-
-
Save k0mpilator/87626da041f4c28e747e3a4d0113563c to your computer and use it in GitHub Desktop.
Nginx Server Configuration - WordPress
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name _DOMAIN_; | |
| root /home/_USER_/www/_DOMAIN_; | |
| index index.php; | |
| rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last; | |
| rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; | |
| charset utf-8; | |
| rewrite ^/favicon.png$ /favicon.ico last; | |
| location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | |
| expires max; | |
| add_header Pragma public; | |
| add_header Cache-Control "public, max-age, must-revalidate, proxy-revalidate"; | |
| } | |
| location = /robots.txt { | |
| allow all; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~ /\. { | |
| deny all; | |
| } | |
| location / { | |
| try_files $uri $uri/ /index.php?$args; | |
| } | |
| # No Cache | |
| rewrite /wp-admin$ $scheme://$host$uri/ permanent; | |
| # LOGS | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~ /\. { | |
| access_log off; | |
| log_not_found off; | |
| } | |
| access_log /var/log/nginx/_USER_.access.log; | |
| error_log /var/log/nginx/_USER_.error.log; | |
| location ~ \.php$ { | |
| try_files $uri = 404; | |
| include fastcgi_params; | |
| fastcgi_pass unix:/var/run/php5-fpm._USER_.sock; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| } | |
| # SECURITY | |
| ## nocgi | |
| location ~* \.(pl|cgi|py|sh|lua)\$ { | |
| return 444; | |
| } | |
| ## Deny some files | |
| location ~ /(\.|wp-config.php|readme.html|license.txt) { | |
| deny all; | |
| } | |
| # http://blog.bigdinosaur.org/wordpress-on-nginx/ | |
| # Common deny or internal locations, to help prevent access to not-public areas | |
| location ~* wp-admin/includes { deny all; } | |
| location ~* wp-includes/theme-compat/ { deny all; } | |
| location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; } | |
| location /wp-content/ { internal; } | |
| location /wp-includes/ { internal; } | |
| location ~* wp-config.php { deny all; } | |
| # Prevent any potentially-executable files in the uploads directory from being executed | |
| # by forcing their MIME type to text/plain | |
| location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ { | |
| types { } | |
| default_type text/plain; | |
| } | |
| # Redirect 403 errors to 404 error to fool attackers | |
| error_page 403 = 404; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment