added full nginx example

This commit is contained in:
Peter Molnar 2013-04-04 11:15:47 +01:00
parent b324631392
commit 34eba29c78
3 changed files with 131 additions and 16 deletions

View file

@ -91,16 +91,17 @@ Please post feature requests to [WP-FFPC feature request topic](http://wordpress
What's new: What's new:
* HTML comment option for displaying cache info before closing "body" tag ( a.k.a make sure it works "noob" method ) * HTML comment option for displaying cache info before closing "body" tag ( a.k.a make sure it works "noob" method )
* Pre-cache Engine * introducing the Pre-cache Engine ( only manual pre-cache is enabled for now )
* new, additional invalidation method: clear post & all taxonomy cache * new, additional invalidation method: clear post & all taxonomy cache, including feeds
* full virtual server example to use the plugin with nginx ( originally it was only a snippet required to use the plugin )
What's fixed: What's fixed:
* contributed fixes from [Harold Kyle](https://github.com/haroldkyle "Harold Kyle"): squelched various php and wp notices and warnings, enqueuing admin css and js better * contributed fixes from [Harold Kyle](https://github.com/haroldkyle "Harold Kyle"): squelched various php and wp notices and warnings, enqueuing admin css and js better, better admin panel descriptions
* bugfix for status check ( there were situations where the status was not updated correctly ) * bugfix for status check ( there were situations where the status was not updated correctly )
* manual flush cache bug fixed ( was only flushing if the settings were on flush all ) * manual flush cache bug fixed ( was only flushing if the settings were on flush all )
* bugfix on data & meta prefixes ( some places used hardcoded prefixes ) * bugfix on data & meta prefixes ( some places used hardcoded prefixes )
* feed caching fixed ( due to a security check it turned out, feeds were excluded for a long time ) * feed caching fixed ( due to a security check it turned out feeds were excluded for a long time )
= 1.0 = = 1.0 =
*2013.03.22* *2013.03.22*

View file

@ -766,7 +766,9 @@ if ( ! class_exists( 'WP_FFPC' ) ) {
}'; }';
/* replace the data prefix with the configured one */ /* replace the data prefix with the configured one */
$nginx = str_replace ( 'DATAPREFIX' , $this->options['prefix_data'] , $nginx ); $to_replace = array ( 'DATAPREFIX' , 'SERVERROOT' );
$replace_with = array ( $this->options['prefix_data'], ABSPATH );
$nginx = str_replace ( $to_replace , $replace_with , $nginx );
/* set upstream servers from configured servers, best to get from the actual backend */ /* set upstream servers from configured servers, best to get from the actual backend */
$servers = $this->backend->get_servers(); $servers = $this->backend->get_servers();

View file

@ -1,11 +1,129 @@
http { http {
...
# memcached servers, generated according to wp-ffpc config
upstream memcached-servers { upstream memcached-servers {
MEMCACHED_SERVERS MEMCACHED_SERVERS
} }
...
# PHP-FPM upstream; change it accordingly to your local config!
upstream php-fpm {
server 127.0.0.1:9000;
}
server { server {
... ## Listen ports
listen 80;
listen [::]:80;
# use _ if you want to accept everything, or replace _ with domain
server_name _;
# root of WordPress
root SERVERROOT;
# set up logging
access_log /var/log/nginx/SERVERLOG.access.log;
error_log /var/log/nginx/SERVERLOG.error.log;
# a bit of security; uncomment if you're using any WAF
## Block SQL injections
location ~union.*select.*\( { deny all; }
location ~union.*all.*select.* { deny all; }
location ~concat.*\( { deny all; }
## Block common exploits
location ~ (<|%3C).*script.*(>|%3E) { deny all; }
location ~ base64_(en|de)code\(.*\) { deny all; }
location ~ (\[|\]|\(|\)|<|>|ê|"|\;) { deny all; }
location ~ (%24&x) { deny all; }
location ~ (%0|%A|%B|%C|%D|%E|%F|127\.0) { deny all; }
location ~ \.\.\/ { deny all; }
location ~ ~$ { deny all; }
location ~ proc/self/environ { deny all; }
location ~ /\.(htaccess|htpasswd) { log_not_found off; deny all; }
## Block file injections
location ~ [a-zA-Z0-9_]=http:// { deny all; }
location ~ [a-zA-Z0-9_]=(\.\.//?)+ { deny all; }
location ~ [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { deny all; }
## Disable Akeeba Remote Control 2.5 and earlier
if ($http_user_agent ~ "Indy Library") { return 403; }
## Common bandwidth hoggers and hacking tools.
if ($http_user_agent ~ "libwww-perl") { return 403; }
if ($http_user_agent ~ "GetRight") { return 403; }
if ($http_user_agent ~ "GetWeb!") { return 403; }
if ($http_user_agent ~ "Go!Zilla") { return 403; }
if ($http_user_agent ~ "Download Demon") { return 403; }
if ($http_user_agent ~ "Go-Ahead-Got-It") { return 403; }
if ($http_user_agent ~ "TurnitinBot") { return 403; }
if ($http_user_agent ~ "GrabNet") { return 403; }
## wordpress security
location ~* wp-config.php { deny all; }
location ~* wp-admin/includes { deny all; }
location ~* wp-app\.log { deny all; }
location ~* wp-includes/.*\.php$ { deny all; }
location ~ /wp-content/plugins/akismet/readme\.txt { deny all; }
location ~ (licence|readme|license)\.(html|txt) { deny all; }
location ~ \.(css|js|jpg|jpeg|png|gif)$ {
expires 7d;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
add_header "Vary" "Accept-Encoding";
}
## PHP5-FPM
location ~ (\.php) {
# these settings are usually in fastcgi_params
fastcgi_index index.php;
fastcgi_connect_timeout 10;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 512k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 512k;
fastcgi_temp_file_write_size 512k;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_keep_conn on;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REDIRECT_STATUS 200;
# uncomment these for HTTPS usage
#fastcgi_param HTTPS $https if_not_empty;
#fastcgi_param SSL_PROTOCOL $ssl_protocol if_not_empty;
#fastcgi_param SSL_CIPHER $ssl_cipher if_not_empty;
#fastcgi_param SSL_SESSION_ID $ssl_session_id if_not_empty;
#fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify if_not_empty;
fastcgi_pass php-fpm;
}
location / {
try_files $uri $uri/ @memcached;
}
# try to get result from memcached # try to get result from memcached
location @memcached { location @memcached {
@ -32,20 +150,14 @@ MEMCACHED_SERVERS
} }
if ( $memcached_request = 0) { if ( $memcached_request = 0) {
rewrite ^ /index.php$request_uri last; rewrite ^ /index.php?$args last;
} }
} }
## rewrite rules ## rewrite rules
location @rewrites { location @rewrites {
rewrite ^ /index.php$request_uri last; rewrite ^ /index.php?$args last;
} }
location / {
try_files $uri $uri/ @memcached;
}
...
} }
} }
...