M readme.txt → readme.txt

@@ -91,16 +91,17 @@
 What's new:
 
 * HTML comment option for displaying cache info before closing "body" tag ( a.k.a make sure it works "noob" method )
-* Pre-cache Engine
-* new, additional invalidation method: clear post & all taxonomy cache
+* introducing the Pre-cache Engine ( only manual pre-cache is enabled for now )
+* new, additional invalidation method: clear post & all taxonomy cache, including feeds
+* full virtual server example to use the plugin with nginx ( originally it was only a snippet required to use the plugin )
 
 What's fixed:
 
-* contributed fixes from [Harold Kyle](https://github.com/haroldkyle "Harold Kyle"): squelched various php and wp notices and warnings, enqueuing admin css and js better
+* contributed fixes from [Harold Kyle](https://github.com/haroldkyle "Harold Kyle"): squelched various php and wp notices and warnings, enqueuing admin css and js better, better admin panel descriptions
 * bugfix for status check ( there were situations where the status was not updated correctly )
 * manual flush cache bug fixed ( was only flushing if the settings were on flush all )
 * bugfix on data & meta prefixes ( some places used hardcoded prefixes )
-* feed caching fixed ( due to a security check it turned out, feeds were excluded for a long time )
+* feed caching fixed ( due to a security check it turned out feeds were excluded for a long time )
 
 = 1.0 =
 *2013.03.22*

M wp-ffpc-class.php → wp-ffpc-class.php

@@ -766,7 +766,9 @@ set $memcached_request 0;
 				}';
 
 			/* replace the data prefix with the configured one */
-			$nginx = str_replace ( 'DATAPREFIX' , $this->options['prefix_data'] , $nginx );
+			$to_replace = array ( 'DATAPREFIX' , 'SERVERROOT' );
+			$replace_with = array ( $this->options['prefix_data'], ABSPATH );
+			$nginx = str_replace ( $to_replace , $replace_with , $nginx );
 
 			/* set upstream servers from configured servers, best to get from the actual backend */
 			$servers = $this->backend->get_servers();

M wp-ffpc-nginx-sample.conf → wp-ffpc-nginx-sample.conf

@@ -1,11 +1,129 @@
 http {
-	...
+
+	# memcached servers, generated according to wp-ffpc config
 	upstream memcached-servers {
 MEMCACHED_SERVERS
 	}
-	...
+
+	# PHP-FPM upstream; change it accordingly to your local config!
+	upstream php-fpm {
+		server 127.0.0.1:9000;
+	}
+
 	server {
-		...
+		## Listen ports
+		listen 80;
+		listen [::]:80;
+
+		# use _ if you want to accept everything, or replace _ with domain
+		server_name _;
+
+		# root of WordPress
+		root SERVERROOT;
+
+		# set up logging
+		access_log /var/log/nginx/SERVERLOG.access.log;
+		error_log /var/log/nginx/SERVERLOG.error.log;
+
+		# a bit of security; uncomment if you're using any WAF
+		## Block SQL injections
+		location ~union.*select.*\( { deny all; }
+		location ~union.*all.*select.* { deny all; }
+		location ~concat.*\( { deny all; }
+
+		## Block common exploits
+		location ~ (<|%3C).*script.*(>|%3E) { deny all; }
+		location ~ base64_(en|de)code\(.*\) { deny all; }
+		location ~ (\[|\]|\(|\)|<|>|ê|"|\;) { deny all; }
+		location ~ (%24&x) { deny all; }
+		location ~ (%0|%A|%B|%C|%D|%E|%F|127\.0) { deny all; }
+		location ~ \.\.\/  { deny all; }
+		location ~ ~$ { deny all; }
+		location ~ proc/self/environ { deny all; }
+		location ~ /\.(htaccess|htpasswd) { log_not_found off; deny all; }
+
+		## Block file injections
+		location ~ [a-zA-Z0-9_]=http:// { deny all; }
+		location ~ [a-zA-Z0-9_]=(\.\.//?)+ { deny all; }
+		location ~ [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { deny all; }
+
+		## Disable Akeeba Remote Control 2.5 and earlier
+		if ($http_user_agent ~ "Indy Library") { return 403; }
+
+		## Common bandwidth hoggers and hacking tools.
+		if ($http_user_agent ~ "libwww-perl") { return 403; }
+		if ($http_user_agent ~ "GetRight") { return 403; }
+		if ($http_user_agent ~ "GetWeb!") { return 403; }
+		if ($http_user_agent ~ "Go!Zilla") { return 403; }
+		if ($http_user_agent ~ "Download Demon") { return 403; }
+		if ($http_user_agent ~ "Go-Ahead-Got-It") { return 403; }
+		if ($http_user_agent ~ "TurnitinBot") { return 403; }
+		if ($http_user_agent ~ "GrabNet") { return 403; }
+
+		## wordpress security
+		location ~* wp-config.php { deny all; }
+		location ~* wp-admin/includes { deny all; }
+		location ~* wp-app\.log { deny all; }
+		location ~* wp-includes/.*\.php$ { deny all; }
+		location ~ /wp-content/plugins/akismet/readme\.txt { deny all; }
+		location ~ (licence|readme|license)\.(html|txt) { deny all; }
+
+		location ~ \.(css|js|jpg|jpeg|png|gif)$ {
+			expires 7d;
+			add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+			add_header "Vary" "Accept-Encoding";
+		}
+
+		## PHP5-FPM
+		location ~ (\.php) {
+			# these settings are usually in fastcgi_params
+
+			fastcgi_index                           index.php;
+			fastcgi_connect_timeout                 10;
+			fastcgi_send_timeout                    180;
+			fastcgi_read_timeout                    180;
+			fastcgi_buffer_size                     512k;
+			fastcgi_buffers                         4       256k;
+			fastcgi_busy_buffers_size               512k;
+			fastcgi_temp_file_write_size            512k;
+			fastcgi_intercept_errors                on;
+			fastcgi_split_path_info ^(.+\.php)(/.*)$;
+			fastcgi_keep_conn			on;
+
+			fastcgi_param	QUERY_STRING			$query_string;
+			fastcgi_param	REQUEST_METHOD			$request_method;
+			fastcgi_param	CONTENT_TYPE			$content_type;
+			fastcgi_param	CONTENT_LENGTH			$content_length;
+			fastcgi_param	SCRIPT_FILENAME			$document_root$fastcgi_script_name;
+			fastcgi_param	SCRIPT_NAME				$fastcgi_script_name;
+			fastcgi_param	REQUEST_URI				$request_uri;
+			fastcgi_param	DOCUMENT_URI			$document_uri;
+			fastcgi_param	DOCUMENT_ROOT			$document_root;
+			fastcgi_param	SERVER_PROTOCOL			$server_protocol;
+			fastcgi_param	GATEWAY_INTERFACE		CGI/1.1;
+			fastcgi_param	SERVER_SOFTWARE			nginx;
+			fastcgi_param	REMOTE_ADDR				$remote_addr;
+			fastcgi_param	REMOTE_PORT				$remote_port;
+			fastcgi_param	SERVER_ADDR				$server_addr;
+			fastcgi_param	SERVER_PORT				$server_port;
+			fastcgi_param	SERVER_NAME				$server_name;
+			fastcgi_param	PATH_INFO				$fastcgi_path_info;
+			fastcgi_param	PATH_TRANSLATED			$document_root$fastcgi_path_info;
+			fastcgi_param	REDIRECT_STATUS			200;
+
+			# uncomment these for HTTPS usage
+			#fastcgi_param	HTTPS					$https if_not_empty;
+			#fastcgi_param	SSL_PROTOCOL			$ssl_protocol if_not_empty;
+			#fastcgi_param	SSL_CIPHER				$ssl_cipher if_not_empty;
+			#fastcgi_param	SSL_SESSION_ID			$ssl_session_id if_not_empty;
+			#fastcgi_param	SSL_CLIENT_VERIFY		$ssl_client_verify if_not_empty;
+
+			fastcgi_pass php-fpm;
+		}
+
+		location / {
+			try_files $uri $uri/ @memcached;
+		}
 
 		# try to get result from memcached
 		location @memcached {
@@ -32,20 +150,14 @@ error_page 404 = @rewrites;
 				}
 
 				if ( $memcached_request = 0) {
-						rewrite ^ /index.php$request_uri last;
+						rewrite ^ /index.php?$args last;
 				}
 		}
 
 		## rewrite rules
 		location @rewrites {
-				rewrite ^ /index.php$request_uri last;
-		}
-
-		location / {
-				try_files $uri $uri/ @memcached;
+				rewrite ^ /index.php?$args last;
 		}
 
-		...
 	}
 }
-...