timeout for transmitting reponse to client.
    send_timeout 30;

    # Set the maximum allowed size of client request body. This should be set
    # to the value of files sizes you wish to upload to the WordPress Media Library.
    # You may also need to change the values `upload_max_filesize` and `post_max_size` within
    # your php.ini for the changes to apply.
    client_max_body_size 64m;

	# Default Logs
	error_log /var/log/nginx/error.log warn;
	access_log /var/log/nginx/access.log;

	# Gzip
    # Enable Gzip compression.
    gzip on;

    # Disable Gzip on IE6.
    gzip_disable "msie6";

    # Allow proxies to cache both compressed and regular version of file.
    # Avoids clients that don't support Gzip outputting gibberish.
    gzip_vary on;

    # Compress data, even when the client connects through a proxy.
    gzip_proxied any;

    # The level of compression to apply to files. A higher compression level increases
    # CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
    gzip_comp_level 5;

    # The minimum HTTP version of a request to perform compression.
    gzip_http_version 1.1;

    # Don't compress files smaller than 256 bytes, as size reduction will be negligible.
    gzip_min_length 1000;

    # Compress the following MIME types.
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rss+xml
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;

    # Enable caching file descriptors.
    include /etc/nginx/custom/cache-file-descriptors.conf;

    # Enable extra security settings.
    include /etc/nginx/custom/extra-security.conf;

	# Modules
	include /etc/nginx/conf.d/*.conf;

	# Sites
	include /etc/nginx/sites-enabled/*;
}

## site.com.conf
# File in site-enabled/site.com.conf (symlinked from sites-available)
# Redirect http:// traffic to https://www.
server {
  listen [::]:80;
  listen 80;

  server_name site.com www.site.com;

  return 301 https://www.site.com$request_uri;
}

# Redirect https:// traffic to https://www.
server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    # listen on the wrong host
    server_name example.com;

    # Paths to SSL certificate files.
    ssl_certificate         /etc/ssl/ssl-site.com.crt;
    ssl_certificate_key     /etc/ssl/ssl-site.com.key;
    ssl_trusted_certificate /etc/ssl/ssl-site.com.crt;

    ssl_dhparam         /etc/ssl/ssl-site.com.pem;

    # Include defaults for allowed SSL/TLS protocols and handshake caches.
    include /etc/nginx/custom/ssl.conf;


    # and redirect to the non-www host (declared below)
    return 301 https://www.site.com$request_uri;
}

# Main server
server {
    listen [::]:443 ssl http2 deferred;
    listen 443 ssl http2 deferred;

    server_name www.site.com;

    # Paths to SSL certificate files.
    ssl_certificate         /etc/ssl/ssl-site.com.crt;
    ssl_certificate_key     /etc/ssl/ssl-site.com.key;
    ssl_trusted_certificate /etc/ssl/ssl-site.com.crt;

    # OCSP Stapling
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam         /etc/ssl/ssl-site.com.pem;

    # Include defaults for allowed SSL/TLS protocols and handshake caches.
    include /etc/nginx/custom/ssl.conf;

    # Expire rules for static content
    include /etc/nginx/custom/expires.conf;

    # Prevent clients from accessing hidden files (starting with a dot)
    include /etc/nginx/custom/protect-system-files.conf;

    # Wordpress security settings
    include /etc/nginx/custom/wp-restrictions.conf;

    #Specify a charset
    charset utf-8;

    # Path for static files
    root /data/sites/site.com;
    index index.php index.html index.phtml;

    set $cache_uri $request_uri;

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
        set $cache_uri 'null cache';
    }
    if ($query_string != "") {
        set $cache_uri 'null cache';
    }

    # Don't cache uris containing the following segments
    if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
                        |wp-.*.php|/feed/|index.php|wp-comments-popup.php
                        |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
                        |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {

        set $cache_uri 'null cache';
    }

    # Don't use the cache for logged-in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
                        |wp-postpass|wordpress_logged_in") {
        set $cache_uri 'null cache';
    }

    # Set the cache file
    set $cachefile "/wp-content/cache/$http_host/$cache_uri/index.html";
    if ($https ~* "on") {
        set $cachefile "/wp-content/cache/$http_host/$cache_uri/index-https.html";
    }

    # Add cache file debug info as header
    #add_header X-Cache-File $cachefile;

    # Try in the following order: (1) cachefile, (2) normal url, (3) php
    location / {
        try_files $cachefile $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        try_files $uri =404;

        fastcgi_pass   unix:/var/run/php-fpm.sock;

        include fastcgi_params;

        fastcgi_read_timeout 360s;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;

        # fastcgi_index  index.php;
    }
}
	# The user account used by the worker processes. If following along with Hosting WordPress Yourself,
	# it's recommened to set this to your username, but only when running a single user access server.
	user nginx;

	# Set to number of CPU cores, auto will try to autodetect.
	worker_processes auto;

	# Maximum open file descriptors per process. Should be greater than worker_connections.
	worker_rlimit_nofile 8192;

	# File that stores the process ID. Rarely needs changing.
	pid /run/nginx.pid;

	events {
	# Set the maximum number of connection each worker process can open. Anything higher than this
	# will require Unix optimisations.
	worker_connections 8000;

	# Accept all new connections as they're opened.
	multi_accept on;
	}

	http {
	# HTTP
	# Hide nginx version information.
	server_tokens off;

	# Speed up file transfer by using sendfile().
	sendfile on;

	# Don't send partial frames, which increases throughput.
	tcp_nopush on;

	# Don't wait to send data in keep-alive state.
	tcp_nodelay on;

	# Specify MIME Types for files.
	include mime.types;
	default_type application/octet-stream;

	# Update charset_types to match updated mime.types.
	# text/html is always included by charset module.
	charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml
	application/xml;

	# Include $http_x_forwarded_for within default format used in log files
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	# Limits & Timeouts
	# How long each connection should stay open for.
	keepalive_timeout 150;

	# Timeout for reading client request body.
	client_body_timeout 30;

	# Timeout for reading client request header.
	client_header_timeout 30;

	# Timeout for transmitting reponse to client.
	send_timeout 30;

	# Set the maximum allowed size of client request body. This should be set
	# to the value of files sizes you wish to upload to the WordPress Media Library.
	# You may also need to change the values `upload_max_filesize` and `post_max_size` within
	# your php.ini for the changes to apply.
	client_max_body_size 64m;

	# Default Logs
	error_log /var/log/nginx/error.log warn;
	access_log /var/log/nginx/access.log;

	# Gzip
	# Enable Gzip compression.
	gzip on;

	# Disable Gzip on IE6.
	gzip_disable "msie6";

	# Allow proxies to cache both compressed and regular version of file.
	# Avoids clients that don't support Gzip outputting gibberish.
	gzip_vary on;

	# Compress data, even when the client connects through a proxy.
	gzip_proxied any;

	# The level of compression to apply to files. A higher compression level increases
	# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
	gzip_comp_level 5;

	# The minimum HTTP version of a request to perform compression.
	gzip_http_version 1.1;

	# Don't compress files smaller than 256 bytes, as size reduction will be negligible.
	gzip_min_length 1000;

	# Compress the following MIME types.
	gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/ld+json
	application/manifest+json
	application/rss+xml
	application/vnd.geo+json
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/bmp
	image/svg+xml
	image/x-icon
	text/cache-manifest
	text/css
	text/plain
	text/vcard
	text/vnd.rim.location.xloc
	text/vtt
	text/x-component
	text/x-cross-domain-policy;

	# Enable caching file descriptors.
	include /etc/nginx/custom/cache-file-descriptors.conf;

	# Enable extra security settings.
	include /etc/nginx/custom/extra-security.conf;

	# Modules
	include /etc/nginx/conf.d/*.conf;

	# Sites
	include /etc/nginx/sites-enabled/*;
	}
	# File in site-enabled/site.com.conf (symlinked from sites-available)
	# Redirect http:// traffic to https://www.
	server {
	listen [::]:80;
	listen 80;

	server_name site.com www.site.com;

	return 301 https://www.site.com$request_uri;
	}

	# Redirect https:// traffic to https://www.
	server {
	listen [::]:443 ssl http2;
	listen 443 ssl http2;

	# listen on the wrong host
	server_name example.com;

	# Paths to SSL certificate files.
	ssl_certificate /etc/ssl/ssl-site.com.crt;
	ssl_certificate_key /etc/ssl/ssl-site.com.key;
	ssl_trusted_certificate /etc/ssl/ssl-site.com.crt;

	ssl_dhparam /etc/ssl/ssl-site.com.pem;

	# Include defaults for allowed SSL/TLS protocols and handshake caches.
	include /etc/nginx/custom/ssl.conf;


	# and redirect to the non-www host (declared below)
	return 301 https://www.site.com$request_uri;
	}

	# Main server
	server {
	listen [::]:443 ssl http2 deferred;
	listen 443 ssl http2 deferred;

	server_name www.site.com;

	# Paths to SSL certificate files.
	ssl_certificate /etc/ssl/ssl-site.com.crt;
	ssl_certificate_key /etc/ssl/ssl-site.com.key;
	ssl_trusted_certificate /etc/ssl/ssl-site.com.crt;

	# OCSP Stapling
	# fetch OCSP records from URL in ssl_certificate and cache them
	ssl_stapling on;
	ssl_stapling_verify on;

	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
	ssl_dhparam /etc/ssl/ssl-site.com.pem;

	# Include defaults for allowed SSL/TLS protocols and handshake caches.
	include /etc/nginx/custom/ssl.conf;

	# Expire rules for static content
	include /etc/nginx/custom/expires.conf;

	# Prevent clients from accessing hidden files (starting with a dot)
	include /etc/nginx/custom/protect-system-files.conf;

	# Wordpress security settings
	include /etc/nginx/custom/wp-restrictions.conf;

	#Specify a charset
	charset utf-8;

	# Path for static files
	root /data/sites/site.com;
	index index.php index.html index.phtml;

	set $cache_uri $request_uri;

	# POST requests and urls with a query string should always go to PHP
	if ($request_method = POST) {
	set $cache_uri 'null cache';
	}
	if ($query_string != "") {
	set $cache_uri 'null cache';
	}

	# Don't cache uris containing the following segments
	if ($request_uri ~* "(/wp-admin/\|/xmlrpc.php\|/wp-(app\|cron\|login\|register\|mail).php
	\|wp-.*.php\|/feed/\|index.php\|wp-comments-popup.php
	\|wp-links-opml.php\|wp-locations.php \|sitemap(_index)?.xml
	\|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {

	set $cache_uri 'null cache';
	}

	# Don't use the cache for logged-in users or recent commenters
	if ($http_cookie ~* "comment_author\|wordpress_[a-f0-9]+
	\|wp-postpass\|wordpress_logged_in") {
	set $cache_uri 'null cache';
	}

	# Set the cache file
	set $cachefile "/wp-content/cache/$http_host/$cache_uri/index.html";
	if ($https ~* "on") {
	set $cachefile "/wp-content/cache/$http_host/$cache_uri/index-https.html";
	}

	# Add cache file debug info as header
	#add_header X-Cache-File $cachefile;

	# Try in the following order: (1) cachefile, (2) normal url, (3) php
	location / {
	try_files $cachefile $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	try_files $uri =404;

	fastcgi_pass unix:/var/run/php-fpm.sock;

	include fastcgi_params;

	fastcgi_read_timeout 360s;
	fastcgi_buffer_size 128k;
	fastcgi_buffers 4 256k;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

	# fastcgi_index index.php;
	}
	}