2022-03-24 07:43:56 +08:00
|
|
|
# default.conf
|
|
|
|
# redirect to HTTPS
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
listen [::]:80;
|
|
|
|
server_name $host;
|
|
|
|
location / {
|
|
|
|
# update port as needed for host mapped https
|
2023-02-25 06:06:45 +08:00
|
|
|
rewrite ^ https://$host:443$request_uri? permanent;
|
2022-03-24 07:43:56 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
listen [::]:443 ssl http2;
|
|
|
|
server_name $host;
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
root /var/www/html;
|
|
|
|
server_tokens off;
|
|
|
|
client_max_body_size 75M;
|
|
|
|
|
|
|
|
# update ssl files as required by your deployment
|
2023-02-25 06:06:45 +08:00
|
|
|
ssl_certificate /etc/ssl/fullchain.pem;
|
2022-03-24 07:43:56 +08:00
|
|
|
ssl_certificate_key /etc/ssl/privkey.pem;
|
|
|
|
|
|
|
|
# logging
|
|
|
|
access_log /var/log/nginx/wordpress.access.log;
|
|
|
|
error_log /var/log/nginx/wordpress.error.log;
|
|
|
|
|
|
|
|
# some security headers ( optional )
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
|
|
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
|
|
|
2022-07-12 06:58:44 +08:00
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
2022-03-24 07:43:56 +08:00
|
|
|
location / {
|
|
|
|
try_files $uri $uri/ /index.php$is_args$args;
|
|
|
|
}
|
|
|
|
|
2023-02-25 06:06:45 +08:00
|
|
|
location ~ /.well-known {
|
|
|
|
root /usr/share/nginx;
|
|
|
|
allow all;
|
|
|
|
}
|
|
|
|
|
2022-03-24 07:43:56 +08:00
|
|
|
location ~ \.php$ {
|
|
|
|
try_files $uri = 404;
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
fastcgi_pass wordpress:9000;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ /\.ht {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
log_not_found off; access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.svg {
|
|
|
|
log_not_found off; access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /robots.txt {
|
|
|
|
log_not_found off; access_log off; allow all;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
|
|
|
|
expires max;
|
|
|
|
log_not_found off;
|
|
|
|
}
|
2023-02-25 06:06:45 +08:00
|
|
|
|
|
|
|
# avoid attack through POST to xml rpc of wordpress
|
|
|
|
location ^~ /xmlrpc.php {
|
|
|
|
deny all;
|
|
|
|
}
|
2022-03-24 07:43:56 +08:00
|
|
|
}
|