automation/deployer/roles/build/templates/wordpress/nginx/nginx.conf.j2

128 lines
No EOL
2.9 KiB
Django/Jinja

user www-data www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
set_real_ip_from {{ site.subnet_gateway_ip }};
log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15s;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 10M;
client_body_timeout 60;
# server_names_hash_bucket_size 64;
server_name_in_redirect off;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default;
listen [::]:80 default;
server_name {{ site.url }} www.{{ site.url }};
root /var/www/html;
index index.php;
# Restrictions
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location = /_.gif {
expires max;
empty_gif;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# XMLRPC is a great way to bruteforce passwords
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
# Breaks site...
# try_files $fastcgi_script_name =404;
# Block httpoxy attacks. See https://httpoxy.org/ :
fastcgi_param HTTP_PROXY "";
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
# Do not diplay errors:
# fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_pass site:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}