mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-12-22 00:34:26 +01:00
Add files
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
parent
d61c8ccb89
commit
20d8f9efb7
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.env
|
80
Makefile
Normal file
80
Makefile
Normal file
@ -0,0 +1,80 @@
|
||||
#//////////////////////////////////////////////////////////////
|
||||
#// ____ //
|
||||
#// | __ ) ___ _ __ ___ _ _ _ __ ___ _ __ _ __ ___ //
|
||||
#// | _ \ / _ \ '_ \/ __| | | | '_ \ / _ \ '__| '_ \ / __| //
|
||||
#// | |_) | __/ | | \__ \ |_| | |_) | __/ | | |_) | (__ //
|
||||
#// |____/ \___|_| |_|___/\__,_| .__/ \___|_| | .__/ \___| //
|
||||
#// |_| |_| //
|
||||
#//////////////////////////////////////////////////////////////
|
||||
#// //
|
||||
#// Script, 2022 //
|
||||
#// Created: 14, April, 2022 //
|
||||
#// Modified: 19, June, 2022 //
|
||||
#// file: - //
|
||||
#// - //
|
||||
#// Source: //
|
||||
#// OS: ALL //
|
||||
#// CPU: ALL //
|
||||
#// //
|
||||
#//////////////////////////////////////////////////////////////
|
||||
|
||||
DOCKER := docker
|
||||
|
||||
PROFILE := db wordpress webserver certbot phpmyadmin flask
|
||||
PROFILE_CMD := $(addprefix --profile ,$(PROFILE))
|
||||
|
||||
COMPOSE_FILE := docker-compose.yml
|
||||
|
||||
AUTHOR := bensuperpc
|
||||
|
||||
IMAGE_NAME := wordpress:6.1.1-php8.1-fpm mariadb:10.10.2 nginx:1.23 certbot/certbot:v1.32.0 phpmyadmin:5.2.0
|
||||
|
||||
#IMAGE_AUTHOR := $(addprefix itzg/, $(IMAGE_NAME))
|
||||
|
||||
#IMAGE_FULL_NAME := $(addsuffix :latest, $(IMAGE_AUTHOR))
|
||||
|
||||
.PHONY: build all
|
||||
all: start
|
||||
|
||||
.PHONY: build
|
||||
build:
|
||||
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) build
|
||||
|
||||
.PHONY: start
|
||||
start:
|
||||
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) up -d
|
||||
|
||||
start-at:
|
||||
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) up
|
||||
|
||||
.PHONY: stop
|
||||
stop: down
|
||||
|
||||
.PHONY: down
|
||||
down:
|
||||
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) down
|
||||
|
||||
.PHONY: restart
|
||||
restart: stop start
|
||||
|
||||
.PHONY: logs
|
||||
logs:
|
||||
docker-compose -f $(COMPOSE_FILE) logs
|
||||
|
||||
.PHONY: state
|
||||
state:
|
||||
docker-compose -f $(COMPOSE_FILE) ps
|
||||
docker-compose -f $(COMPOSE_FILE) top
|
||||
|
||||
.PHONY: update
|
||||
update:
|
||||
git pull --recurse-submodules --all --progress
|
||||
echo $(IMAGE_NAME) | xargs -n1 docker pull
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
$(DOCKER) images --filter=reference='bensuperpc/*' --format='{{.Repository}}:{{.Tag}}' | xargs -r $(DOCKER) rmi -f
|
||||
|
||||
.PHONY: purge
|
||||
purge:
|
||||
docker-compose -f $(COMPOSE_FILE) $(PROFILE_CMD) down -v --rmi all
|
80
README.md
Normal file
80
README.md
Normal file
@ -0,0 +1,80 @@
|
||||
# wordpress
|
||||
|
||||
_My wordpress test_
|
||||
|
||||
## About
|
||||
|
||||
This is my test wordpress project.
|
||||
Many configuration files are from [DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose).
|
||||
|
||||
## Features
|
||||
|
||||
- [x] Certbot
|
||||
- [x] Nginx
|
||||
- [x] Wordpress
|
||||
- [x] Docker
|
||||
- [ ] RSS integration
|
||||
|
||||
## Screenshots
|
||||
|
||||
## Installation
|
||||
|
||||
### Requirements
|
||||
|
||||
- [Docker](https://docs.docker.com/install/)
|
||||
- [Docker Compose](https://docs.docker.com/compose/install/)
|
||||
|
||||
### Clone and config
|
||||
|
||||
Clone this repository to your local machine using:
|
||||
|
||||
```sh
|
||||
git clone --recurse-submodules --remote-submodules https://github.com/bensuperpc/wordpress.git
|
||||
```
|
||||
|
||||
Go to the folder
|
||||
|
||||
```sh
|
||||
cd wordpress
|
||||
```
|
||||
|
||||
### Run with docker
|
||||
|
||||
Start the website with:
|
||||
|
||||
```sh
|
||||
make start
|
||||
```
|
||||
|
||||
And go to: [https://127.0.0.1:80/](https://127.0.0.1:80/) or [https://localhost:80/](https://localhost:80/)
|
||||
|
||||
Access to the pgadmin with: [https://127.0.0.1:5050/](https://127.0.0.1:5050/) or [https://localhost:5050/](https://localhost:5050/)
|
||||
|
||||
Stop the website with:
|
||||
|
||||
```sh
|
||||
make stop
|
||||
```
|
||||
|
||||
Get the logs with:
|
||||
|
||||
```sh
|
||||
make logs
|
||||
```
|
||||
|
||||
## Build with
|
||||
|
||||
- [Wordpress](https://wordpress.org/)
|
||||
- [Gnu Make](https://www.gnu.org/software/make/)
|
||||
- [Github API](https://docs.github.com/en/rest)
|
||||
- [Github Actions](https://docs.github.com/en/actions)
|
||||
- [Docker](https://www.docker.com/)
|
||||
- [Docker Compose](https://docs.docker.com/compose/)
|
||||
- [Docker Hub](https://hub.docker.com/)
|
||||
- [Digital Ocean](https://www.digitalocean.com/)
|
||||
- [Digital Ocean - How To Install WordPress with Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
|
||||
- [PGAmin](https://www.pgadmin.org/)
|
||||
|
||||
## License
|
||||
|
||||
[License](LICENSE)
|
101
docker-compose.yml
Normal file
101
docker-compose.yml
Normal file
@ -0,0 +1,101 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb:10.10.2
|
||||
container_name: db
|
||||
profiles:
|
||||
- db
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
volumes:
|
||||
- dbdata:/var/lib/mysql
|
||||
networks:
|
||||
- app-network
|
||||
|
||||
wordpress:
|
||||
depends_on:
|
||||
- db
|
||||
image: wordpress:6.1.1-php8.1-fpm
|
||||
container_name: wordpress
|
||||
profiles:
|
||||
- wordpress
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
environment:
|
||||
- WORDPRESS_DB_HOST=db:3306
|
||||
- WORDPRESS_DB_USER=$MARIADB_USER
|
||||
- WORDPRESS_DB_PASSWORD=$MARIADB_PASSWORD
|
||||
- WORDPRESS_DB_NAME=$MARIADB_DATABASE
|
||||
volumes:
|
||||
- wordpress:/var/www/html
|
||||
networks:
|
||||
- app-network
|
||||
|
||||
flask_website:
|
||||
build:
|
||||
context: ./flask
|
||||
dockerfile: Dockerfile
|
||||
container_name: flask_website
|
||||
profiles:
|
||||
- flask
|
||||
volumes:
|
||||
- ./flask:/app:rw
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- app-network
|
||||
webserver:
|
||||
depends_on:
|
||||
- wordpress
|
||||
image: nginx:1.23
|
||||
container_name: webserver
|
||||
profiles:
|
||||
- webserver
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- wordpress:/var/www/html
|
||||
- ./nginx-conf:/etc/nginx/conf.d
|
||||
- certbot-etc:/etc/letsencrypt:ro
|
||||
networks:
|
||||
- app-network
|
||||
|
||||
certbot:
|
||||
depends_on:
|
||||
- webserver
|
||||
image: certbot/certbot:v1.32.0
|
||||
container_name: certbot
|
||||
profiles:
|
||||
- certbot
|
||||
volumes:
|
||||
- certbot-etc:/etc/letsencrypt
|
||||
- wordpress:/var/www/html
|
||||
#command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org
|
||||
#command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org
|
||||
command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
|
||||
phpmyadmin:
|
||||
image: phpmyadmin:5.2.0
|
||||
container_name: phpmyadmin
|
||||
profiles:
|
||||
- phpmyadmin
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
|
||||
- MYSQL_USER=$MARIADB_USER
|
||||
- MYSQL_PASSWORD=$MARIADB_PASSWORD
|
||||
- PMA_HOST=db
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- app-network
|
||||
volumes:
|
||||
certbot-etc: {}
|
||||
wordpress: {}
|
||||
dbdata: {}
|
||||
|
||||
networks:
|
||||
app-network:
|
||||
driver: bridge
|
12
flask/Dockerfile
Normal file
12
flask/Dockerfile
Normal file
@ -0,0 +1,12 @@
|
||||
ARG DOCKER_IMAGE=python:3.11-buster
|
||||
FROM $DOCKER_IMAGE
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY requirements.txt requirements.txt
|
||||
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
EXPOSE 5000
|
||||
|
||||
CMD ["uwsgi", "app.ini"]
|
BIN
flask/__pycache__/website.cpython-311.pyc
Normal file
BIN
flask/__pycache__/website.cpython-311.pyc
Normal file
Binary file not shown.
20
flask/app.ini
Normal file
20
flask/app.ini
Normal file
@ -0,0 +1,20 @@
|
||||
[uwsgi]
|
||||
plugins = python
|
||||
|
||||
wsgi-file = wsgi.py
|
||||
callable = app
|
||||
# Or: module = wsgi:app
|
||||
|
||||
socket = :8080
|
||||
# Or: socket = flask_server.sock
|
||||
chmod-socket = 660
|
||||
|
||||
processes = 8
|
||||
threads = 2
|
||||
master = true
|
||||
|
||||
vacuum = true
|
||||
die-on-term = true
|
||||
# enable-threads = true #enable threads support
|
||||
|
||||
env = LANG=en_US.UTF-8
|
12
flask/requirements.txt
Normal file
12
flask/requirements.txt
Normal file
@ -0,0 +1,12 @@
|
||||
requests
|
||||
|
||||
flask
|
||||
flask-babel
|
||||
flask-login
|
||||
flask-sqlalchemy
|
||||
flask-assets
|
||||
flask-wtf
|
||||
flask-mail
|
||||
|
||||
|
||||
uwsgi
|
9
flask/website.py
Normal file
9
flask/website.py
Normal file
@ -0,0 +1,9 @@
|
||||
from flask import Flask
|
||||
app = Flask(__name__)
|
||||
|
||||
@app.route("/")
|
||||
def hello():
|
||||
return "<h1 style='color:blue'>Hello There!</h1>"
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(host='0.0.0.0')
|
4
flask/wsgi.py
Normal file
4
flask/wsgi.py
Normal file
@ -0,0 +1,4 @@
|
||||
from website import app
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(host="0.0.0.0")
|
44
nginx-conf-old/default.conf.old
Normal file
44
nginx-conf-old/default.conf.old
Normal file
@ -0,0 +1,44 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name bensuperpc.org www.bensuperpc.org;
|
||||
|
||||
index index.php index.html index.htm;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass wordpress:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off; access_log off;
|
||||
}
|
||||
location = /robots.txt {
|
||||
log_not_found off; access_log off; allow all;
|
||||
}
|
||||
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
39
nginx-conf/flask_wsgi.conf
Normal file
39
nginx-conf/flask_wsgi.conf
Normal file
@ -0,0 +1,39 @@
|
||||
include /etc/nginx/conf.d/sub/cache-uwsgi.conf;
|
||||
|
||||
upstream flask_server {
|
||||
# ip_hash;
|
||||
server flask_website:8080;
|
||||
# server flask_website:8080 weight=1 max_fails=3 fail_timeout=30s;
|
||||
|
||||
# Or: server unix:/app/flask_server.sock;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
#listen 443;
|
||||
#listen [::]:443;
|
||||
|
||||
server_name flask.bensuperpc.org www.flask.bensuperpc.org;
|
||||
|
||||
include /etc/nginx/conf.d/sub/gzip.conf;
|
||||
|
||||
location / { try_files $uri @flask_app; }
|
||||
|
||||
location @flask_app {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass flask_server;
|
||||
|
||||
uwsgi_cache UWSGI;
|
||||
uwsgi_cache_valid 200 302 10m;
|
||||
uwsgi_cache_valid 301 1h;
|
||||
uwsgi_cache_valid any 1m;
|
||||
uwsgi_cache_lock on;
|
||||
|
||||
#uwsgi_ignore_headers Vary;
|
||||
#uwsgi_hide_header Vary;
|
||||
|
||||
add_header X-cache $upstream_cache_status;
|
||||
}
|
||||
}
|
43
nginx-conf/phpmyadmin.conf
Normal file
43
nginx-conf/phpmyadmin.conf
Normal file
@ -0,0 +1,43 @@
|
||||
include /etc/nginx/conf.d/sub/cache-proxy.conf;
|
||||
|
||||
upstream phpmyadmin_server {
|
||||
# ip_hash;
|
||||
server phpmyadmin:80;
|
||||
# server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s;
|
||||
}
|
||||
|
||||
# PHPmyadmin
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
#listen 443;
|
||||
#listen [::]:443;
|
||||
|
||||
server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
|
||||
|
||||
include /etc/nginx/conf.d/sub/gzip.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://phpmyadmin_server;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_cache PROXY;
|
||||
proxy_cache_valid 200 302 10m;
|
||||
proxy_cache_valid 301 1h;
|
||||
proxy_cache_valid any 1m;
|
||||
proxy_cache_lock on;
|
||||
|
||||
proxy_ignore_headers Vary;
|
||||
proxy_hide_header Vary;
|
||||
|
||||
add_header X-cache $upstream_cache_status;
|
||||
}
|
||||
|
||||
# resolver 8.8.8.8;
|
||||
}
|
23
nginx-conf/sub/cache-fastcgi.conf
Normal file
23
nginx-conf/sub/cache-fastcgi.conf
Normal file
@ -0,0 +1,23 @@
|
||||
# The path to store the cache files, limit the folder to 100MB
|
||||
fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off;
|
||||
|
||||
# A unique request is defined by this cache key
|
||||
fastcgi_cache_key "$scheme$request_method$host$request_uri";
|
||||
|
||||
# Show the cached version if upstream gives a timeout or a HTTP 500 error
|
||||
fastcgi_cache_use_stale error timeout invalid_header http_500;
|
||||
|
||||
# Revalidate items in the cache if they are update
|
||||
fastcgi_cache_revalidate on;
|
||||
|
||||
# Minimum time to store an item in the cache
|
||||
fastcgi_cache_min_uses 3;
|
||||
|
||||
# Cache everything for 1 day
|
||||
fastcgi_cache_valid 1d;
|
||||
|
||||
# Don't use the following headers to define the cache variables
|
||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||
|
||||
# Some parts of this file are from
|
||||
# https://gist.github.com/TrafeX/6d582b6d040702088722
|
20
nginx-conf/sub/cache-proxy.conf
Normal file
20
nginx-conf/sub/cache-proxy.conf
Normal file
@ -0,0 +1,20 @@
|
||||
# The path to store the cache files, limit the folder to 100MB
|
||||
proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off;
|
||||
|
||||
# A unique request is defined by this cache key
|
||||
proxy_cache_key "$scheme$request_method$host$request_uri";
|
||||
|
||||
# Show the cached version if upstream gives a timeout or a HTTP 500 error
|
||||
proxy_cache_use_stale error timeout invalid_header http_500;
|
||||
|
||||
# Revalidate items in the cache if they are update
|
||||
proxy_cache_revalidate on;
|
||||
|
||||
# Minimum time to store an item in the cache
|
||||
proxy_cache_min_uses 3;
|
||||
|
||||
# Cache everything for 1 day
|
||||
proxy_cache_valid 1d;
|
||||
|
||||
# Don't use the following headers to define the cache variables
|
||||
proxy_ignore_headers Cache-Control Expires Set-Cookie;
|
20
nginx-conf/sub/cache-uwsgi.conf
Normal file
20
nginx-conf/sub/cache-uwsgi.conf
Normal file
@ -0,0 +1,20 @@
|
||||
# The path to store the cache files, limit the folder to 100MB
|
||||
uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off;
|
||||
|
||||
# A unique request is defined by this cache key
|
||||
uwsgi_cache_key "$scheme$request_method$host$request_uri";
|
||||
|
||||
# Show the cached version if upstream gives a timeout or a HTTP 500 error
|
||||
uwsgi_cache_use_stale error timeout invalid_header http_500;
|
||||
|
||||
# Revalidate items in the cache if they are update
|
||||
uwsgi_cache_revalidate on;
|
||||
|
||||
# Minimum time to store an item in the cache
|
||||
uwsgi_cache_min_uses 3;
|
||||
|
||||
# Cache everything for 1 day
|
||||
uwsgi_cache_valid 1d;
|
||||
|
||||
# Don't use the following headers to define the cache variables
|
||||
uwsgi_ignore_headers Cache-Control Expires Set-Cookie;
|
13
nginx-conf/sub/gzip.conf
Normal file
13
nginx-conf/sub/gzip.conf
Normal file
@ -0,0 +1,13 @@
|
||||
# Compression config
|
||||
gzip on;
|
||||
gunzip on;
|
||||
|
||||
gzip_static on;
|
||||
gzip_min_length 1000;
|
||||
gzip_buffers 4 32k;
|
||||
# gzip_http_version 1.1;
|
||||
gzip_proxied any;
|
||||
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 6;
|
||||
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
|
13
nginx-conf/sub/options-ssl-nginx.conf
Normal file
13
nginx-conf/sub/options-ssl-nginx.conf
Normal file
@ -0,0 +1,13 @@
|
||||
# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6
|
||||
|
||||
ssl_session_cache shared:le_nginx_SSL:10m;
|
||||
ssl_session_timeout 1440m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
16
nginx-conf/test.conf
Normal file
16
nginx-conf/test.conf
Normal file
@ -0,0 +1,16 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
#listen 443;
|
||||
#listen [::]:443;
|
||||
server_name test.bensuperpc.org www.test.bensuperpc.org;
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://www.bensuperpc.org$request_uri;
|
||||
}
|
||||
}
|
157
nginx-conf/wordpress.conf
Normal file
157
nginx-conf/wordpress.conf
Normal file
@ -0,0 +1,157 @@
|
||||
include /etc/nginx/conf.d/sub/cache-fastcgi.conf;
|
||||
|
||||
# All upstream serveur
|
||||
upstream wordpress_server {
|
||||
# ip_hash;
|
||||
server wordpress:9000;
|
||||
# server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s;
|
||||
}
|
||||
|
||||
# Redirect all http requests to the main server wordpress_server
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name bensuperpc.org www.bensuperpc.org;
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Main server wordpress_server
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name bensuperpc.org www.bensuperpc.org;
|
||||
|
||||
root /var/www/html;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
# Keepalive for 70 seconds
|
||||
keepalive_timeout 70;
|
||||
|
||||
# Number of requests per connection
|
||||
keepalive_requests 100;
|
||||
|
||||
reset_timedout_connection on;
|
||||
|
||||
# Increase proxy buffers for large requests
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
|
||||
fastcgi_buffer_size 128k;
|
||||
fastcgi_buffers 256 16k;
|
||||
fastcgi_busy_buffers_size 256k;
|
||||
fastcgi_temp_file_write_size 256k;
|
||||
|
||||
# Upload limit
|
||||
client_max_body_size 50m;
|
||||
client_body_buffer_size 128k;
|
||||
|
||||
# Initialize the variable that specified to skip the cache
|
||||
set $skip_cache 0;
|
||||
|
||||
# POST requests and url's with a query string should always skip cache
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
|
||||
# Don't cache url's containing the following segments
|
||||
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
|
||||
# Don't use the cache for logged in users or recent commenters
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/conf.d/sub/gzip.conf;
|
||||
|
||||
# All things related to SSL
|
||||
ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem;
|
||||
|
||||
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/wordpress.access.log;
|
||||
error_log /var/log/nginx/wordpress.error.log;
|
||||
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
# try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass wordpress_server;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
|
||||
# Don't cache when $skip_cache is true
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
|
||||
# Use the WORDPRESS zone
|
||||
fastcgi_cache WORDPRESS;
|
||||
}
|
||||
|
||||
# Don't write to accesslog for these files
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Media files with one of these extensions should be cached by the browser
|
||||
location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# Deny access to .* files
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# Add cache status header for easy debugging
|
||||
add_header X-cache $upstream_cache_status;
|
||||
|
||||
# From cat /etc/resolv.conf
|
||||
resolver 8.8.8.8;
|
||||
|
||||
# Some parts of this file are from
|
||||
# https://gist.github.com/TrafeX/6d582b6d040702088722
|
||||
}
|
Loading…
Reference in New Issue
Block a user