added full nginx example
This commit is contained in:
Peter Molnar
parent
b324631392
commit
34eba29c78
3 changed files with 131 additions and 16 deletions
|
|
@ -91,16 +91,17 @@ Please post feature requests to [WP-FFPC feature request topic](http://wordpress
|
|||
What's new:
|
||||
|
||||
* HTML comment option for displaying cache info before closing "body" tag ( a.k.a make sure it works "noob" method )
|
||||
* Pre-cache Engine
|
||||
* new, additional invalidation method: clear post & all taxonomy cache
|
||||
* introducing the Pre-cache Engine ( only manual pre-cache is enabled for now )
|
||||
* new, additional invalidation method: clear post & all taxonomy cache, including feeds
|
||||
* full virtual server example to use the plugin with nginx ( originally it was only a snippet required to use the plugin )
|
||||
|
||||
What's fixed:
|
||||
|
||||
* contributed fixes from [Harold Kyle](https://github.com/haroldkyle "Harold Kyle"): squelched various php and wp notices and warnings, enqueuing admin css and js better
|
||||
* contributed fixes from [Harold Kyle](https://github.com/haroldkyle "Harold Kyle"): squelched various php and wp notices and warnings, enqueuing admin css and js better, better admin panel descriptions
|
||||
* bugfix for status check ( there were situations where the status was not updated correctly )
|
||||
* manual flush cache bug fixed ( was only flushing if the settings were on flush all )
|
||||
* bugfix on data & meta prefixes ( some places used hardcoded prefixes )
|
||||
* feed caching fixed ( due to a security check it turned out, feeds were excluded for a long time )
|
||||
* feed caching fixed ( due to a security check it turned out feeds were excluded for a long time )
|
||||
|
||||
= 1.0 =
|
||||
*2013.03.22*
|
||||
|
|
|
|||
|
|
@ -766,7 +766,9 @@ if ( ! class_exists( 'WP_FFPC' ) ) {
|
|||
}';
|
||||
|
||||
/* replace the data prefix with the configured one */
|
||||
$nginx = str_replace ( 'DATAPREFIX' , $this->options['prefix_data'] , $nginx );
|
||||
$to_replace = array ( 'DATAPREFIX' , 'SERVERROOT' );
|
||||
$replace_with = array ( $this->options['prefix_data'], ABSPATH );
|
||||
$nginx = str_replace ( $to_replace , $replace_with , $nginx );
|
||||
|
||||
/* set upstream servers from configured servers, best to get from the actual backend */
|
||||
$servers = $this->backend->get_servers();
|
||||
|
|
|
|||
|
|
@ -1,11 +1,129 @@
|
|||
http {
|
||||
...
|
||||
|
||||
# memcached servers, generated according to wp-ffpc config
|
||||
upstream memcached-servers {
|
||||
MEMCACHED_SERVERS
|
||||
}
|
||||
...
|
||||
|
||||
# PHP-FPM upstream; change it accordingly to your local config!
|
||||
upstream php-fpm {
|
||||
server 127.0.0.1:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
...
|
||||
## Listen ports
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# use _ if you want to accept everything, or replace _ with domain
|
||||
server_name _;
|
||||
|
||||
# root of WordPress
|
||||
root SERVERROOT;
|
||||
|
||||
# set up logging
|
||||
access_log /var/log/nginx/SERVERLOG.access.log;
|
||||
error_log /var/log/nginx/SERVERLOG.error.log;
|
||||
|
||||
# a bit of security; uncomment if you're using any WAF
|
||||
## Block SQL injections
|
||||
location ~union.*select.*\( { deny all; }
|
||||
location ~union.*all.*select.* { deny all; }
|
||||
location ~concat.*\( { deny all; }
|
||||
|
||||
## Block common exploits
|
||||
location ~ (<|%3C).*script.*(>|%3E) { deny all; }
|
||||
location ~ base64_(en|de)code\(.*\) { deny all; }
|
||||
location ~ (\[|\]|\(|\)|<|>|ê|"|\;) { deny all; }
|
||||
location ~ (%24&x) { deny all; }
|
||||
location ~ (%0|%A|%B|%C|%D|%E|%F|127\.0) { deny all; }
|
||||
location ~ \.\.\/ { deny all; }
|
||||
location ~ ~$ { deny all; }
|
||||
location ~ proc/self/environ { deny all; }
|
||||
location ~ /\.(htaccess|htpasswd) { log_not_found off; deny all; }
|
||||
|
||||
## Block file injections
|
||||
location ~ [a-zA-Z0-9_]=http:// { deny all; }
|
||||
location ~ [a-zA-Z0-9_]=(\.\.//?)+ { deny all; }
|
||||
location ~ [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { deny all; }
|
||||
|
||||
## Disable Akeeba Remote Control 2.5 and earlier
|
||||
if ($http_user_agent ~ "Indy Library") { return 403; }
|
||||
|
||||
## Common bandwidth hoggers and hacking tools.
|
||||
if ($http_user_agent ~ "libwww-perl") { return 403; }
|
||||
if ($http_user_agent ~ "GetRight") { return 403; }
|
||||
if ($http_user_agent ~ "GetWeb!") { return 403; }
|
||||
if ($http_user_agent ~ "Go!Zilla") { return 403; }
|
||||
if ($http_user_agent ~ "Download Demon") { return 403; }
|
||||
if ($http_user_agent ~ "Go-Ahead-Got-It") { return 403; }
|
||||
if ($http_user_agent ~ "TurnitinBot") { return 403; }
|
||||
if ($http_user_agent ~ "GrabNet") { return 403; }
|
||||
|
||||
## wordpress security
|
||||
location ~* wp-config.php { deny all; }
|
||||
location ~* wp-admin/includes { deny all; }
|
||||
location ~* wp-app\.log { deny all; }
|
||||
location ~* wp-includes/.*\.php$ { deny all; }
|
||||
location ~ /wp-content/plugins/akismet/readme\.txt { deny all; }
|
||||
location ~ (licence|readme|license)\.(html|txt) { deny all; }
|
||||
|
||||
location ~ \.(css|js|jpg|jpeg|png|gif)$ {
|
||||
expires 7d;
|
||||
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
|
||||
add_header "Vary" "Accept-Encoding";
|
||||
}
|
||||
|
||||
## PHP5-FPM
|
||||
location ~ (\.php) {
|
||||
# these settings are usually in fastcgi_params
|
||||
|
||||
fastcgi_index index.php;
|
||||
fastcgi_connect_timeout 10;
|
||||
fastcgi_send_timeout 180;
|
||||
fastcgi_read_timeout 180;
|
||||
fastcgi_buffer_size 512k;
|
||||
fastcgi_buffers 4 256k;
|
||||
fastcgi_busy_buffers_size 512k;
|
||||
fastcgi_temp_file_write_size 512k;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
fastcgi_keep_conn on;
|
||||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx;
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
||||
|
||||
# uncomment these for HTTPS usage
|
||||
#fastcgi_param HTTPS $https if_not_empty;
|
||||
#fastcgi_param SSL_PROTOCOL $ssl_protocol if_not_empty;
|
||||
#fastcgi_param SSL_CIPHER $ssl_cipher if_not_empty;
|
||||
#fastcgi_param SSL_SESSION_ID $ssl_session_id if_not_empty;
|
||||
#fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify if_not_empty;
|
||||
|
||||
fastcgi_pass php-fpm;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ @memcached;
|
||||
}
|
||||
|
||||
# try to get result from memcached
|
||||
location @memcached {
|
||||
|
|
@ -32,20 +150,14 @@ MEMCACHED_SERVERS
|
|||
}
|
||||
|
||||
if ( $memcached_request = 0) {
|
||||
rewrite ^ /index.php$request_uri last;
|
||||
rewrite ^ /index.php?$args last;
|
||||
}
|
||||
}
|
||||
|
||||
## rewrite rules
|
||||
location @rewrites {
|
||||
rewrite ^ /index.php$request_uri last;
|
||||
rewrite ^ /index.php?$args last;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ @memcached;
|
||||
}
|
||||
|
||||
...
|
||||
}
|
||||
}
|
||||
...
|
||||
|
|
|
|||
Loading…
Reference in a new issue