Skip to content

Instantly share code, notes, and snippets.

@JannieT
Created July 16, 2019 09:45
Show Gist options
  • Save JannieT/171c88171c01c6c8d17932a1027692d7 to your computer and use it in GitHub Desktop.
Save JannieT/171c88171c01c6c8d17932a1027692d7 to your computer and use it in GitHub Desktop.
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .example.com;
return 301 https://$host$request_uri;
}
# Redirect SSL to primary domain SSL...
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/example.com/449201/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/449201/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers <REDACTED>;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /home/forge/example.com;
rewrite example.com.uk$ example.com/uk/ permanent;
ssl_certificate /etc/nginx/ssl/example.com/449201/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/449201/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers <REDACTED>;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
## Wordpress single site settings
location /site1/wp-json {
rewrite ^/site1/wp-json(.*)$ /site1/?rest_route=$1;
}
location /site1/ {
try_files $uri $uri/ /site1/index.php$is_args$args;
}
## WordPress Multisite
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
set $cache_uri $request_uri;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri 'NULL';
}
if ($query_string != "") {
set $cache_uri 'NULL';
}
location /.well-known/acme-challenge {
auth_basic off;
allow all;
alias /home/forge/.letsencrypt;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ /\.(?!well-known).* {
deny all;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# BEGIN W3TC Minify cache
location ~ /wp-content/cache/minify/.*\.js$ {
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
}
location ~ /wp-content/cache/minify/.*\.css$ {
types {}
default_type text/css;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
}
location ~ /wp-content/cache/minify/.*js_gzip$ {
gzip off;
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
add_header Content-Encoding gzip;
}
location ~ /wp-content/cache/minify/.*css_gzip$ {
gzip off;
types {}
default_type text/css;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
add_header Content-Encoding gzip;
}
# END W3TC Minify cache
# BEGIN W3TC Minify core
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc _gzip;
}
if (-f $request_filename$w3tc_enc) {
rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/([a-z0-9]+/)?wp-content/cache/minify/ /index.php last;
# END W3TC Minify core
# BEGIN W3TC Page Cache core
set $w3tc_rewrite 1;
if ($request_method = POST) {
set $w3tc_rewrite 0;
}
if ($query_string != "") {
set $w3tc_rewrite 0;
}
if ($request_uri !~ \/$) {
set $w3tc_rewrite 0;
}
if ($http_cookie ~* "(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle)") {
set $w3tc_rewrite 0;
}
set $w3tc_preview "";
if ($http_cookie ~* "(w3tc_preview)") {
set $w3tc_preview _preview;
}
set $w3tc_ssl "";
if ($scheme = https) {
set $w3tc_ssl _ssl;
}
if ($http_x_forwarded_proto = 'https') {
set $w3tc_ssl _ssl;
}
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc _gzip;
}
if (!-f "$document_root/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_ssl$w3tc_preview.html$w3tc_enc") {
set $w3tc_rewrite 0;
}
if ($w3tc_rewrite = 1) {
rewrite .* "/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_ssl$w3tc_preview.html$w3tc_enc" last;
}
# END W3TC Page Cache core
# BEGIN W3TC Page Cache cache
location ~ /wp-content/cache/page_enhanced.*gzip$ {
gzip off;
types {}
default_type text/html;
add_header Content-Encoding gzip;
}
# END W3TC Page Cache cache
# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon image/webp application/json application/vnd.ms-access application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel;
location ~ \.(css|htc|less|js|js2|js3|js4)$ {
expires 31536000s;
etag on;
if_modified_since exact;
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(html|htm|rtf|rtx|svg|txt|xsd|xsl|xml)$ {
etag on;
if_modified_since exact;
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|_ttf|wav|wma|wri|woff|woff2|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
etag on;
if_modified_since exact;
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(bmp|class|doc|docx|eot|exe|ico|webp|json|mdb|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|pot|pps|ppt|pptx|svg|svgz|swf|tif|tiff|ttf|ttc|_ttf|wav|wri|woff|woff2|xla|xls|xlsx|xlt|xlw)$ {
etag off;
if_modified_since off;
try_files $uri $uri/ $uri.html /index.php?$args;
}
add_header Referrer-Policy "";
# END W3TC Browser Cache
}
@JannieT
Copy link
Author

JannieT commented Jul 18, 2019

@tarunlalwani, sadly neither of these fixed it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment