mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-11-14 14:11:32 +01:00
162 lines
5.2 KiB
Plaintext
162 lines
5.2 KiB
Plaintext
include /etc/nginx/conf.d/sub/cache-fastcgi.conf;
|
|
|
|
# All upstream serveur
|
|
upstream wordpress_server {
|
|
# ip_hash;
|
|
server wordpress:9000;
|
|
# server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s;
|
|
}
|
|
|
|
# Redirect all http requests to the main server wordpress_server
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
|
|
|
|
location ~ /.well-known/acme-challenge {
|
|
allow all;
|
|
root /var/www/wordpress;
|
|
}
|
|
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
# Main server wordpress_server
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
|
|
|
|
root /var/www/wordpress;
|
|
index index.php index.html index.htm;
|
|
|
|
# Keepalive for 70 seconds
|
|
keepalive_timeout 70;
|
|
|
|
# Number of requests per connection
|
|
keepalive_requests 100;
|
|
|
|
reset_timedout_connection on;
|
|
|
|
# Increase proxy buffers for large requests
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
|
|
fastcgi_buffer_size 128k;
|
|
fastcgi_buffers 256 16k;
|
|
fastcgi_busy_buffers_size 256k;
|
|
fastcgi_temp_file_write_size 256k;
|
|
|
|
# Upload limit
|
|
client_max_body_size 50m;
|
|
client_body_buffer_size 128k;
|
|
|
|
# Initialize the variable that specified to skip the cache
|
|
set $skip_cache 0;
|
|
|
|
# POST requests and url's with a query string should always skip cache
|
|
if ($request_method = POST) {
|
|
set $skip_cache 1;
|
|
}
|
|
if ($query_string != "") {
|
|
set $skip_cache 1;
|
|
}
|
|
|
|
# Don't cache url's containing the following segments
|
|
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
|
|
set $skip_cache 1;
|
|
}
|
|
|
|
# Don't use the cache for logged in users or recent commenters
|
|
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
|
|
set $skip_cache 1;
|
|
}
|
|
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/conf.d/sub/gzip.conf;
|
|
|
|
# All things related to SSL
|
|
ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
|
|
|
|
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
|
|
|
|
# Logging
|
|
access_log /var/log/nginx/wordpress.access.log;
|
|
error_log /var/log/nginx/wordpress.error.log;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.php$is_args$args;
|
|
# try_files $uri $uri/ /index.php?$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass wordpress_server;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
|
|
# Necessary to avoid 404 error when changing the wordpress path
|
|
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
|
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
|
|
fastcgi_intercept_errors on;
|
|
|
|
# Don't cache when $skip_cache is true
|
|
fastcgi_cache_bypass $skip_cache;
|
|
fastcgi_no_cache $skip_cache;
|
|
|
|
# Use the WORDPRESS zone
|
|
fastcgi_cache WORDPRESS;
|
|
}
|
|
|
|
# Don't write to accesslog for these files
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
# Media files with one of these extensions should be cached by the browser
|
|
location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Deny access to .* files
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Add cache status header for easy debugging
|
|
add_header X-cache $upstream_cache_status;
|
|
|
|
# From cat /etc/resolv.conf
|
|
resolver 8.8.8.8;
|
|
|
|
# Some parts of this file are from
|
|
# https://gist.github.com/TrafeX/6d582b6d040702088722
|
|
}
|