Created
April 1, 2012 09:36
-
-
Save evansolomon/2274120 to your computer and use it in GitHub Desktop.
nginx WordPress multisite config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80 default_server; | |
| server_name domain.com *.domain.com; | |
| root /srv/www/domain.com/public; | |
| access_log /srv/www/domain.com/log/access.log; | |
| error_log /srv/www/domain.com/log/error.log; | |
| location / { | |
| index index.php; | |
| try_files $uri $uri/ /index.php?$args; | |
| } | |
| # Add trailing slash to */wp-admin requests. | |
| rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
| # Directives to send expires headers and turn off 404 error logging. | |
| location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | |
| expires 24h; | |
| log_not_found off; | |
| } | |
| # this prevents hidden files (beginning with a period) from being served | |
| location ~ /\. { access_log off; log_not_found off; deny all; } | |
| # Pass uploaded files to wp-includes/ms-files.php. | |
| rewrite /files/$ /index.php last; | |
| if ($uri !~ wp-content/plugins) { | |
| rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last; | |
| } | |
| # Rewrite multisite '.../wp-.*' and '.../*.php'. | |
| if (!-e $request_filename) { | |
| rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last; | |
| rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last; | |
| rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last; | |
| } | |
| location ~ \.php$ { | |
| client_max_body_size 25M; | |
| try_files $uri =404; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| include /etc/nginx/fastcgi_params; | |
| } | |
| } |
Thanks a lot!
One thing though, the HTTP 404 error pages probably needed to be forwarded to WordPress, in case someone had a {..}.php in their permalink structure or has dynamic routes, they'll always be served basic nginx 404 pages, which do not load the website. To do so:
error_page 403 404 =200 /error.html;
location = /error.html { try_files $uri $uri/ /index.php?$args; }
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Possible HTTP-Splitting vulnerability.
Using variables that can contain "\n" may lead to http injection. At least variable "$uri" can contain "\n"
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md