Created
November 26, 2023 06:11
-
-
Save s0u7a/a93852bc5be523ff12073e89f5f5684b to your computer and use it in GitHub Desktop.
My LAMP openresty+fastcgi+wordpress's nginx configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user nobody nogroup; | |
worker_processes auto; | |
worker_rlimit_nofile 100000; | |
error_log logs/error.log; | |
error_log logs/error.log notice; | |
error_log logs/error.log info; | |
pid logs/nginx.pid; | |
events | |
{ | |
worker_connections 2048; | |
multi_accept on; | |
use epoll; | |
} | |
http | |
{ | |
include mime.types; | |
default_type application/octet-stream; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log logs/access.log main; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
server_tokens off; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay off; | |
keepalive_timeout 3; | |
client_header_timeout 60; | |
client_body_timeout 60; | |
reset_timedout_connection on; | |
send_timeout 60; | |
limit_conn_zone $binary_remote_addr zone=addr:10m; | |
limit_conn addr 100; | |
#charset UTF-8; | |
gzip on; | |
gzip_http_version 1.0; | |
gzip_disable "msie6"; | |
gzip_proxied any; | |
gzip_min_length 1024; | |
gzip_comp_level 6; | |
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/json; | |
open_file_cache max=1000 inactive=10s; | |
open_file_cache_valid 60s; | |
open_file_cache_min_uses 1; | |
open_file_cache_errors on; | |
proxy_ignore_headers Set-Cookie; | |
proxy_hide_header Set-Cookie; | |
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare | |
resolver_timeout 5s; | |
server | |
{ | |
listen 80; | |
listen [::]:80; | |
server_name vps.s0u7a.net; | |
return 301 https://vps.s0u7a.net$request_uri; | |
} | |
server | |
{ | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
ssl_protocols TLSv1.2 TLSv1.3; | |
ssl_certificate /etc/ssl/certs/origin.pem; | |
ssl_certificate_key /etc/ssl/private/private_key.pem; | |
server_name vps.s0u7a.net; | |
access_log /var/log/webapp/access.log; | |
error_log /var/log/webapp/error.log; | |
root html; | |
# BEGIN W3TC Browser Cache | |
gzip on; | |
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext text/plain text/xsd text/xsl text/xml image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon application/json application/vnd.ms-access video/webm application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint image/svg+xml application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel; | |
location ~ \.(css|htc|less|js|js2|js3|js4)$ { | |
expires 31536000s; | |
etag on; | |
if_modified_since exact; | |
add_header Pragma "public"; | |
add_header Cache-Control "public"; | |
add_header Referrer-Policy "no-referrer-when-downgrade"; | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$ { | |
etag on; | |
if_modified_since exact; | |
add_header Pragma "public"; | |
add_header Cache-Control "max-age=3600, public"; | |
add_header Referrer-Policy "no-referrer-when-downgrade"; | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.(asf|asx|wax|wmv|wmx|avi|avif|avifs|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ { | |
expires 31536000s; | |
etag on; | |
if_modified_since exact; | |
add_header Pragma "public"; | |
add_header Cache-Control "public"; | |
add_header Referrer-Policy "no-referrer-when-downgrade"; | |
location ~* ^(?<path>.+)\.(jpe?g|png|gif)$ { | |
if ( $http_accept !~* "webp|\*/\*" ) { | |
break; | |
} | |
expires 31536000s; | |
etag on; | |
if_modified_since exact; | |
add_header Pragma "public"; | |
add_header Cache-Control "public"; | |
add_header Referrer-Policy "no-referrer-when-downgrade"; | |
add_header Vary Accept; | |
try_files ${path}.webp $uri /index.php?$args; | |
} | |
try_files $uri $uri/ /index.php?$args; | |
} | |
add_header Referrer-Policy "no-referrer-when-downgrade"; | |
# END W3TC Browser Cache | |
location / | |
{ | |
index index.html index.htm index.php index.py index.rb index.pl index.cgi index.sh; | |
#return 301 https://$host$request_uri; | |
} | |
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; | |
location ~ \.(php|phar)(/.*)?$ { | |
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; | |
if (!-f $document_root$fastcgi_script_name) | |
{ | |
return 404; | |
} | |
try_files $uri /404.html; | |
client_max_body_size 100m; | |
fastcgi_param HTTP_PROXY ""; | |
fastcgi_pass unix:/run/php/php8.2-fpm.sock; | |
fastcgi_index index.php; | |
include fastcgi_params; | |
} | |
location ~ \.(cgi|py|pl|rb|sh)$ { | |
include fastcgi_params; | |
try_files $uri /404.html; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_pass unix:/var/run/spawn-fcgi.socket; | |
} | |
location ~ /\.ht | |
{ | |
deny all; | |
} | |
location ~* /wp-config.php | |
{ | |
deny all; | |
} | |
ssl_session_cache shared:SSL:1m; | |
ssl_session_timeout 5m; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment