Created
April 1, 2012 09:36
-
-
Save evansolomon/2274120 to your computer and use it in GitHub Desktop.
nginx WordPress multisite config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80 default_server; | |
server_name domain.com *.domain.com; | |
root /srv/www/domain.com/public; | |
access_log /srv/www/domain.com/log/access.log; | |
error_log /srv/www/domain.com/log/error.log; | |
location / { | |
index index.php; | |
try_files $uri $uri/ /index.php?$args; | |
} | |
# Add trailing slash to */wp-admin requests. | |
rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
# Directives to send expires headers and turn off 404 error logging. | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | |
expires 24h; | |
log_not_found off; | |
} | |
# this prevents hidden files (beginning with a period) from being served | |
location ~ /\. { access_log off; log_not_found off; deny all; } | |
# Pass uploaded files to wp-includes/ms-files.php. | |
rewrite /files/$ /index.php last; | |
if ($uri !~ wp-content/plugins) { | |
rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last; | |
} | |
# Rewrite multisite '.../wp-.*' and '.../*.php'. | |
if (!-e $request_filename) { | |
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last; | |
rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last; | |
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last; | |
} | |
location ~ \.php$ { | |
client_max_body_size 25M; | |
try_files $uri =404; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_index index.php; | |
include /etc/nginx/fastcgi_params; | |
} | |
} |
Line 34-38 were the biggest livesaver 👍
this is not help me :(
what i m missing ?
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
Rewrite multisite
if (!-e $request_filename) {
rewrite ^/[_0-9a-zA-Z-]+(/wp-._) $1 last;
rewrite ^/[_0-9a-zA-Z-]+._(/wp-admin/._.php)$ $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/._.php)$ $1 last;
}
server_name 167.114.17.67;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
}
Possible HTTP-Splitting vulnerability.
Using variables that can contain "\n" may lead to http injection. At least variable "$uri" can contain "\n"
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
Thanks a lot!
One thing though, the HTTP 404
error pages probably needed to be forwarded to WordPress, in case someone had a {..}.php
in their permalink structure or has dynamic routes, they'll always be served basic nginx 404 pages, which do not load the website. To do so:
error_page 403 404 =200 /error.html;
location = /error.html { try_files $uri $uri/ /index.php?$args; }
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yea - thanks Evan, this is awesome.
The whole index.php?$args thing was a lifesaver