Created
January 23, 2017 07:03
-
-
Save taosx/c1ffc7294b5ca64d11a6607d36d5b49e to your computer and use it in GitHub Desktop.
My configuration for nginx-php7-phpfpm and wordpress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The user account used by the worker processes. If following along with Hosting WordPress Yourself, | |
# it's recommened to set this to your username, but only when running a single user access server. | |
user nginx; | |
# Set to number of CPU cores, auto will try to autodetect. | |
worker_processes auto; | |
# Maximum open file descriptors per process. Should be greater than worker_connections. | |
worker_rlimit_nofile 8192; | |
# File that stores the process ID. Rarely needs changing. | |
pid /run/nginx.pid; | |
events { | |
# Set the maximum number of connection each worker process can open. Anything higher than this | |
# will require Unix optimisations. | |
worker_connections 8000; | |
# Accept all new connections as they're opened. | |
multi_accept on; | |
} | |
http { | |
# HTTP | |
# Hide nginx version information. | |
server_tokens off; | |
# Speed up file transfer by using sendfile(). | |
sendfile on; | |
# Don't send partial frames, which increases throughput. | |
tcp_nopush on; | |
# Don't wait to send data in keep-alive state. | |
tcp_nodelay on; | |
# Specify MIME Types for files. | |
include mime.types; | |
default_type application/octet-stream; | |
# Update charset_types to match updated mime.types. | |
# text/html is always included by charset module. | |
charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml | |
application/xml; | |
# Include $http_x_forwarded_for within default format used in log files | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
# Limits & Timeouts | |
# How long each connection should stay open for. | |
keepalive_timeout 150; | |
# Timeout for reading client request body. | |
client_body_timeout 30; | |
# Timeout for reading client request header. | |
client_header_timeout 30; | |
# Timeout for transmitting reponse to client. | |
send_timeout 30; | |
# Set the maximum allowed size of client request body. This should be set | |
# to the value of files sizes you wish to upload to the WordPress Media Library. | |
# You may also need to change the values `upload_max_filesize` and `post_max_size` within | |
# your php.ini for the changes to apply. | |
client_max_body_size 64m; | |
# Default Logs | |
error_log /var/log/nginx/error.log warn; | |
access_log /var/log/nginx/access.log; | |
# Gzip | |
# Enable Gzip compression. | |
gzip on; | |
# Disable Gzip on IE6. | |
gzip_disable "msie6"; | |
# Allow proxies to cache both compressed and regular version of file. | |
# Avoids clients that don't support Gzip outputting gibberish. | |
gzip_vary on; | |
# Compress data, even when the client connects through a proxy. | |
gzip_proxied any; | |
# The level of compression to apply to files. A higher compression level increases | |
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression. | |
gzip_comp_level 5; | |
# The minimum HTTP version of a request to perform compression. | |
gzip_http_version 1.1; | |
# Don't compress files smaller than 256 bytes, as size reduction will be negligible. | |
gzip_min_length 1000; | |
# Compress the following MIME types. | |
gzip_types | |
application/atom+xml | |
application/javascript | |
application/json | |
application/ld+json | |
application/manifest+json | |
application/rss+xml | |
application/vnd.geo+json | |
application/vnd.ms-fontobject | |
application/x-font-ttf | |
application/x-web-app-manifest+json | |
application/xhtml+xml | |
application/xml | |
font/opentype | |
image/bmp | |
image/svg+xml | |
image/x-icon | |
text/cache-manifest | |
text/css | |
text/plain | |
text/vcard | |
text/vnd.rim.location.xloc | |
text/vtt | |
text/x-component | |
text/x-cross-domain-policy; | |
# Enable caching file descriptors. | |
include /etc/nginx/custom/cache-file-descriptors.conf; | |
# Enable extra security settings. | |
include /etc/nginx/custom/extra-security.conf; | |
# Modules | |
include /etc/nginx/conf.d/*.conf; | |
# Sites | |
include /etc/nginx/sites-enabled/*; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# File in site-enabled/site.com.conf (symlinked from sites-available) | |
# Redirect http:// traffic to https://www. | |
server { | |
listen [::]:80; | |
listen 80; | |
server_name site.com www.site.com; | |
return 301 https://www.site.com$request_uri; | |
} | |
# Redirect https:// traffic to https://www. | |
server { | |
listen [::]:443 ssl http2; | |
listen 443 ssl http2; | |
# listen on the wrong host | |
server_name example.com; | |
# Paths to SSL certificate files. | |
ssl_certificate /etc/ssl/ssl-site.com.crt; | |
ssl_certificate_key /etc/ssl/ssl-site.com.key; | |
ssl_trusted_certificate /etc/ssl/ssl-site.com.crt; | |
ssl_dhparam /etc/ssl/ssl-site.com.pem; | |
# Include defaults for allowed SSL/TLS protocols and handshake caches. | |
include /etc/nginx/custom/ssl.conf; | |
# and redirect to the non-www host (declared below) | |
return 301 https://www.site.com$request_uri; | |
} | |
# Main server | |
server { | |
listen [::]:443 ssl http2 deferred; | |
listen 443 ssl http2 deferred; | |
server_name www.site.com; | |
# Paths to SSL certificate files. | |
ssl_certificate /etc/ssl/ssl-site.com.crt; | |
ssl_certificate_key /etc/ssl/ssl-site.com.key; | |
ssl_trusted_certificate /etc/ssl/ssl-site.com.crt; | |
# OCSP Stapling | |
# fetch OCSP records from URL in ssl_certificate and cache them | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
ssl_dhparam /etc/ssl/ssl-site.com.pem; | |
# Include defaults for allowed SSL/TLS protocols and handshake caches. | |
include /etc/nginx/custom/ssl.conf; | |
# Expire rules for static content | |
include /etc/nginx/custom/expires.conf; | |
# Prevent clients from accessing hidden files (starting with a dot) | |
include /etc/nginx/custom/protect-system-files.conf; | |
# Wordpress security settings | |
include /etc/nginx/custom/wp-restrictions.conf; | |
#Specify a charset | |
charset utf-8; | |
# Path for static files | |
root /data/sites/site.com; | |
index index.php index.html index.phtml; | |
set $cache_uri $request_uri; | |
# POST requests and urls with a query string should always go to PHP | |
if ($request_method = POST) { | |
set $cache_uri 'null cache'; | |
} | |
if ($query_string != "") { | |
set $cache_uri 'null cache'; | |
} | |
# Don't cache uris containing the following segments | |
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php | |
|wp-.*.php|/feed/|index.php|wp-comments-popup.php | |
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml | |
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { | |
set $cache_uri 'null cache'; | |
} | |
# Don't use the cache for logged-in users or recent commenters | |
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ | |
|wp-postpass|wordpress_logged_in") { | |
set $cache_uri 'null cache'; | |
} | |
# Set the cache file | |
set $cachefile "/wp-content/cache/$http_host/$cache_uri/index.html"; | |
if ($https ~* "on") { | |
set $cachefile "/wp-content/cache/$http_host/$cache_uri/index-https.html"; | |
} | |
# Add cache file debug info as header | |
#add_header X-Cache-File $cachefile; | |
# Try in the following order: (1) cachefile, (2) normal url, (3) php | |
location / { | |
try_files $cachefile $uri $uri/ /index.php; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_pass unix:/var/run/php-fpm.sock; | |
include fastcgi_params; | |
fastcgi_read_timeout 360s; | |
fastcgi_buffer_size 128k; | |
fastcgi_buffers 4 256k; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# fastcgi_index index.php; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment