Skip to content

Instantly share code, notes, and snippets.

@mdimai666

mdimai666/wordpress.nginx.conf

Created May 21, 2020 14:38
Show Gist options
  • Save mdimai666/c70abe8348df335216e6de5576997e4f to your computer and use it in GitHub Desktop.
Save mdimai666/c70abe8348df335216e6de5576997e4f to your computer and use it in GitHub Desktop.
Download ZIP
NGINX configuration for wordpress
Raw
wordpress.nginx.conf
server {
#listen 80;
set $root_path '/var/www/wordpress/';
root $root_path;
index index.php; # index defined to be served under directory
server_name _;
include d_ssl;
error_log /var/log/nginx/example.com-error.log;
access_log /var/log/nginx/example.com-access.log;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location ~* \.(gif|jpg|jpeg|png|ico|bmp|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|woff|woff2|exe|eot|svg|ttf)$ {
root $root_path;
expires 14d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
# Common deny or internal locations, to help prevent access to areas of
# the site that should not be public
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
location /wp-content/ { internal; }
location /wp-includes/ { internal; }
# The next line protects the wp-config.php file from being accessed, but
# we need to be able to run the file for the initial site setup. Uncomment
# the next line after setup is completed and reload Nginx.
location ~* wp-config.php { deny all; }
# Prevent any potentially-executable files in the uploads directory from
# being executed by forcing their MIME type to text/plain
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
types { }
default_type text/plain;
}
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 3600;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 5m;
}
}
ALSO file /etc/nginx/nginx.conf
##
# Fastcgi Params
##
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
ALSO file /etc/nginx/d_ssl; snipped
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/lego/certificates/example.com.crt;
ssl_certificate_key /etc/lego/certificates/example..com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;
#https://websiteforstudents.com/install-wordpress-on-ubuntu-18-04-lts-bata-with-nginx-mariadb-and-php-fpm/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment