NGINX Config Files

AnsiPress · Feb 21, 2017 · 8626451 · 8626451
1 parent 9cfe0ed
commit 8626451
Show file tree

Hide file tree

Showing 12 changed files with 278 additions and 0 deletions.
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
@@ -11,3 +11,9 @@
   register: package_install
   # The notify will call the ../handlers/main.yml
   notify: service nginx restart
+
+- name: Coping AnsiPress NGINX Files, Hold on...
+  copy:
+    src: ../templates/ansipress
+    dest: /etc/nginx/
+  when: package_install.changed == True
diff --git a/roles/nginx/templates/ansipress/acl.conf b/roles/nginx/templates/ansipress/acl.conf
@@ -0,0 +1,12 @@
+##
+# ACL Settings
+##
+
+# HTTP authentication || IP address
+satisfy any;
+auth_basic "Restricted Area";
+auth_basic_user_file htpasswd;
+
+# Allowed IP Address List
+allow 127.0.0.1;
+deny all;
diff --git a/roles/nginx/templates/ansipress/expires.conf b/roles/nginx/templates/ansipress/expires.conf
@@ -0,0 +1,45 @@
+##
+# Cache Static Files
+##
+
+# Feed
+location ~* \.(rss|atom)$ {
+  expires 1h;
+}
+
+
+location = /robots.txt {
+  try_files $uri $uri/ /index.php?$args;
+  access_log off;
+  log_not_found off;
+}
+
+# Media: images, icons, video, audio, htc
+location ~* \.(jpg|jpeg|gif|png|ico|cur|bmp|svg|svgz|mp4|ogg|ogv|webm|mid|midi|wav|htc|swf)$ {
+  expires max;
+  access_log off;
+  log_not_found off;
+  add_header Cache-Control "public";
+}
+
+# CSS and Javascript
+location ~* \.(css|js)$ {
+  expires max;
+  access_log off;
+  log_not_found off;
+}
+
+# WebFonts
+location ~* \.(ttf|ttc|otf|eot|woff|woff2)$ {
+  expires 1M;
+  access_log off;
+  log_not_found off;
+  add_header Cache-Control "public";
+  add_header "Access-Control-Allow-Origin" "*";
+}
+
+location ~* \.(zip|gz|tar|tgz|rar|bz2|exe|doc|xls|ppt|rtf)$ {
+  expires max;
+  access_log off;
+  log_not_found off;
+}
diff --git a/roles/nginx/templates/ansipress/locations.conf b/roles/nginx/templates/ansipress/locations.conf
@@ -0,0 +1,9 @@
+##
+# Basic Locations Files
+##
+
+location = /robots.txt {
+  try_files $uri $uri/ /index.php?$args;
+  access_log off;
+  log_not_found off;
+}
diff --git a/roles/nginx/templates/ansipress/protect-system-files.conf b/roles/nginx/templates/ansipress/protect-system-files.conf
@@ -0,0 +1,27 @@
+##
+# Protect System Files
+##
+
+# https://www.mnot.net/blog/2010/04/07/well-known
+location ~ /\.well-known {
+ allow all;
+}
+
+# Deny hidden files
+location ~ /\. {
+ deny all;
+ access_log off;
+ log_not_found off;
+}
+
+# Deny backup extensions & log files
+location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|sql|conf|dist|fla|psd|sh|in[ci]|sw[op])$ {
+ deny all;
+ access_log off;
+ log_not_found off;
+}
+
+# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
+if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
+ return 403;
+}
diff --git a/roles/nginx/templates/ansipress/status.conf b/roles/nginx/templates/ansipress/status.conf
@@ -0,0 +1,15 @@
+##
+# Status Pages
+##
+
+location /nginx_status {
+  stub_status on;
+  access_log off;
+  include ansipress/acl.conf;
+}
+
+location ~ ^/(status|ping) {
+  include fastcgi_params;
+  fastcgi_pass php;
+  include ansipress/acl.conf;
+}
diff --git a/roles/nginx/templates/ansipress/wordpress/php.conf b/roles/nginx/templates/ansipress/wordpress/php.conf
@@ -0,0 +1,12 @@
+##
+# PHP NGINX CONFIGURATION
+##
+
+location / {
+  try_files $uri $uri/ /index.php?$args;
+}
+location ~ \.php$ {
+  try_files $uri =404;
+  include fastcgi_params;
+  fastcgi_pass php;
+}
diff --git a/roles/nginx/templates/ansipress/wordpress/w3tc.conf b/roles/nginx/templates/ansipress/wordpress/w3tc.conf
@@ -0,0 +1,32 @@
+##
+# W3TC NGINX CONFIGURATION
+##
+
+set $cache_uri $request_uri;
+# POST requests and URL with a query string should always go to php
+if ($request_method = POST) {
+  set $cache_uri 'null cache';
+}
+if ($query_string != "") {
+  set $cache_uri 'null cache';
+}
+# Don't cache URL containing the following segments
+if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
+  set $cache_uri 'null cache';
+}
+# Don't use the cache for logged in users or recent commenter
+if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
+  set $cache_uri 'null cache';
+}
+# Use cached or actual file if they exists, Otherwise pass request to WordPress
+location / {
+  try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
+}
+location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
+  try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
+}
+location ~ \.php$ {
+  try_files $uri =404;
+  include fastcgi_params;
+  fastcgi_pass php;
+}
diff --git a/roles/nginx/templates/ansipress/wordpress/wpcommon.conf b/roles/nginx/templates/ansipress/wordpress/wpcommon.conf
@@ -0,0 +1,25 @@
+##
+# WordPress COMMON SETTINGS
+##
+
+# Limit access to avoid brute force attack
+location = /wp-login.php {
+  limit_req zone=one burst=1 nodelay;
+  include fastcgi_params;
+  fastcgi_pass php;
+}
+
+# Disable wp-config.txt
+location = /wp-config.txt {
+  deny all;
+  access_log off;
+  log_not_found off;
+}
+
+# Disallow php in upload folder
+location /wp-content/uploads/ {
+  location ~ \.php$ {
+    #Prevent Direct Access Of PHP Files From Web Browsers
+    deny all;
+  }
+}
diff --git a/roles/nginx/templates/ansipress/wordpress/wpfc.conf b/roles/nginx/templates/ansipress/wordpress/wpfc.conf
@@ -0,0 +1,45 @@
+##
+# WPFC NGINX CONFIGURATION
+##
+
+set $skip_cache 0;
+set $var_desktop "fullversion";
+set $var_mobile "mobileversion";
+# POST requests and URL with a query string should always go to php
+if ($request_method = POST) {
+  set $skip_cache 1;
+}
+if ($query_string != "") {
+  set $skip_cache 1;
+}
+# Don't cache URL containing the following segments
+if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
+  set $skip_cache 1;
+}
+# Don't use the cache for logged in users or recent commenter
+if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
+  set $skip_cache 1;
+}
+# Use cached or actual file if they exists, Otherwise pass request to WordPress
+location / {
+  try_files $uri $uri/ /index.php?$args;
+}
+location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
+  try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
+}
+location ~ \.php$ {
+  try_files $uri =404;
+  include fastcgi_params;
+  fastcgi_pass php;
+  fastcgi_cache_bypass $skip_cache;
+  fastcgi_no_cache $skip_cache;
+  fastcgi_cache WORDPRESS;
+}
+location ~ /purge(/.*) {
+  fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1$var_desktop";
+  access_log off;
+}
+location ~ /mpurge(/.*) {
+  fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1$var_mobile";
+  access_log off;
+}
diff --git a/roles/nginx/templates/ansipress/wordpress/wpsc.conf b/roles/nginx/templates/ansipress/wordpress/wpsc.conf
@@ -0,0 +1,33 @@
+##
+# WPSC NGINX CONFIGURATION
+##
+
+set $cache_uri $request_uri;
+# POST requests and URL with a query string should always go to php
+if ($request_method = POST) {
+  set $cache_uri 'null cache';
+}
+if ($query_string != "") {
+  set $cache_uri 'null cache';
+}
+# Don't cache URL containing the following segments
+if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
+  set $cache_uri 'null cache';
+}
+# Don't use the cache for logged in users or recent commenter
+if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
+  set $cache_uri 'null cache';
+}
+# Use cached or actual file if they exists, Otherwise pass request to WordPress
+location / {
+  # If we add index.php?$args its break WooCommerce like plugins
+  # Ref: #330
+  try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
+}
+location ~ \.php$ {
+  try_files $uri =404;
+  include fastcgi_params;
+  fastcgi_pass php;
+  # Following line is needed by WP Super Cache plugin
+  fastcgi_param SERVER_NAME $http_host;
+}
diff --git a/roles/nginx/templates/ansipress/wordpress/yoast.conf b/roles/nginx/templates/ansipress/wordpress/yoast.conf
@@ -0,0 +1,17 @@
+##
+# Yoast Sitemap
+##
+
+location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
+  rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
+  rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
+  # Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
+  rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last;
+  rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
+  # Following lines are options. Needed for WordPress seo addons
+  rewrite ^/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last;
+  rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
+  rewrite ^/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last;
+  rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
+  access_log off;
+}