Last active
April 1, 2022 13:46
-
-
Save bjornjohansen/95192922525e975779b501addab49a28 to your computer and use it in GitHub Desktop.
Nginx config for WordPress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index index.php index.html; | |
| # Don’t log favicon requests | |
| location /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| # Disallow access to readme.html | |
| location /readme.html { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Disallow access to XML-RPC | |
| location ~ xmlrpc\.php { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Allow access to the ACME Challenge (Let’s encrypt) | |
| location ~ /\.well-known\/acme-challenge { | |
| allow all; | |
| auth_basic off; | |
| } | |
| # Disallow access to all other dotfiles | |
| location ~ /\. { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Deny access to any files with a .php extension in the uploads directory | |
| location ~* /uploads/.*\.php$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| if (!-e $request_filename) { | |
| # Add trailing slash to */wp-admin requests. | |
| rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
| # WordPress is in a subdir | |
| rewrite (/wp-.*) /wp$1 last; | |
| rewrite (/.*\.php)$ /wp$1 last; | |
| # WordPress is in docroot | |
| #rewrite (/wp-.*) /$1 last; | |
| #rewrite (/.*\.php)$ /$1 last; | |
| # Yoast SEO Sitemap | |
| rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last; | |
| rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; | |
| } | |
| # Directives to send expires headers and turn off 404 error logging. | |
| location ~* \.(png|jpg|jpeg|gif|ico|woff|otf|ttf|eot)$ { | |
| expires max; | |
| log_not_found off; | |
| add_header Pragma public; | |
| add_header Cache-Control "public"; | |
| add_header Vary "Accept-Encoding"; | |
| } | |
| # Directives to send expires headers and turn off 404 error logging. | |
| location ~* \.(js|css|svg)$ { | |
| expires max; | |
| log_not_found off; | |
| add_header Pragma public; | |
| add_header Cache-Control "public"; | |
| } | |
| location / { | |
| # WordPress is in a subdir | |
| try_files $uri $uri/ /wp/index.php?$args; | |
| # WordPress is in docroot | |
| #try_files $uri $uri/ /index.php?$args; | |
| } | |
| location ~ \.php$ { | |
| # WordPress is in a subdir | |
| try_files $uri /wp/index.php; | |
| # WordPress is in docroot | |
| #try_files $uri /index.php; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| include fastcgi_params; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; | |
| fastcgi_read_timeout 3600s; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_buffers 4 128k; | |
| add_header X-XSS-Protection "1; mode=block" always; | |
| add_header X-Content-Type-Options "nosniff" always; | |
| add_header X-Frame-Options "SAMEORIGIN" always; | |
| add_header X-Node $hostname; | |
| if ($scheme = 'https') { | |
| add_header Strict-Transport-Security "max-age=31536000; preload" always; | |
| add_header X-XSS-Protection "1; mode=block" always; | |
| add_header X-Content-Type-Options "nosniff" always; | |
| add_header X-Frame-Options "SAMEORIGIN" always; | |
| add_header X-Node $hostname; | |
| } | |
| fastcgi_pass unix:/run/php/php7.2-fpm.sock; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank's for this. You save my day.