tomazzaman/www.wp-kickstart.com.conf

## www.wp-kickstart.com.conf
server {
  include /home/webmaster/www/www.wp-kickstart.com.conf;

  server_name www.wp-kickstart.com;
  listen 443 ssl spdy;

  server_tokens off;

  client_body_buffer_size 10K;
  client_header_buffer_size 1k;
  client_max_body_size 8m;
  large_client_header_buffers 2 1k;

  # SSL configuration
  ssl_certificate     /home/webmaster/certs/wp-kickstart.com.crt;
  ssl_certificate_key /home/webmaster/certs/wp-kickstart.com.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  ssl_prefer_server_ciphers  on;
  ssl_session_cache shared:SSL:20m;
  ssl_session_timeout  24h;

  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /home/webmaster/certs/trustchain.crt;
  resolver 8.8.8.8 8.8.4.4;

  spdy_keepalive_timeout 300;
  spdy_headers_comp 6;

  add_header Alternate-Protocol  443:npn-spdy/3;
  add_header Strict-Transport-Security max-age=31536000;

  root /home/webmaster/www/www.wp-kickstart.com;
  index index.php index.html;

  set $cache_uri $request_uri;

  # POST requests and urls with a query string should always go to PHP
  if ($request_method = POST) {
    set $cache_uri 'null cache';
  }
  if ($query_string != "") {
    set $cache_uri 'null cache';
  }

  # Don't cache uris containing the following segments
  if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
    set $cache_uri 'null cache';
  }

  # Don't use the cache for logged in users or recent commenters
  if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
    set $cache_uri 'null cache';
  }

  gzip on;
  gzip_buffers 16 8k;
  gzip_comp_level 9;
  gzip_http_version 1.0;
  gzip_min_length 0;
  gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript;
  gzip_vary on;
  gzip_proxied expired no-cache no-store private auth;
  gzip_disable "MSIE [1-6]\.";

  location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    expires max;
    add_header Pragma "public";
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    log_not_found off;
  }

  # Use cached or actual file if they exists, otherwise pass request to WordPress
  location / {
    try_files /assets/cache/wp-rocket/$http_host/$cache_uri/index.html $uri/ /index.php?$args;
  }

  # Plugins are handled with PHP-FPM as HHVM doesn't support FTPS
  location ~ /wp-admin/(update|plugins).php {
    try_files $uri /index.php;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
  }

  location = /wp-login.php {
    # Rate limiting so that brute force is prevented
    limit_req zone=one burst=1 nodelay;

    # try_files $uri /index.php;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
  }


  location ~ \.(hh|php)$ {
    proxy_intercept_errors on;
    error_page 502 = @fallback;

    try_files $uri /index.php;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/hhvm/hhvm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
  }

  location @fallback {
    try_files $uri /index.php;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
  }

}
	server {
	include /home/webmaster/www/www.wp-kickstart.com.conf;

	server_name www.wp-kickstart.com;
	listen 443 ssl spdy;

	server_tokens off;

	client_body_buffer_size 10K;
	client_header_buffer_size 1k;
	client_max_body_size 8m;
	large_client_header_buffers 2 1k;

	# SSL configuration
	ssl_certificate /home/webmaster/certs/wp-kickstart.com.crt;
	ssl_certificate_key /home/webmaster/certs/wp-kickstart.com.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 24h;

	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /home/webmaster/certs/trustchain.crt;
	resolver 8.8.8.8 8.8.4.4;

	spdy_keepalive_timeout 300;
	spdy_headers_comp 6;

	add_header Alternate-Protocol 443:npn-spdy/3;
	add_header Strict-Transport-Security max-age=31536000;

	root /home/webmaster/www/www.wp-kickstart.com;
	index index.php index.html;

	set $cache_uri $request_uri;

	# POST requests and urls with a query string should always go to PHP
	if ($request_method = POST) {
	set $cache_uri 'null cache';
	}
	if ($query_string != "") {
	set $cache_uri 'null cache';
	}

	# Don't cache uris containing the following segments
	if ($request_uri ~* "(/wp-admin/\|/xmlrpc.php\|/wp-(app\|cron\|login\|register\|mail).php\|wp-.*.php\|/feed/\|index.php\|wp-comments-popup.php\|wp-links-opml.php\|wp-locations.php\|sitemap(_index)?.xml\|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
	set $cache_uri 'null cache';
	}

	# Don't use the cache for logged in users or recent commenters
	if ($http_cookie ~* "comment_author\|wordpress_[a-f0-9]+\|wp-postpass\|wordpress_logged_in") {
	set $cache_uri 'null cache';
	}

	gzip on;
	gzip_buffers 16 8k;
	gzip_comp_level 9;
	gzip_http_version 1.0;
	gzip_min_length 0;
	gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript;
	gzip_vary on;
	gzip_proxied expired no-cache no-store private auth;
	gzip_disable "MSIE [1-6]\.";

	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg)$ {
	expires max;
	add_header Pragma "public";
	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
	access_log off;
	log_not_found off;
	}

	# Use cached or actual file if they exists, otherwise pass request to WordPress
	location / {
	try_files /assets/cache/wp-rocket/$http_host/$cache_uri/index.html $uri/ /index.php?$args;
	}

	# Plugins are handled with PHP-FPM as HHVM doesn't support FTPS
	location ~ /wp-admin/(update\|plugins).php {
	try_files $uri /index.php;
	include fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}

	location = /wp-login.php {
	# Rate limiting so that brute force is prevented
	limit_req zone=one burst=1 nodelay;

	# try_files $uri /index.php;
	include fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}


	location ~ \.(hh\|php)$ {
	proxy_intercept_errors on;
	error_page 502 = @fallback;

	try_files $uri /index.php;
	include fastcgi_params;
	fastcgi_pass unix:/var/run/hhvm/hhvm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}

	location @fallback {
	try_files $uri /index.php;
	include fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_index index.php;
	}

	}