Created
December 22, 2019 23:17
-
-
Save eksiscloud/4e10cd28048634fae1c7b726565470a9 to your computer and use it in GitHub Desktop.
Apache2 virtual conf: behind Varnish, PHP-FPM, redirects needed by Wordpress (category in url), WP Rocket and EWWW
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost 127.0.0.1:81> | |
| ServerAdmin <email> | |
| ServerName example.tld | |
| ServerAlias www.example.tld | |
| DocumentRoot /var/www/html | |
| LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{User-agent}i\"" varnishcombined | |
| CustomLog ${APACHE_LOG_DIR}/access.log varnishcombined | |
| SetEnvIf X-Forwarded-Proto https HTTP=on | |
| <FilesMatch \.php$> | |
| SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/" | |
| </FilesMatch> | |
| <Directory /var/www/html/> | |
| Options -Indexes +FollowSymLinks -MultiViews | |
| AllowOverride none | |
| # ErrorDocument 404 https://www.tld/error-404-not-found.html | |
| # ErrorDocument 410 https://www.tld/error-410-gone.html | |
| Require all granted | |
| Allow from all | |
| # Block loging with empty user-agent | |
| RewriteCond %{THE_REQUEST} ^POST.*wp-login [NC] | |
| RewriteCond %{HTTP_USER_AGENT} ^$ | |
| RewriteRule .* - [F] | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| ## ActionScheduler etc. | |
| RewriteRule ^(.*)comment-page-1(.*)$ - [R=410,L] | |
| RewriteCond %{QUERY_STRING} ^ap_id=/$ | |
| </IfModule> | |
| # BEGIN EWWWIO | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{HTTP_ACCEPT} image/webp | |
| RewriteCond %{REQUEST_FILENAME} (.*)\.(jpe?g|png)$ | |
| RewriteCond %{REQUEST_FILENAME}.webp -f | |
| RewriteCond %{QUERY_STRING} !type=original | |
| RewriteRule (.+)\.(jpe?g|png)$ %{REQUEST_URI}.webp [T=image/webp,E=accept:1,L] | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| Header append Vary Accept env=REDIRECT_accept | |
| </IfModule> | |
| AddType image/webp .webp | |
| # END EWWWIO | |
| # BEGIN WordPress | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^index\.php$ - [L] | |
| RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] | |
| RewriteCond %{REQUEST_FILENAME} -f [OR] | |
| RewriteCond %{REQUEST_FILENAME} -d | |
| RewriteRule ^ - [L] | |
| RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] | |
| RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] | |
| RewriteRule . index.php [L] | |
| ## If you have Woocommerce and wc-ajax is slowing down too much | |
| #RewriteCond %{QUERY_STRING} ^wc-ajax=get_refreshed_fragments$ | |
| #RewriteRule ^(.*)$ $1 [R=204,L] | |
| </IfModule> | |
| # END WordPress | |
| <IfModule mod_deflate.c> | |
| SetOutputFilter DEFLATE | |
| <IfModule mod_setenvif.c> | |
| <IfModule mod_headers.c> | |
| SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | |
| RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | |
| # Don’t compress images and other uncompressible content | |
| SetEnvIfNoCase Request_URI \ | |
| \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary | |
| </IfModule> | |
| </IfModule> | |
| <IfModule mod_filter.c> | |
| AddOutputFilterByType DEFLATE application/atom+xml \ | |
| application/javascript \ | |
| application/json \ | |
| application/rss+xml \ | |
| application/vnd.ms-fontobject \ | |
| application/x-font-ttf \ | |
| application/xhtml+xml \ | |
| application/xml \ | |
| font/opentype \ | |
| image/svg+xml \ | |
| image/x-icon \ | |
| text/css \ | |
| text/html \ | |
| text/plain \ | |
| text/x-component \ | |
| text/xml | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| Header append Vary: Accept-Encoding | |
| </IfModule> | |
| </IfModule> | |
| # /WP ROCKET | |
| # Origin | |
| <IfModule mod_headers.c> | |
| Header always set Access-Control-Allow-Origin "*" | |
| </IfModule> | |
| # Disallow xmlrpc | |
| <Files xmlrpc.php> | |
| order deny,allow | |
| deny from all | |
| </Files> | |
| # WP ROCKET | |
| AddDefaultCharset UTF-8 | |
| FileETag None | |
| <IfModule mod_mime.c> | |
| # DEFAULTS | |
| DefaultLanguage fi | |
| AddLanguage fi_FI .html .css .js | |
| AddCharset utf-8 .html .css .js .xml .json .rss .atom .vtt | |
| # JAVASCRIPT | |
| AddType application/javascript js jsonp | |
| AddType application/json json | |
| # FONTS | |
| AddType font/opentype otf | |
| AddType application/font-woff woff | |
| AddType application/x-font-woff woff | |
| AddType application/vnd.ms-fontobject eot | |
| AddType application/x-font-ttf ttc ttf | |
| AddType image/svg+xml svg svgz | |
| AddEncoding gzip svgz | |
| # AUDIO | |
| AddType audio/mp4 m4a f4a f4b | |
| AddType audio/ogg oga ogg | |
| # VIDEO | |
| AddType video/mp4 mp4 m4v f4v f4p | |
| AddType video/ogg ogv | |
| AddType video/webm webm | |
| AddType video/x-flv flv | |
| # OTHERS | |
| AddType application/octet-stream safariextz | |
| AddType application/x-chrome-extension crx | |
| AddType application/x-opera-extension oex | |
| AddType application/x-shockwave-flash swf | |
| AddType application/x-web-app-manifest+json webapp | |
| AddType application/x-xpinstall xpi | |
| AddType application/xml atom rdf rss xml | |
| AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx | |
| AddType text/cache-manifest appcache manifest | |
| AddType text/vtt vtt | |
| AddType text/x-component htc | |
| AddType text/x-vcard vcf | |
| AddType image/webp webp | |
| AddType image/x-icon ico | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| Header unset ETag | |
| </IfModule> | |
| <IfModule mod_expires.c> | |
| ExpiresActive on | |
| # Perhaps better to whitelist expires rules? Perhaps. | |
| ExpiresDefault "access plus 1 month" | |
| # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5) | |
| ExpiresByType text/cache-manifest "access plus 0 seconds" | |
| # Your document html | |
| ExpiresByType text/html "access plus 1 week" | |
| # Data | |
| ExpiresByType text/xml "access plus 1 week" | |
| ExpiresByType application/xml "access plus 1 week" | |
| ExpiresByType application/json "access plus 1 week" | |
| # Feed | |
| ExpiresByType application/rss+xml "access plus 1 hour" | |
| ExpiresByType application/atom+xml "access plus 1 hour" | |
| # Favicon (cannot be renamed) | |
| ExpiresByType image/x-icon "access plus 1 month" | |
| # Media: images, video, audio | |
| ExpiresByType image/gif "access plus 1 year" | |
| ExpiresByType image/png "access plus 1 year" | |
| ExpiresByType image/jpeg "access plus 1 year" | |
| ExpiresByType image/webp "access plus 1 year" | |
| ExpiresByType video/ogg "access plus 1 year" | |
| ExpiresByType audio/ogg "access plus 1 year" | |
| ExpiresByType video/mp4 "access plus 1 year" | |
| ExpiresByType video/webm "access plus 1 year" | |
| # HTC files (css3pie) | |
| ExpiresByType text/x-component "access plus 1 month" | |
| # Webfonts | |
| ExpiresByType font/ttf "access plus 4 months" | |
| ExpiresByType font/otf "access plus 4 months" | |
| ExpiresByType font/woff "access plus 4 months" | |
| ExpiresByType font/woff2 "access plus 4 months" | |
| ExpiresByType image/svg+xml "access plus 1 month" | |
| ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
| # CSS and JavaScript | |
| ExpiresByType text/css "access plus 1 year" | |
| ExpiresByType application/javascript "access plus 1 year" | |
| </IfModule> | |
| # /WP ROCKET | |
| </Directory> | |
| <Directory /var/www/html/wp-content/uploads/> | |
| # faster and safer uploads | |
| RemoveHandler .ini .sh .bsh .bash .awk .nawk .gawk .csh .var .c .in .h .asc .md5 .sha .sha1 .cgi .pl .php .inc .asp .exe .bin .py .pl .phtml | |
| RemoveHandler .out .output .overlay .p12 .p5c .pam .pas .patch .phps .php5 .php4 .php3 .pbxproj .pdb .pdf .pem .perl .phar .php .php_cs .phpize .phpt .pingpong .pipelining .pk | |
| <FilesMatch "\.(ini|sh|bsh|bash|awk|nawk|gawk|csh|var|c|in|h|asc|md5|sha|sha1|cgi|pl|php|php*|py|inc|asp|exe|bin|list|py|rb|phtml|tag|info|txt)$"> | |
| ForceType text/plain | |
| </FilesMatch> | |
| </Directory> | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Working copy @ https://www.katiska.info (don't bother if you can't finnish)