Last active
August 29, 2015 14:15
-
-
Save tomazzaman/2fa90dd1dfb9a87eabbb to your computer and use it in GitHub Desktop.
wp-kickstart.com Nginx vhost config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
include /home/webmaster/www/www.wp-kickstart.com.conf; | |
server_name www.wp-kickstart.com; | |
listen 443 ssl spdy; | |
server_tokens off; | |
client_body_buffer_size 10K; | |
client_header_buffer_size 1k; | |
client_max_body_size 8m; | |
large_client_header_buffers 2 1k; | |
# SSL configuration | |
ssl_certificate /home/webmaster/certs/wp-kickstart.com.crt; | |
ssl_certificate_key /home/webmaster/certs/wp-kickstart.com.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_timeout 24h; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /home/webmaster/certs/trustchain.crt; | |
resolver 8.8.8.8 8.8.4.4; | |
spdy_keepalive_timeout 300; | |
spdy_headers_comp 6; | |
add_header Alternate-Protocol 443:npn-spdy/3; | |
add_header Strict-Transport-Security max-age=31536000; | |
root /home/webmaster/www/www.wp-kickstart.com; | |
index index.php index.html; | |
set $cache_uri $request_uri; | |
# POST requests and urls with a query string should always go to PHP | |
if ($request_method = POST) { | |
set $cache_uri 'null cache'; | |
} | |
if ($query_string != "") { | |
set $cache_uri 'null cache'; | |
} | |
# Don't cache uris containing the following segments | |
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { | |
set $cache_uri 'null cache'; | |
} | |
# Don't use the cache for logged in users or recent commenters | |
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") { | |
set $cache_uri 'null cache'; | |
} | |
gzip on; | |
gzip_buffers 16 8k; | |
gzip_comp_level 9; | |
gzip_http_version 1.0; | |
gzip_min_length 0; | |
gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript; | |
gzip_vary on; | |
gzip_proxied expired no-cache no-store private auth; | |
gzip_disable "MSIE [1-6]\."; | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { | |
expires max; | |
add_header Pragma "public"; | |
add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
access_log off; | |
log_not_found off; | |
} | |
# Use cached or actual file if they exists, otherwise pass request to WordPress | |
location / { | |
try_files /assets/cache/wp-rocket/$http_host/$cache_uri/index.html $uri/ /index.php?$args; | |
} | |
# Plugins are handled with PHP-FPM as HHVM doesn't support FTPS | |
location ~ /wp-admin/(update|plugins).php { | |
try_files $uri /index.php; | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_index index.php; | |
} | |
location = /wp-login.php { | |
# Rate limiting so that brute force is prevented | |
limit_req zone=one burst=1 nodelay; | |
# try_files $uri /index.php; | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_index index.php; | |
} | |
location ~ \.(hh|php)$ { | |
proxy_intercept_errors on; | |
error_page 502 = @fallback; | |
try_files $uri /index.php; | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/hhvm/hhvm.sock; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_index index.php; | |
} | |
location @fallback { | |
try_files $uri /index.php; | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_index index.php; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment