From 1bd38860d8dfb00dfa7581c007858ea54bd7b4f2 Mon Sep 17 00:00:00 2001 From: Pothi Kalimuthu Date: Sun, 23 Apr 2017 22:45:33 +0530 Subject: [PATCH] v1.0 - see changelog.txt for details --- README.md | 37 +- blacklist.conf | 9 + changelog.txt | 7 + conf.d/gzip.conf | 5 +- conf.nginx | 9 - etc/init.d/nginx | 362 ------------------ fastcgi_params => fastcgi.conf | 17 +- globals/php.conf | 5 +- globals/wpsc.conf | 28 +- mime.types | 88 +++++ mu-plugins/nginx-rewrite-compatibility.php | 14 - mu-plugins/pagespeed.php | 150 -------- nginx-compile-from-source.sh | 203 ---------- nginx-sample.conf | 32 ++ php-fpm.d/www.conf | 11 - proxy.conf | 4 + sites-available/admin-over-ssl.conf | 19 +- sites-available/catchall.conf | 3 + .../{domainname.com.conf => example.com.conf} | 16 +- sites-available/ip.conf | 34 +- sites-available/login-over-ssl.conf | 28 +- ...e.com.conf => mu-dir-dir-example.com.conf} | 30 +- ...nname.com.conf => mu-dir-example.com.conf} | 14 +- ...nname.com.conf => mu-dom-example.com.conf} | 6 +- sites-available/multiple-vhosts.conf | 8 +- sites-available/nginx-varnish-apache.conf | 35 +- sites-available/nginx-varnish-nginx.conf | 12 +- ...mainname.com.conf => pma.example.com.conf} | 12 +- ...mainname.com.conf => ssl-example.com.conf} | 20 +- ...name.com.conf => ssl-www.example.com.conf} | 20 +- ...ainname.tld.conf => wpfc.example.com.conf} | 10 +- ...ainname.tld.conf => wpsc.example.com.conf} | 10 +- ...mainname.com.conf => www.example.com.conf} | 16 +- sites-enabled/domainname.com.conf | 1 - whitelist.conf | 15 + wp-config.php | 14 - 36 files changed, 349 insertions(+), 955 deletions(-) create mode 100644 blacklist.conf create mode 100644 changelog.txt delete mode 100644 conf.nginx delete mode 100644 etc/init.d/nginx rename fastcgi_params => fastcgi.conf (75%) create mode 100644 mime.types delete mode 100644 mu-plugins/nginx-rewrite-compatibility.php delete mode 100644 mu-plugins/pagespeed.php delete mode 100644 nginx-compile-from-source.sh create mode 100644 nginx-sample.conf delete mode 100644 php-fpm.d/www.conf create mode 100644 proxy.conf rename sites-available/{domainname.com.conf => example.com.conf} (67%) rename sites-available/{mu-dir-dir-domainname.com.conf => mu-dir-dir-example.com.conf} (63%) rename sites-available/{mu-dir-domainname.com.conf => mu-dir-example.com.conf} (65%) rename sites-available/{mu-dom-domainname.com.conf => mu-dom-example.com.conf} (83%) rename sites-available/{pma.domainname.com.conf => pma.example.com.conf} (71%) rename sites-available/{ssl-domainname.com.conf => ssl-example.com.conf} (62%) rename sites-available/{ssl-www.domainname.com.conf => ssl-www.example.com.conf} (62%) rename sites-available/{wpfc.domainname.tld.conf => wpfc.example.com.conf} (56%) rename sites-available/{wpsc.domainname.tld.conf => wpsc.example.com.conf} (54%) rename sites-available/{www.domainname.com.conf => www.example.com.conf} (51%) delete mode 120000 sites-enabled/domainname.com.conf create mode 100644 whitelist.conf delete mode 100644 wp-config.php diff --git a/README.md b/README.md index c259087..86cd42c 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,22 @@ # WordPress-Nginx -WordPress specific Nginx configurations, tweaks, compatibility routines, etc. +WordPress specific Nginx configurations, tweaks, and much more! + +## Advantages + +There are multiplpe advantages of using this repo as your go-to nginx configuration. + ++ Contains ready-to-use sample vhost entries to be used with WP Super Cache plugin (with SSL), WP Rocket cache plugin, etc. ++ Uses best practices (ex: you can find the correct use 'if' statement here). ++ Continuously updated sample configurations and best practices. ## Compatibility Tested with + Debian Debian 9.x (upcoming version) -+ Ubuntu 16.04.x ++ Ubuntu 16.04 LTS -For Fedora, Redhat, CentOS and Amazon Linux AMI or similar distributions, please look at the [CentOS branch](https://github.com/pothi/WordPress-Nginx/tree/centos "WordPress-Nginx configuration for Amazon Linux AMI, Fedora, Redhat and CentOS based distributions"). +For Fedora, Redhat, CentOS and Amazon Linux AMI or similar distributions, the configuration mentioned in the repo should work. Additional steps may be needed, though. See below for some details! ## How to Install @@ -24,15 +32,24 @@ As __sudo or root__, please use the following guidelines... ```bash git clone git://github.com/pothi/wordpress-nginx.git $HOME/git/wordpress-nginx cd $HOME/git/wordpress-nginx -# git checkout centos + cp -a $HOME/git/wordpress-nginx/{conf.d, globals, errors, sites-available} /etc/nginx/ -rm /etc/nginx/sites-enabled/domainname.conf +mkdir /etc/nginx/sites-enabled &> /dev/null +cp /etc/nginx/nginx-sample.conf /etc/nginx/nginx.conf + # Other steps that depends on your particular requirement: -# YOUR_DOMAIN_NAME=tinywp.com -# mv /etc/nginx/sites-available/domainname.conf /etc/nginx/sites-available/$YOUR_DOMAIN_NAME.conf + +# one-off process +# edit /etc/nginx/conf.d/lb.conf and update the upstream block for 'fpm' + +# you may do the following for each vhost +# WP_DOMAIN=example.com +# YOUR_USERNAME=your_linux_username +# cp /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-available/$WP_DOMAIN.conf # cd /etc/nginx/sites-enabled/ -# ln -s ../sites-available/$YOUR_DOMAIN_NAME.conf -# sed -i --follow-symlinks 's/domainname.com/'$YOUR_DOMAIN_NAME'/g' /etc/nginx/sites-enabled/$YOUR_DOMAIN_NAME.conf +# ln -s ../sites-available/$WP_DOMAIN.conf +# sed -i --follow-symlinks 's/example.com/'$WP_DOMAIN'/g' /etc/nginx/sites-enabled/$WP_DOMAIN.conf +# sed -i --follow-symlinks 's/username/'$YOUR_USERNAME'/g' /etc/nginx/sites-enabled/$WP_DOMAIN.conf # nginx -t && service nginx restart ``` @@ -51,4 +68,4 @@ CentOS has a different file naming convention, yet simple directory structure, w + Patches, improvements, and suggestions are welcomed. + Please use contact form at https://www.tinywp.in/contact/ , if you'd like to contact Pothi Kalimuthu for other reasons. + I'm available for hire to setup, tweak or troubleshoot your server to provide *the fastest WordPress hosting*. -+ Thanks for having a look here. Have a good time! ++ Thanks for checking it out. Have a good time! diff --git a/blacklist.conf b/blacklist.conf new file mode 100644 index 0000000..e4b28cf --- /dev/null +++ b/blacklist.conf @@ -0,0 +1,9 @@ +# please use the following format... +# deny ip.add.re.ss; +# both ipv4 and ipv6 addresses can be blacklisted +# CIDR notation is allowed too + + +# deny ip.add.re.ss1; +# deny ip.add.re.ss2; +# deny ip.add.re.ss3; diff --git a/changelog.txt b/changelog.txt new file mode 100644 index 0000000..d4fd542 --- /dev/null +++ b/changelog.txt @@ -0,0 +1,7 @@ +v1.0 + - released on April 23, 2017 + - uniform naming scheme for domain names + - uniform naming scheme for default files + - introduction of blacklist and whitelist for IP addresses + - fix tab/space conflict; now we use only spaces + - enable gzip by default diff --git a/conf.d/gzip.conf b/conf.d/gzip.conf index 9972a5b..6fe1584 100644 --- a/conf.d/gzip.conf +++ b/conf.d/gzip.conf @@ -1,13 +1,10 @@ -### Assuming gzip is not "on" in nginx.conf - ## # Gzip Settings ## -# gzip_static off; - # uncomment the following, if your nginx.conf already doesn't have it turned on # gzip on; + gzip_disable "msie6"; gzip_vary on; diff --git a/conf.nginx b/conf.nginx deleted file mode 100644 index 0d9dc07..0000000 --- a/conf.nginx +++ /dev/null @@ -1,9 +0,0 @@ -# Basically nothing should be changed in the default nginx.conf file - -# Assuming that it (nginx.conf) contains the following include directives... -# 1. include conf.d/*.conf; -# 2. include sites-enabled/*; - -# Even if the second include directive wasn't there, -# it could be included via conf.d/common.conf file. -# So, no worries, if the default nginx.conf file isn't following a standard diff --git a/etc/init.d/nginx b/etc/init.d/nginx deleted file mode 100644 index a316f5c..0000000 --- a/etc/init.d/nginx +++ /dev/null @@ -1,362 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: nginx -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: nginx init.d dash script for Ubuntu or other *nix. -# Description: nginx init.d dash script for Ubuntu or other *nix. -### END INIT INFO -#------------------------------------------------------------------------------ -# nginx - this Debian Almquist shell (dash) script, starts and stops the nginx -# daemon for Ubuntu and other *nix releases. -# -# description: Nginx is an HTTP(S) server, HTTP(S) reverse \ -# proxy and IMAP/POP3 proxy server. This \ -# script will manage the initiation of the \ -# server and it's process state. -# -# processname: nginx -# config: /usr/local/nginx/conf/nginx.conf -# pidfile: /usr/local/nginx/logs/nginx.pid -# Provides: nginx -# -# Author: Jason Giedymin -# . -# -# Version: 3.0 22-APR-2013 jason.giedymin AT gmail.com -# Notes: nginx init.d dash script for Ubuntu. -# Tested with: Ubuntu 12.10, nginx-1.3.16 -# -# This script's project home is: -# http://github.com/JasonGiedymin/nginx-init-ubuntu -# -#------------------------------------------------------------------------------ -# MIT X11 License -#------------------------------------------------------------------------------ -# -# Copyright (c) 2008-2013 Jason Giedymin, http://jasongiedymin.com -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Functions -#------------------------------------------------------------------------------ -. /lib/lsb/init-functions - -#------------------------------------------------------------------------------ -# Consts -#------------------------------------------------------------------------------ -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/nginx - -PS="nginx" -PIDNAME="nginx" #lets you do $PS-slave -PIDFILE=$PIDNAME.pid #pid file -PIDSPATH=/var/run #default pid location, you should change it - -DESCRIPTION="Nginx Server..." - -RUNAS=root #user to run as - -SCRIPT_OK=0 #ala error codes -SCRIPT_ERROR=1 #ala error codes -TRUE=1 #boolean -FALSE=0 #boolean - -lockfile=/var/lock/subsys/nginx -NGINX_CONF_FILE="/etc/nginx/nginx.conf" - -#------------------------------------------------------------------------------ -# Simple Tests -#------------------------------------------------------------------------------ - -#test if nginx is a file and executable -test -x $DAEMON || exit 0 - -# Include nginx defaults if available -if [ -f /etc/default/nginx ] ; then - . /etc/default/nginx -fi - -#set exit condition -#set -e - -#------------------------------------------------------------------------------ -# Functions -#------------------------------------------------------------------------------ - -setFilePerms(){ - if [ -f $PIDSPATH/$PIDFILE ]; then - chmod 400 $PIDSPATH/$PIDFILE - fi -} - -configtest() { - $DAEMON -t -c $NGINX_CONF_FILE -} - -getPSCount() { - return `pgrep -f $PS | wc -l` -} - -isRunning() { - if [ $1 ]; then - pidof_daemon $1 - PID=$? - - if [ $PID -gt 0 ]; then - return 1 - else - return 0 - fi - else - pidof_daemon - PID=$? - - if [ $PID -gt 0 ]; then - return 1 - else - return 0 - fi - fi -} - -#courtesy of php-fpm -wait_for_pid () { - try=0 - - while test $try -lt 35 ; do - case "$1" in - 'created') - if [ -f "$2" ] ; then - try='' - break - fi - ;; - - 'removed') - if [ ! -f "$2" ] ; then - try='' - break - fi - ;; - esac - - try=`expr $try + 1` - sleep 1 - done -} - -status(){ - isRunning - isAlive=$? - - if [ "${isAlive}" -eq $TRUE ]; then - echo "$PIDNAME found running with processes: `pidof $PS`" - else - echo "$PIDNAME is NOT running." - fi -} - -removePIDFile(){ - if [ $1 ]; then - if [ -f $1 ]; then - rm -f $1 - fi - else - #Do default removal - if [ -f $PIDSPATH/$PIDFILE ]; then - rm -f $PIDSPATH/$PIDFILE - fi - fi -} - -start() { - log_daemon_msg "Starting $DESCRIPTION" - - isRunning - isAlive=$? - - if [ "${isAlive}" -eq $TRUE ]; then - log_end_msg $SCRIPT_ERROR - else - start-stop-daemon --start --quiet --chuid \ - $RUNAS --pidfile $PIDSPATH/$PIDFILE --exec $DAEMON \ - -- -c $NGINX_CONF_FILE - setFilePerms - log_end_msg $SCRIPT_OK - fi -} - -stop() { - log_daemon_msg "Stopping $DESCRIPTION" - - isRunning - isAlive=$? - - if [ "${isAlive}" -eq $TRUE ]; then - start-stop-daemon --stop --quiet --pidfile $PIDSPATH/$PIDFILE - - wait_for_pid 'removed' $PIDSPATH/$PIDFILE - - if [ -n "$try" ] ; then - log_end_msg $SCRIPT_ERROR - else - removePIDFile - log_end_msg $SCRIPT_OK - fi - else - log_end_msg $SCRIPT_ERROR - fi -} - -reload() { - configtest || return $? - - log_daemon_msg "Reloading (via HUP) $DESCRIPTION" - - isRunning - - if [ $? -eq $TRUE ]; then - `killall -HUP $PS` #to be safe - log_end_msg $SCRIPT_OK - else - log_end_msg $SCRIPT_ERROR - fi -} - -quietupgrade() { - log_daemon_msg "Peforming Quiet Upgrade $DESCRIPTION" - - isRunning - isAlive=$? - - if [ "${isAlive}" -eq $TRUE ]; then - kill -USR2 `cat $PIDSPATH/$PIDFILE` - kill -WINCH `cat $PIDSPATH/$PIDFILE.oldbin` - - isRunning - isAlive=$? - - if [ "${isAlive}" -eq $TRUE ]; then - kill -QUIT `cat $PIDSPATH/$PIDFILE.oldbin` - wait_for_pid 'removed' $PIDSPATH/$PIDFILE.oldbin - removePIDFile $PIDSPATH/$PIDFILE.oldbin - - log_end_msg $SCRIPT_OK - else - log_end_msg $SCRIPT_ERROR - - log_daemon_msg "ERROR! Reverting back to original $DESCRIPTION" - - kill -HUP `cat $PIDSPATH/$PIDFILE` - kill -TERM `cat $PIDSPATH/$PIDFILE.oldbin` - kill -QUIT `cat $PIDSPATH/$PIDFILE.oldbin` - - wait_for_pid 'removed' $PIDSPATH/$PIDFILE.oldbin - removePIDFile $PIDSPATH/$PIDFILE.oldbin - - log_end_msg $SCRIPT_ok - fi - else - log_end_msg $SCRIPT_ERROR - fi -} - -terminate() { - log_daemon_msg "Force terminating (via KILL) $DESCRIPTION" - - PIDS=`pidof $PS` || true - - [ -e $PIDSPATH/$PIDFILE ] && PIDS2=`cat $PIDSPATH/$PIDFILE` - - for i in $PIDS; do - if [ "$i" = "$PIDS2" ]; then - kill $i - wait_for_pid 'removed' $PIDSPATH/$PIDFILE - removePIDFile - fi - done - - log_end_msg $SCRIPT_OK -} - -destroy() { - log_daemon_msg "Force terminating and may include self (via KILLALL) $DESCRIPTION" - killall $PS -q >> /dev/null 2>&1 - log_end_msg $SCRIPT_OK -} - -pidof_daemon() { - PIDS=`pidof $PS` || true - - [ -e $PIDSPATH/$PIDFILE ] && PIDS2=`cat $PIDSPATH/$PIDFILE` - - for i in $PIDS; do - if [ "$i" = "$PIDS2" ]; then - return 1 - fi - done - - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|force-reload) - stop - sleep 1 - start - ;; - reload) - $1 - ;; - status) - status - ;; - configtest) - $1 - ;; - quietupgrade) - $1 - ;; - terminate) - $1 - ;; - destroy) - $1 - ;; - *) - FULLPATH=/etc/init.d/$PS - echo "Usage: $FULLPATH {start|stop|restart|force-reload|status|configtest|quietupgrade|terminate|destroy}" - echo " The 'destroy' command should only be used as a last resort." - exit 1 - ;; -esac - -exit 0 diff --git a/fastcgi_params b/fastcgi.conf similarity index 75% rename from fastcgi_params rename to fastcgi.conf index d76963f..acd0b38 100644 --- a/fastcgi_params +++ b/fastcgi.conf @@ -1,20 +1,25 @@ -# Fetched from http://wiki.nginx.org/PHPFcgiExample#FastCGI_Example - -#fastcgi.conf -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/globals/php.conf b/globals/php.conf index 99efca9..4d3f72d 100644 --- a/globals/php.conf +++ b/globals/php.conf @@ -2,8 +2,7 @@ location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_pass fpm; } diff --git a/globals/wpsc.conf b/globals/wpsc.conf index 919a182..87a062a 100644 --- a/globals/wpsc.conf +++ b/globals/wpsc.conf @@ -1,19 +1,19 @@ # To improve the perf, we may use open_file_cache # ref: https://nginx.org/r/open_file_cache -# open_file_cache max=1000; -# open_file_cache_valid 60s; -# open_file_cache_min_uses 2; -# open_file_cache_errors off; +# open_file_cache max=1000; +# open_file_cache_valid 60s; +# open_file_cache_min_uses 2; +# open_file_cache_errors off; location / { gzip_static on; error_page 418 = @cachemiss; - error_page 419 = @mobileaccess; + error_page 419 = @mobileaccess; if ($request_method = POST) { return 418; } - # uncommenting the following degrades the performance on certain sites. YMMV + # uncommenting the following degrades the performance on certain sites. YMMV # if ($query_string != "") { return 418; } # let's not cache WP search results and AMP test pages @@ -24,26 +24,26 @@ location / { if ($http_cookie ~* "comment_author_") { return 418; } if ($http_cookie ~* "wp_postpass_") { return 418; } - if ($http_user_agent ~* (2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800|iPad)) { return 419; } + if ($http_user_agent ~* (2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800|iPad)) { return 419; } - # uncomment the following if deemed fit - # if ($http_user_agent ~* (w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-|ipad)) { return 419; } + # uncomment the following if deemed fit + # if ($http_user_agent ~* (w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-|ipad)) { return 419; } try_files "/wp-content/cache/supercache/$host${uri}index$wpsc_https.html" =418; - #--> all the following would apply, only if the request hits the cache + #--> all the following would apply, only if the request hits the cache add_header "X-WPSC-Cache" "HIT"; expires modified 30m; add_header "Cache-Control" "must-revalidate"; - # For proxies + # For proxies # add_header "Cache-Control" "s-maxage=3600"; } location @mobileaccess { - # try_files $uri $uri/ /index.php$is_args$args; + # try_files $uri $uri/ /index.php$is_args$args; try_files "/wp-content/cache/supercache/$host${uri}index$wpsc_https-mobile.html" $uri $uri/ /index.php$is_args$args; add_header "X-WPSC-Mobile-Cache" "HIT"; @@ -51,12 +51,12 @@ location @mobileaccess { expires modified 30m; add_header "Cache-Control" "must-revalidate"; - # For proxies + # For proxies add_header "Cache-Control" "s-maxage=3600"; } location @cachemiss { - try_files $uri $uri/ /index.php$is_args$args; + try_files $uri $uri/ /index.php$is_args$args; } diff --git a/mime.types b/mime.types new file mode 100644 index 0000000..cd3d700 --- /dev/null +++ b/mime.types @@ -0,0 +1,88 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/mu-plugins/nginx-rewrite-compatibility.php b/mu-plugins/nginx-rewrite-compatibility.php deleted file mode 100644 index b9545f7..0000000 --- a/mu-plugins/nginx-rewrite-compatibility.php +++ /dev/null @@ -1,14 +0,0 @@ - WP_PLUGIN_DIR, - plugins_url('', WPMU_PLUGIN_DIR . '/dummy') => WPMU_PLUGIN_DIR, - get_stylesheet_directory_uri() => get_stylesheet_directory(), - get_template_directory_uri() => get_template_directory(), - content_url() => WP_CONTENT_DIR, - site_url('/' . WPINC) => ABSPATH . WPINC, - ); - - $filename = null; - foreach($url_mappings as $root_url => $directory) { - if ( strpos($url, $root_url) === 0 ) { - $filename = $directory . '/' . substr($url, strlen($root_url)); - //Get rid of the query string, if any. - list($filename, ) = explode('?', $filename, 2); - break; - } - } - - return $filename; - } - - /** - * Apply automatic versioning to all scripts and style sheets added using WP dependency APIs. - * - * If you set $add_ver_to_filename to TRUE, make sure to also add the following code to your - * .htaccess file or your site may break: - * - * - * RewriteEngine On - * RewriteRule ^(.*)\.[\d]{10}\.(css|js)$ $1.$2 [L] - * - * - * @static - * @param bool $add_ver_to_filename - */ - public static function apply_to_all_dependencies($add_ver_to_filename = false) { - self::$version_in_filename = $add_ver_to_filename; - foreach(array('script_loader_src', 'style_loader_src') as $hook) { - add_filter($hook, __CLASS__ . '::_filter_dependency_src', 10, 1); - } - } - - public static function _filter_dependency_src($src) { - //Only add version info to CSS/JS files that don't already have it in the file name. - if ( preg_match('@(? /dev/null - if [ "$?" != '0' ]; then - echo 'Something wrent wrong while installing Nginx dependencies. Probably you do not have sudo privilege!' - exit 1 - fi - - # install the prerequisites - echo "Installing development packages..." - sudo apt-get -y -q install $PRE_PACK &> /dev/null - if [ "$?" != '0' ]; then - echo 'Something wrent wrong while installing the development packages' - exit 1 - fi - - # Pagespeed Module - if [ $VERSION_PAGESPEED_MODULE != 'NULL' ]; then - echo 'Installing mod_pagespeed dependencies...' - sudo apt-get -y -q install git-core build-essential zlib1g-dev libpcre3 libpcre3-dev &> /dev/null - if [ "$?" != '0' ]; then - echo 'Something wrent wrong while installing the dependencies for pagespeed' - exit 1 - fi - fi - - elif [ $PREV_VER == "BINARY" ]; then - echo "Installing development packages..." - sudo apt-get -y -q install $PRE_PACK &> /dev/null - if [ "$?" != '0' ]; then - echo 'Something wrent wrong while installing the development packages. Probably, you do not have sudo privilege!' - exit 1 - fi - - elif [ $CURRENT_VER == $PREV_VER ] - then - echo 'Recompiling the current version!' - - else - echo "Upgrading from version $PREV_VER to $CURRENT_VER!" -fi - -# create a new directory to download source and compile -COMPILE_DIR=$HOME/src/nginx-$(date +%F_%H-%M-%S) -mkdir -p $COMPILE_DIR -cd $COMPILE_DIR &> /dev/null - -# download and install nginx -echo 'Hold on! Downloading Nginx...' -wget -q http://nginx.org/download/nginx-$CURRENT_VER.tar.gz -tar xzf nginx-$CURRENT_VER.tar.gz && rm -f nginx-$CURRENT_VER.tar.gz; cd nginx-$CURRENT_VER -if [ "$?" != '0' ]; then - echo 'Something wrent wrong while downloading Nginx' - exit 1 -fi - -# download custom modules -# git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git -# git clone https://github.com/pagespeed/ngx_pagespeed.git - -#--- Download Nginx Pagespeed module ---# -# Ref: https://github.com/pagespeed/ngx_pagespeed#how-to-build -if [ $VERSION_PAGESPEED_MODULE != 'NULL' ]; then - echo 'Hold on while downloading PageSpeed module...' - wget -q https://github.com/pagespeed/ngx_pagespeed/archive/release-${VERSION_PAGESPEED_MODULE}-beta.zip &> /dev/null - unzip -q release-${VERSION_PAGESPEED_MODULE}-beta.zip && rm release-${VERSION_PAGESPEED_MODULE}-beta.zip &> /dev/null # or unzip release-${VERSION_PAGESPEED_MODULE}-beta - cd ngx_pagespeed-release-${VERSION_PAGESPEED_MODULE}-beta/ &> /dev/null - wget -q https://dl.google.com/dl/page-speed/psol/${VERSION_PAGESPEED_MODULE}.tar.gz &> /dev/null - tar -xzf ${VERSION_PAGESPEED_MODULE}.tar.gz # expands to psol/ -fi - -echo 'Please wait! Configuring Nginx!' -./configure $CONFIGURE_OPTIONS &> /dev/null -if [ "$?" != '0' ]; then - echo 'Something wrent wrong while configuring Nginx' - exit 1 -fi - -echo 'Making the new version. This process may take several minutes depending on the CPU!' -sudo make -if [ "$?" != '0' ]; then - echo 'Something wrent wrong while making Nginx' - exit 1 -fi - -if [ $PREV_VER == "BINARY" ]; then - sudo apt-get -y remove nginx nginx-common nginx-full &> /dev/null - - if [ "$?" != '0' ]; then - echo 'Something wrent wrong while removing Nginx that was installed via official repo' - exit 1 - fi -fi - -echo 'Installing Nginx' -sudo make install -if [ "$?" != '0' ]; then - echo 'Something wrent wrong while installing Nginx' - exit 1 -fi - -# (re)start Nginx server -if [ $PREV_VER == 'NULL' ]; then - # http://wiki.nginx.org/Nginx-init-ubuntu - wget https://raw.github.com/JasonGiedymin/nginx-init-ubuntu/master/nginx -O ~/nginx-init -q &> /dev/null - sed -i 's:\(DAEMON=\).*:\1/usr/sbin/nginx:' ~/nginx-init - sed -i 's:\(PIDSPATH=\).*:\1/var/run:' ~/nginx-init - sed -i 's:\(NGINX_CONF_FILE=\).*:\1/etc/nginx/nginx.conf:' ~/nginx-init - sudo mv ~/nginx-init /etc/init.d/nginx - chmod +x /etc/init.d/nginx - - # In Ubuntu 12.04, the following is not needed - sudo /usr/sbin/update-rc.d -f nginx defaults - - # Start Nginx for the first time - sudo nginx -t && sudo service nginx start - -elif [ $PREV_VER == "BINARY" ]; then - sudo nginx -t && sudo service nginx start -else - # Upgrade Nginx - sudo nginx -t && sudo make upgrade -fi -if [ "$?" != '0' ]; then - echo 'Something wrent wrong while (re)starting Nginx' - exit 1 -fi - -# clean up -rm -f ~/nginx-init &> /dev/null -rm -rf ~/src/ngx_pagespeed-release-${VERSION_PAGESPEED_MODULE}-beta/ &> /dev/null -rm -rf $COMPILE_DIR &> /dev/null -cd $CWD &> /dev/null - -echo "done."; echo - -exit 0 - diff --git a/nginx-sample.conf b/nginx-sample.conf new file mode 100644 index 0000000..a2856ac --- /dev/null +++ b/nginx-sample.conf @@ -0,0 +1,32 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; +} diff --git a/php-fpm.d/www.conf b/php-fpm.d/www.conf deleted file mode 100644 index d37fe72..0000000 --- a/php-fpm.d/www.conf +++ /dev/null @@ -1,11 +0,0 @@ - -### To catch the output of PHP in log -catch_workers_output = yes - -### Append the following, to increase certain limits -### and to avoid session error - -php_admin_value[session.save_path] = "/home/tbn/php/sessions" -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 28M - diff --git a/proxy.conf b/proxy.conf new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/proxy.conf @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/sites-available/admin-over-ssl.conf b/sites-available/admin-over-ssl.conf index 6550add..2734b73 100644 --- a/sites-available/admin-over-ssl.conf +++ b/sites-available/admin-over-ssl.conf @@ -5,11 +5,11 @@ ### Process non-SSL requests server { listen 80; - server_name domainname.com; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/example.com/public; # Process PHP requests location ~ \.php$ { @@ -20,9 +20,8 @@ server { # Process non-admin requests try_files $uri =404; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } @@ -34,11 +33,11 @@ server { } server { listen 443 ssl; - server_name domainname.com; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/example.com/public; # Generate Certificates # http://wiki.nginx.org/HttpSslModule#Generate_Certificates @@ -46,8 +45,8 @@ server { ssl_certificate_key /path/to/server.key; # Logs - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; # Process requests to wp-admin/* and wp-login.php location ~ /wp-(admin|login) { @@ -56,9 +55,9 @@ server { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_pass fpm; + include "fastcgi.conf"; } } @@ -67,7 +66,7 @@ server { # To avoid displaying posts and post previews in HTTPS location / { - return 301 http://domainname.com$request_uri; + return 301 http://example.com$request_uri; } } diff --git a/sites-available/catchall.conf b/sites-available/catchall.conf index e062b03..f9ade70 100644 --- a/sites-available/catchall.conf +++ b/sites-available/catchall.conf @@ -3,6 +3,9 @@ server { listen 80 default_server; server_name _; + access_log off; + error_log off; + # return nothing # a Nginx specific error code # return 444; diff --git a/sites-available/domainname.com.conf b/sites-available/example.com.conf similarity index 67% rename from sites-available/domainname.com.conf rename to sites-available/example.com.conf index d37a729..485d2ed 100644 --- a/sites-available/domainname.com.conf +++ b/sites-available/example.com.conf @@ -4,21 +4,22 @@ server { listen 80; - server_name www.domainname.com; - return 301 $scheme://domainname.com$request_uri; + server_name www.example.com; + return 301 $scheme://example.com$request_uri; + access_log off; } server { listen 80; - server_name domainname.com; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/example.com/public; # Logs - do check these, if sth goes wrong - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; # Optional configurations # include "globals/auto-versioning-support.conf"; @@ -31,9 +32,8 @@ server { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } diff --git a/sites-available/ip.conf b/sites-available/ip.conf index c920bcf..3532bf2 100644 --- a/sites-available/ip.conf +++ b/sites-available/ip.conf @@ -1,26 +1,27 @@ # For SEO - safe to ignore, if you don't understand what it is doing! server { listen 80 default_server; - server_name ser.ver.i.p; + # please replace 127.0.0.1 with the actual IP of the server + server_name 127.0.0.1; root /home/username/others; - access_log /var/log/nginx/ip-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/ip-error.log; + access_log off; + error_log off; + # access_log /var/log/nginx/ip-access.log combined buffer=64k flush=5m if=$loggable; + # error_log /var/log/nginx/ip-error.log; location ~* \.php$ { location ~ /wp-content/plugins/akismet/ { - allow 127.0.0.1; - deny all; + include whitelist.conf; } try_files $uri = 404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include fastcgi_params; + include fastcgi.conf; fastcgi_index index.php; fastcgi_pass fpm; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } # PHPmyadmin @@ -35,8 +36,7 @@ server { stub_status on; access_log off; - allow you.r.i.p; - deny all; + include whitelist.conf; expires -1; } @@ -46,9 +46,7 @@ server { fastcgi_pass fpm; include fastcgi_params; - allow you.r.i.p; - allow 127.0.0.1; - deny all; + include whitelist.conf; expires -1; } @@ -58,8 +56,7 @@ server { fastcgi_pass fpm; include fastcgi_params; - allow you.r.i.p; - deny all; + include whitelist.conf; expires -1; } @@ -68,8 +65,7 @@ server { alias "/var/cache/munin/www"; try_files $uri $uri/ /index.html; - allow you.r.i.p; - deny all; + include whitelist.conf; expires -1; } @@ -79,8 +75,8 @@ server { proxy_pass http://127.0.0.1:2812; proxy_redirect http://127.0.0.1:2812/monit/ http://199.187.124.24/monit/; - allow you.r.i.p; - deny all; + include whitelist.conf; + expires -1; } @@ -99,6 +95,6 @@ server { # Redirect to the main site domainname.com location / { - return $scheme://domainname.com$request_uri; + return $scheme://example.com$request_uri; } } diff --git a/sites-available/login-over-ssl.conf b/sites-available/login-over-ssl.conf index 714b99b..56c40b5 100644 --- a/sites-available/login-over-ssl.conf +++ b/sites-available/login-over-ssl.conf @@ -4,11 +4,14 @@ server { listen 80; - server_name domainname.com; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/example.com/public; + + include globals/common-locations.conf; + include globals/restrictions.conf; location ~ \.php$ { # Request to wp-login to go through HTTPS protocol @@ -17,11 +20,10 @@ server { } # Process other requests - include "fastcgi_params"; + include "fastcgi.conf"; try_files $uri =404; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:/var/lock/php-fpm; + fastcgi_pass fpm; } location / { @@ -31,32 +33,32 @@ server { } server { listen 443 ssl; - server_name domainname.com; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/example.com/public; # Generate Certificates # http://wiki.nginx.org/HttpSslModule#Generate_Certificates ssl_certificate /path/to/combined.crt; ssl_certificate_key /path/to/server.key; - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; + + include globals/common-locations.conf; + include globals/restrictions.conf; location ~ /wp-login\.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } - include globals/common-locations.conf; - # The rewrite magic location / { try_files $uri $uri/ /index.php$is_args$args; diff --git a/sites-available/mu-dir-dir-domainname.com.conf b/sites-available/mu-dir-dir-example.com.conf similarity index 63% rename from sites-available/mu-dir-dir-domainname.com.conf rename to sites-available/mu-dir-dir-example.com.conf index 26a858b..be3a599 100644 --- a/sites-available/mu-dir-dir-domainname.com.conf +++ b/sites-available/mu-dir-dir-example.com.conf @@ -1,33 +1,33 @@ ### Use case -# domainname.com has a non-WordPress installation at its root -# domainname.com/blogs is a WordPress multisite sub-directory installation -# domainname.com/blogs/blog1 is a site in WP multisite -# domainname.com/blogs/blog2 is another site in WP multisite -# The site would be accessed primarily as domainname.com (instead of www.domainname.com) +# example.com has a non-WordPress installation at its root +# example.com/blogs is a WordPress multisite sub-directory installation +# example.com/blogs/blog1 is a site in WP multisite +# example.com/blogs/blog2 is another site in WP multisite +# The site would be accessed primarily as example.com (instead of www.example.com) # Please replace blogs with the actual name of the sub-directory inwhich WP is (would be) installed ### Remember that IfIsEvil, if used inappropriately. # Ref: http://wiki.nginx.org/IfIsEvil -# Redirect www.domainname.com/anything to domainname.com/anything +# Redirect www.example.com/anything to example.com/anything server { listen 80; - server_name www.domainname.com; - return 301 $scheme://domainname.com$request_uri; + server_name www.example.com; + return 301 $scheme://example.com$request_uri; } -# Process requests to domainname.com +# Process requests to example.com server { listen 80; - server_name domainname.com; + server_name example.com; index index.php; # Change this to the actual location of non-WordPress files - root /home/username/sites/domainname.com; + root /home/username/sites/example.com/public; # Logs - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; ### modified version of globals/mu-files.conf; # For uploads @@ -49,9 +49,8 @@ server { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } @@ -63,6 +62,7 @@ server { # Let's include usual location directives, including 'location / { try files ; }' directive # To process the non-WordPress PHP site include globals/common-locations.conf; + include globals/restrictions.conf; # The rewrite magic location / { diff --git a/sites-available/mu-dir-domainname.com.conf b/sites-available/mu-dir-example.com.conf similarity index 65% rename from sites-available/mu-dir-domainname.com.conf rename to sites-available/mu-dir-example.com.conf index e34ef32..7736778 100644 --- a/sites-available/mu-dir-domainname.com.conf +++ b/sites-available/mu-dir-example.com.conf @@ -2,23 +2,23 @@ server { listen 80; - server_name www.domainname.com; - return 301 $scheme://domainname.com$request_uri; + server_name www.example.com; + return 301 $scheme://example.com$request_uri; } server { listen 80; - server_name domainname.com; + server_name example.com; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/example.com/public; index index.php; # logs - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; include "globals/mu-files.conf"; include "globals/mu-dir.conf"; @@ -28,7 +28,7 @@ server { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; diff --git a/sites-available/mu-dom-domainname.com.conf b/sites-available/mu-dom-example.com.conf similarity index 83% rename from sites-available/mu-dom-domainname.com.conf rename to sites-available/mu-dom-example.com.conf index 3be03b8..428366d 100644 --- a/sites-available/mu-dom-domainname.com.conf +++ b/sites-available/mu-dom-example.com.conf @@ -12,7 +12,7 @@ server { server_name .domainname.com; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; + root /home/username/sites/domainname.com/public; index index.php; @@ -22,14 +22,14 @@ server { include "globals/mu-files.conf"; include "globals/common-locations.conf"; + include "globals/restrictions.conf"; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } diff --git a/sites-available/multiple-vhosts.conf b/sites-available/multiple-vhosts.conf index c350f99..833b729 100644 --- a/sites-available/multiple-vhosts.conf +++ b/sites-available/multiple-vhosts.conf @@ -15,8 +15,8 @@ server { index index.php index.html; - # Let's have a common log for all the sites - # individual logs are not possible to create for each site + # Let's have a common log for all the sites + # individual logs are not possible to create for each site access_log /var/log/nginx/common-vhost-access.log combined buffer=64k flush=5m if=$loggable; error_log /var/log/nginx/common-vhost-error.log error; @@ -25,6 +25,6 @@ server { include "globals/php.conf"; location / { - try_files $uri $uri/ /index.php$is_args$args; - } + try_files $uri $uri/ /index.php$is_args$args; + } } diff --git a/sites-available/nginx-varnish-apache.conf b/sites-available/nginx-varnish-apache.conf index ec2cf80..88bc735 100644 --- a/sites-available/nginx-varnish-apache.conf +++ b/sites-available/nginx-varnish-apache.conf @@ -1,38 +1,23 @@ iserver { listen 80; - server_name www.domainname.com; - return 301 $scheme://domainname.com$request_uri; + server_name www.example.com; + return 301 $scheme://example.com$request_uri; } server { - listen ip.of.ser.ver:80; - server_name domainname.com; + # listen ip.of.ser.ver:80; + listen 80; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/domainname.com/wordpress; - - error_log /var/log/nginx/domainname.com-error.log; - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; + root /home/username/sites/example.com/public; - location ~* \.(?:css|js|ico|svg)$ { - add_header Cache-Control max-age=2678400; - } + error_log /var/log/nginx/example.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; - # Reference: http://jmoiron.net/blog/serving-fonts-aws-cloudfront/ - location ~* \.(?:ttf|eot|woff|otf)$ { - ### Comment the following line, if you do NOT use an external URL to serve webfonts - add_header Access-Control-Allow-Origin "*"; - add_header Cache-Control max-age=2678400; - } - - location ~ \.(?:jpg|jpeg|gif|png)$ { - ### Please change the domainname before uncommenting the following - # valid_referers none blocked www.domainname.com domainname.com; - # if ($invalid_referer) { return 403; } - - add_header Cache-Control max-age=2678400; - } + include "globals/common-locations.conf"; + include "globals/restrictions.conf"; # Add trailing slash to */wp-admin requests. rewrite /wp-admin$ $scheme://$host$uri/ permanent; diff --git a/sites-available/nginx-varnish-nginx.conf b/sites-available/nginx-varnish-nginx.conf index ed73cb3..1b6e0bc 100644 --- a/sites-available/nginx-varnish-nginx.conf +++ b/sites-available/nginx-varnish-nginx.conf @@ -1,15 +1,15 @@ server { listen 80; - server_name domainname.com; + server_name example.com; # Replace the path with the actual path to WordPress core files - root "/home/username/sites/domainname.com/wordpress"; + root "/home/username/sites/example.com/public"; index index.php; # Logs - do check these, if sth goes wrong - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; include globals/restrictions.conf; include globals/common-locations.conf; @@ -57,10 +57,10 @@ server { # Setup Varnish to use 127.0.0.1:82 as backend for this domain server { listen 127.0.0.1:82; - server_name domainname.com; + server_name example.com; # Replace the path with the actual path to WordPress core files - root "/home/username/sites/domainname.com/wordpress"; + root "/home/username/sites/example.com/public"; index index.php; diff --git a/sites-available/pma.domainname.com.conf b/sites-available/pma.example.com.conf similarity index 71% rename from sites-available/pma.domainname.com.conf rename to sites-available/pma.example.com.conf index c15d723..d5239ce 100644 --- a/sites-available/pma.domainname.com.conf +++ b/sites-available/pma.example.com.conf @@ -8,26 +8,26 @@ server { listen 80; - server_name pma.domainname.com; + server_name pma.example.com; index index.php; # Replace the path with the actual path to Phpmyadmin core files - root /home/username/sites/pma.domainname.com; + root /home/username/sites/pma.example.com/public; - access_log /var/log/nginx/pma.domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/pma.domainname.com-error.log; + access_log /var/log/nginx/pma.example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/pma.example.com-error.log; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } include globals/common-locations.conf; + include globals/restrictions.conf; # The rewrite magic location / { diff --git a/sites-available/ssl-domainname.com.conf b/sites-available/ssl-example.com.conf similarity index 62% rename from sites-available/ssl-domainname.com.conf rename to sites-available/ssl-example.com.conf index eb864f1..14ea70b 100644 --- a/sites-available/ssl-domainname.com.conf +++ b/sites-available/ssl-example.com.conf @@ -2,48 +2,48 @@ # uncomment the following server{} block server { listen 80; - server_name domainname.com www.domainname.com; - return 301 https://domainname.com$request_uri; + server_name example.com www.example.com; + return 301 https://example.com$request_uri; } ### www to non-www redirect server { listen 443 ssl; - server_name www.domainname.com; + server_name www.example.com; # Generate Certificates # http://wiki.nginx.org/HttpSslModule#Generate_Certificates ssl_certificate /path/to/combined.crt; ssl_certificate_key /path/to/server.key; - return 301 $scheme://domainname.com$request_uri; + return 301 $scheme://example.com$request_uri; } server { listen 443 ssl; - server_name domainname.com; + server_name example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/ssl-domainname.com/wordpress; + root /home/username/sites/ssl-example.com/public; ssl_certificate /path/to/combined.crt; ssl_certificate_key /path/to/server.key; - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } include globals/common-locations.conf; + include globals/restrictions.conf; # The rewrite magic location / { diff --git a/sites-available/ssl-www.domainname.com.conf b/sites-available/ssl-www.example.com.conf similarity index 62% rename from sites-available/ssl-www.domainname.com.conf rename to sites-available/ssl-www.example.com.conf index 858b1c3..5712d2d 100644 --- a/sites-available/ssl-www.domainname.com.conf +++ b/sites-available/ssl-www.example.com.conf @@ -2,48 +2,48 @@ # uncomment the following server{} block server { listen 80; - server_name domainname.com www.domainname.com; - return 301 https://domainname.com$request_uri; + server_name example.com www.example.com; + return 301 https://example.com$request_uri; } ### non-www to www redirect server { listen 443 ssl; - server_name domainname.com; + server_name example.com; # Generate Certificates # http://wiki.nginx.org/HttpSslModule#Generate_Certificates ssl_certificate /path/to/combined.crt; ssl_certificate_key /path/to/server.key; - return 301 $scheme://www.domainname.com$request_uri; + return 301 $scheme://www.example.com$request_uri; } server { listen 443 ssl; - server_name www.domainname.com; + server_name www.example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/ssl-www.domainname.com/wordpress; + root /home/username/sites/ssl-www.example.com/public; ssl_certificate /path/to/combined.crt; ssl_certificate_key /path/to/server.key; - access_log /var/log/nginx/domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/domainname.com-error.log; + access_log /var/log/nginx/example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/example.com-error.log; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } include globals/common-locations.conf; + include globals/restrictions.conf; # The rewrite magic location / { diff --git a/sites-available/wpfc.domainname.tld.conf b/sites-available/wpfc.example.com.conf similarity index 56% rename from sites-available/wpfc.domainname.tld.conf rename to sites-available/wpfc.example.com.conf index 221c36f..09ce9f2 100644 --- a/sites-available/wpfc.domainname.tld.conf +++ b/sites-available/wpfc.example.com.conf @@ -1,22 +1,22 @@ server { listen 80; - server_name wpfc.domainname.tld; + server_name wpfc.example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/wpsc.domainname.tld/wordpress; + root /home/username/sites/wpsc.example.com/public; - access_log /var/log/nginx/wpsc.domainname.tld-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/wpsc.domainname.tld-error.log; + access_log /var/log/nginx/wpsc.example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/wpsc.example.com-error.log; include "globals/common-locations.conf"; + include "globals/restrictions.conf"; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi.conf; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass fpm; diff --git a/sites-available/wpsc.domainname.tld.conf b/sites-available/wpsc.example.com.conf similarity index 54% rename from sites-available/wpsc.domainname.tld.conf rename to sites-available/wpsc.example.com.conf index a819724..7cc8cb6 100644 --- a/sites-available/wpsc.domainname.tld.conf +++ b/sites-available/wpsc.example.com.conf @@ -1,15 +1,16 @@ server { listen 80; - server_name wpsc.domainname.com; + server_name wpsc.example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/wpsc.domainname.com/wordpress; + root "/home/username/sites/wpsc.example.com/public"; - access_log /var/log/nginx/wpsc.domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/wpsc.domainname.com-error.log; + access_log /var/log/nginx/wpsc.example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/wpsc.example.com-error.log; include "globals/common-locations.conf"; + include "globals/restrictions.conf"; location ~ \.php$ { try_files $uri =404; @@ -17,7 +18,6 @@ server { include fastcgi.conf; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } diff --git a/sites-available/www.domainname.com.conf b/sites-available/www.example.com.conf similarity index 51% rename from sites-available/www.domainname.com.conf rename to sites-available/www.example.com.conf index 1a6da50..411825c 100644 --- a/sites-available/www.domainname.com.conf +++ b/sites-available/www.example.com.conf @@ -1,29 +1,29 @@ server { listen 80; - server_name domainname.com; - return 301 $scheme://www.domainname.com$request_uri; + server_name example.com; + return 301 $scheme://www.example.com$request_uri; } server { listen 80; - server_name www.domainname.com; + server_name www.example.com; index index.php; # Replace the path with the actual path to WordPress core files - root /home/username/sites/www.domainname.com/wordpress; + root /home/username/sites/www.example.com/wordpress; - access_log /var/log/nginx/www.domainname.com-access.log combined buffer=64k flush=5m if=$loggable; - error_log /var/log/nginx/www.domainname.com-error.log; + access_log /var/log/nginx/www.example.com-access.log combined buffer=64k flush=5m if=$loggable; + error_log /var/log/nginx/www.example.com-error.log; include "globals/common-locations.conf"; + include "globals/restrictions.conf"; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - include "fastcgi_params"; + include "fastcgi.conf"; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass fpm; } diff --git a/sites-enabled/domainname.com.conf b/sites-enabled/domainname.com.conf deleted file mode 120000 index 9830f27..0000000 --- a/sites-enabled/domainname.com.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/domainname.com.conf \ No newline at end of file diff --git a/whitelist.conf b/whitelist.conf new file mode 100644 index 0000000..2acf200 --- /dev/null +++ b/whitelist.conf @@ -0,0 +1,15 @@ +# please use the following format... +# allow ip.add.re.ss; +# both ipv4 and ipv6 addresses can be whitelisted +# CIDR notation is allowed too + + +# allow ip.add.re.ss1; +# allow ip.add.re.ss2; +# allow ip.add.re.ss3; + + +# Please do *not* change the following lines +allow 127.0.0.1; +deny all; +# End of file - No more lines, please! diff --git a/wp-config.php b/wp-config.php deleted file mode 100644 index 27390ba..0000000 --- a/wp-config.php +++ /dev/null @@ -1,14 +0,0 @@ -