/
staging-nginx.conf
93 lines (76 loc) · 3.11 KB
/
staging-nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
server {
server_name www.example.com example.com;
root /home/wordpress/sites/example;
index index.html index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# WordPress multisite subdirectory rules.
# Designed to be included in any server {} block.
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
}
# If we have a php file to run from a plugin or theme, do this
location ~ wp-content/(plugins|themes)/(.*\.php)$ {
alias /home/wordpress/sites/example/$1/$2;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/tmp/php5-fpm.sock;
}
# If we are trying to load any other static file, do this
location ~ wp-content/(plugins|blogs\.dir|themes|uploads|fragment-cache)/(.*)$ {
alias /home/wordpress/sites/example/$1/$2;
}
# If you setup blog slug symlinks in blogs.dir, turn this on to serve media directly
#rewrite ^/([^/]+/files/.+)$ /blogs.dir/$1 last;
# Otherwise, have WordPress find the file and send it
if ($uri !~ wp-content) {
rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
# expires 24h;
expires max;
log_not_found off;
}
# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
rewrite ^/[_0-9a-zA-Z-]+(/wp-includes.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/wp-admin.*) $1 last;
#rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/[^/]*\.php)$ $1 last;
}
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_pass unix:/tmp/php5-fpm.sock;
}
}