Skip to content

Instantly share code, notes, and snippets.

@wrrr

wrrr/site.conf & Includes Secret

Last active Jun 26, 2017
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
CORS discussion DistinctPlace
Raw
site.conf & Includes
The main domain is where I was getting the CORS violation error calling for .ttf
and other small assets from the cdn.mydomain.com (sub-domain on same server/ip
That part works now with this setup. I cannot upload to the front end of mydomain.com
without getting a stable preflight working.
/etc/nginx/conf.d/mydomain-cdn.conf
#AUTOMATICALLY GENERATED - DO NO EDIT!
server {
listen *:443 ssl;
ssl_certificate /a1ssl/mydomain/cert.pem;
ssl_certificate_key /a1ssl/mydomain/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
server_name cdn.mydomain.com;
access_log /var/log/nginx/mydomain-cdn.access.log;
error_log /var/log/nginx/mydomain-cdn.error.log;
root /a1srv/mydomain-cdn;
index index.html index.htm index.php;
#from wrrr
include /etc/nginx.wp/restrictions.conf;
include /etc/nginx.wp/wordpress.conf;
include /etc/nginx.cors/cors.conf;
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/ajenti-v-php7.0-fcgi-mydomain-cdn-php7.0-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
________________________________________________
--
/etc/nginx.wp/restrictions.conf;
# Global restrictions configuration file.
# Designed to be included in any server {} block.</p>
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location = /xmlrpc.php {
deny all;
access_log off; #to prevent from filling up the access log file
error_log off; #to prevent from filling up the error log file
}
________________________________________________
--
/etc/nginx.wp/wordpress.conf;
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
________________________________________________
--
/etc/nginx.cors/cors.conf;
add_header "Access-Control-Allow-Origin" https://mydomain.com;
@gansbrest
Copy link

gansbrest commented Apr 28, 2017

I would get rid of cors.conf and put it into wordpress.conf

# Sitewide ( or put into specific location where you serve fonts for example )
add_header "Access-Control-Allow-Origin"  https://mydomain.com;

# http://wiki.nginx.org/HttpCoreModule
location / {
  ####### HANDLE PREFLIGHTED REQUESTS #############
  if ($request_method = OPTIONS ) {
    add_header "Access-Control-Allow-Origin" https://mydomain.com;
    add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
    add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
    return 200;
  }
  
  try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment