Created
February 26, 2015 21:38
-
-
Save tomazzaman/c6cc8564f2266c438cd7 to your computer and use it in GitHub Desktop.
Codeable.io Nginx config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| include /home/webmaster/www/codeable.io.conf; | |
| server_name codeable.io; | |
| listen 443 ssl spdy default_server; | |
| root /home/webmaster/www/codeable.io; | |
| index index.php index.html; | |
| error_log /var/log/nginx/codeable.io.error.log warn; | |
| ################################################################################################### | |
| # SSL configuration | |
| # | |
| ssl_certificate /home/webmaster/certs/codeable.io.crt; | |
| ssl_certificate_key /home/webmaster/certs/codeable.io.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 24h; | |
| ################################################################################################### | |
| # Spdy configuration | |
| # | |
| spdy_keepalive_timeout 300; | |
| spdy_headers_comp 6; | |
| add_header Alternate-Protocol 443:npn-spdy/3; | |
| add_header Strict-Transport-Security max-age=31536000; | |
| ssl_dhparam /home/webmaster/certs/dhparam.pem; | |
| ################################################################################################### | |
| # SSL stapling config (checking cert validity) | |
| # | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| ssl_trusted_certificate /home/webmaster/certs/rapidssl.pem; | |
| resolver 8.8.8.8 8.8.4.4; | |
| set $rocket_debug 0; # Add debug information into header | |
| ################################################################################################### | |
| # Do not alter theses values | |
| # | |
| set $rocket_bypass 1; # Should NGINX bypass WordPress and call cache file directly ? | |
| set $rocket_encryption ""; # Is GZIP accepted by client ? | |
| set $rocket_file ""; # Filename to use | |
| set $rocket_is_bypassed "No"; # Header text added to check if the bypass worked or not. Header: X-Rocket-Nginx-Bypass | |
| set $rocket_reason ""; # Reason why cache file was not used. If cache file is used, what file was used | |
| ################################################################################################### | |
| # GZIP | |
| # | |
| gzip on; | |
| gzip_buffers 16 8k; | |
| gzip_comp_level 9; | |
| gzip_http_version 1.0; | |
| gzip_min_length 0; | |
| gzip_types text/plain text/css image/x-icon image/svg+xml image/png image/jpg image/jpeg text/js text/php application/javascript application/x-javascript; | |
| gzip_vary on; | |
| gzip_proxied expired no-cache no-store private auth; | |
| gzip_disable "MSIE [1-6]\."; | |
| ################################################################################################### | |
| # PAGE CACHE | |
| # | |
| # Is GZIP accepted by client ? | |
| if ($http_accept_encoding ~ gzip) { | |
| set $rocket_encryption _gzip; | |
| } | |
| # File/URL to return IF we must bypass WordPress | |
| set $rocket_url "/assets/cache/wp-rocket/$http_host/$request_uri/index.html$rocket_encryption"; | |
| set $rocket_file "$document_root$rocket_url"; | |
| # Do not bypass if it's a POST request | |
| if ($request_method = POST) { | |
| set $rocket_bypass 0; | |
| set $rocket_reason "POST request"; | |
| } | |
| # Do not bypass if arguments are found (e.g. ?page=2) | |
| if ($args != "") { | |
| set $rocket_bypass 0; | |
| set $rocket_reason "Arguments found"; | |
| } | |
| # Do not bypass if the site is in maintenance mode | |
| if (-f "$document_root/.maintenance") { | |
| set $rocket_bypass 0; | |
| set $rocket_reason "Maintenance mode"; | |
| } | |
| # Do not bypass if one of those cookie if found | |
| # wordpress_logged_in_[hash] : When a user is logged in, this cookie is created (we'd rather let WP-Rocket handle that) | |
| # wp-postpass_[hash] : When a protected pass requires a password, this cookie is created. | |
| if ($http_cookie ~* "(wordpress_logged_in_|wp\-postpass_)") { | |
| set $rocket_bypass 0; | |
| set $rocket_reason "Cookie"; | |
| } | |
| # Do not bypass if the cached file does not exist | |
| if (!-f "$rocket_file") { | |
| set $rocket_bypass 0; | |
| set $rocket_reason "File not cached"; | |
| } | |
| # If the bypass token is still on, let's bypass WordPress with the cached URL | |
| if ($rocket_bypass = 1) { | |
| set $rocket_is_bypassed "Yes"; | |
| set $rocket_reason "$rocket_url"; | |
| } | |
| # Clear variables if debug is not needed | |
| if ($rocket_debug = 0) { | |
| set $rocket_is_bypassed ""; | |
| set $rocket_reason ""; | |
| } | |
| # If the bypass token is still on, rewrite according to the file linked to the request | |
| if ($rocket_bypass = 1) { | |
| rewrite .* "$rocket_url" last; | |
| } | |
| # Add header to HTML cached files | |
| location ~ /assets/cache/wp-rocket/.*html$ { | |
| add_header Vary "Accept-Encoding, Cookie"; | |
| add_header X-Rocket-Nginx-Bypass $rocket_is_bypassed; | |
| add_header X-Rocket-Nginx-Reason $rocket_reason; | |
| expires 1h; | |
| } | |
| # Do not gzip cached files that are already gzipped | |
| location ~ /assets/cache/wp-rocket/.*_gzip$ { | |
| gzip off; | |
| types {} | |
| default_type text/html; | |
| add_header Content-Encoding gzip; | |
| add_header Vary "Accept-Encoding, Cookie"; | |
| add_header X-Rocket-Nginx-Bypass $rocket_is_bypassed; | |
| add_header X-Rocket-Nginx-Reason $rocket_reason; | |
| # expires 30d; | |
| expires 1h; | |
| } | |
| rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last; | |
| rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; | |
| location / { | |
| try_files $uri $uri/ /index.php?$args; | |
| } | |
| ################################################################################################### | |
| # Asset (CSS, JS, IMG) cache | |
| # | |
| location ~* \.(?:rss|atom)$ { | |
| expires 1h; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~* \.(eot|ttf|woff|woff2)$ { | |
| expires 1M; | |
| add_header Access-Control-Allow-Origin *; | |
| } | |
| location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~* \.(?:css|js)$ { | |
| expires 1y; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| ################################################################################################### | |
| # When dealing with plugins, php-fpm should be used, HHVM does not support SFTP | |
| # | |
| location ~ /wp-admin/(update|plugins).php { | |
| try_files $uri /index.php; | |
| include fastcgi_params; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_index index.php; | |
| } | |
| location = /wp-login.php { | |
| # Rate limiting so that brute force is prevented | |
| limit_req zone=one burst=1 nodelay; | |
| # try_files $uri /index.php; | |
| include fastcgi_params; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_index index.php; | |
| fastcgi_buffers 16 16k; | |
| fastcgi_buffer_size 32k; | |
| } | |
| location ~ \.(hh|php)$ { | |
| add_header X-Rocket-Nginx-Reason "Processing PHP"; | |
| proxy_intercept_errors on; | |
| error_page 502 = @fpm; | |
| try_files $uri /index.php; | |
| include fastcgi_params; | |
| fastcgi_pass unix:/var/run/hhvm/hhvm.sock; | |
| # fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_index index.php; | |
| fastcgi_buffers 16 16k; | |
| fastcgi_buffer_size 32k; | |
| } | |
| location @fpm { | |
| try_files $uri /index.php; | |
| include fastcgi_params; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_index index.php; | |
| } | |
| } | |
| ################################################################################################### | |
| # Other domain options | |
| # | |
| server { | |
| listen 443; | |
| server_name www.codeable.io; | |
| return 301 https://codeable.io$request_uri; | |
| } | |
| server { | |
| listen 80; | |
| server_name www.codeable.io; | |
| return 301 https://codeable.io$request_uri; | |
| } | |
| server { | |
| listen 80 default_server; | |
| server_name codeable.io; | |
| return 301 https://codeable.io$request_uri; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
spdy was replaced by ngx_http_v2_module. Do you have any update on it?