Permalink
Browse files

* Initial commit of WP Nginx config wp-super-cache compatible.

  • Loading branch information...
perusio committed Jan 29, 2011
0 parents commit 78298aab7b8424c8bc6f9bd0e066b729913ab1b7
Showing with 916 additions and 0 deletions.
  1. +167 −0 README.md
  2. +9 −0 fastcgi.conf
  3. +24 −0 fastcgi_params
  4. +109 −0 koi-utf
  5. +103 −0 koi-win
  6. +77 −0 mime.types
  7. +88 −0 nginx.conf
  8. +19 −0 sites-available/default
  9. +139 −0 sites-available/example.com
  10. +55 −0 sites-available/wp_supercache.conf
  11. +126 −0 win-utf
167 README.md
@@ -0,0 +1,167 @@
+# Nginx configuration for WordPress
+
+## Introduction
+
+ This is a nginx configuration for running [WordPress](http://wordpress.org "WordPress").
+
+ It differs from the _usual_ configuration, like the
+ [one](http://wiki.nginx.org/Wordpress "Nginx Wiki WordPress
+ config") available on the [Nginx Wiki](http://wiki.nginx.org "Nginx
+ Wiki").
+
+ It makes use of **nested locations** with named capture groups
+ instead of
+ [fastcgi_split\_path\_info](http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info
+ "FastCGI split path info").
+
+ This example configuration assumes that the site is called
+ `example.com`. Change accordingly to reflect your server setup.
+
+## Features
+
+ 1. Filtering of invalid HTTP `Host` headers.
+
+ 2. Access to install files, like `install.php,` is protected using
+ [HTTP Basic Auth](http://wiki.nginx.org/NginxHttpAuthBasicModule
+ "Basic Auth Nginx Module").
+
+ 3. Protection of all the _internal_ directories, like version
+ control repositories and the `readme` file(s)
+ that come with WP or an external plugin.
+
+ 4. Faster and more secure handling of PHP FastCGI by Nginx using
+ named groups in regular expressions instead of using
+ [fastcgi_split\_path\_info](http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info
+ "FastCGI split path info"). Requires Nginx version ≥ 0.8.25.
+
+ 5. Compatible with the WordPress plugin
+ [wp-super-cache](http://wordpress.org/extend/plugins/wp-super-cache "WordPress
+ SuperCache") for serving static pages to anonymous users.
+
+
+## Basic Auth for access to restricted files like install.php
+
+ `install.php` and the WordPress `readme.html` are protected using
+ Basic Auth. The readme file discloses the version number of
+ WordPress.
+
+ Not only `install.php`, but any PHP file that has **install.php**
+ as the ending is protected. This way if, for example, there's a
+ permission problem with `wp-config.php` and WP can't read the file
+ it will invoke `install.php` since it assumes that if no specific
+ configuration information is available then the site must not yet
+ be installed. Now imagine that this happens on your site and that
+ someone stumbles on the `install.php`? If not protected by the
+ Basic Auth, information disclosure would be the least potential
+ problem.
+
+ You have to create the `.htpasswd-users` file with the user(s) and
+ password(s). For that, if you're on Debian or any of its
+ derivatives like Ubuntu you need the
+ [apache2-utils](http://packages.debian.org/search?suite%3Dall&section%3Dall&arch%3Dany&searchon%3Dnames&keywords%3Dapache2-utils)
+ package installed. Then create your password file by issuing:
+
+ htpasswd -d -b -c .htpasswd-users <user> <password>
+
+ You should delete this command from your shell history
+ afterwards with `history -d <command number>` or alternatively
+ omit the `-b` switch, then you'll be prompted for the password.
+
+ This creates the file (there's a `-c` switch). For adding
+ additional users omit the `-c`.
+
+ Of course you can rename the password file to whatever you want,
+ then accordingly change its name in the virtual host config
+ file, `example.com`.
+
+## Installation
+
+ 1. Move the old `/etc/nginx` directory to `/etc/nginx.old`.
+
+ 2. Clone the git repository from github:
+
+ `git clone https://github.com/perusio/chive-wordpress.git`
+
+ 3. Edit the `sites-available/example.com` configuration file to
+ suit your requirements. Namely replacing `example.com` with
+ **your** domain.
+
+ 4. Setup the PHP handling method. It can be:
+
+ + Upstream HTTP server like Apache with mod_php
+
+ + FastCGI process using php-cgi. In this case an
+ [init script](https://github.com/perusio/php-fastcgi-debian-script
+ "Init script for php-cgi") is
+ required. This is how the server is configured out of the
+ box. It uses UNIX sockets. You can use TCP sockets if you prefer.
+
+ + [PHP FPM](http://www.php-fpm.org "PHP FPM"), this requires you
+ to configure your fpm setup, in Debian/Ubuntu this is done in
+ the `/etc/php5/fpm` directory.
+
+ Check that the socket is properly created and is listening. This
+ can be done with `netstat`, like this for UNIX sockets:
+
+ `netstat --unix -l`
+
+ `netstat -t -l`
+
+ It should display the PHP CGI socket.
+
+ 5. Create the `/etc/nginx/sites-enabled` directory and enable the
+ virtual host using one of the methods described below.
+
+ 6. Reload Nginx:
+
+ `/etc/init.d/nginx reload`
+
+ 7. Check that WordPress is working by visiting the configured site
+ in your browser.
+
+ 8. Remove the `/etc/nginx.old` directory.
+
+ 9. Done.
+
+## Enabling and Disabling Virtual Hosts
+
+ I've created a shell script
+ [nginx_ensite](http://github.com/perusio/nginx_ensite) that lives
+ here on github for quick enabling and disabling of virtual hosts.
+
+ If you're not using that script then you have to **manually**
+ create the symlinks from `sites-enabled` to `sites-available`. Only
+ the virtual hosts configured in `sites-enabled` will be available
+ for Nginx to serve.
+
+
+## Getting the latest Nginx packaged for Debian or Ubuntu
+
+ I maintain a [debian repository](http://debian.perusio.net/unstable
+ "my debian repo") with the
+ [latest](http://nginx.org/en/download.html "Nginx source download")
+ version of Nginx. This is packaged for Debian **unstable** or
+ **testing**. The instructions for using the repository are
+ presented on this [page](http://debian.perusio.net/debian.html
+ "Repository instructions").
+
+ It may work or not on Ubuntu. Since Ubuntu seems to appreciate more
+ finding semi-witty names for their releases instead of making clear
+ what's the status of the software included, meaning. Is it
+ **stable**? Is it **testing**? Is it **unstable**? The package may
+ work with your currently installed environment or not. I don't have
+ the faintest idea which release to advise. So you're on your
+ own. Generally the APT machinery will sort out for you any
+ dependencies issues that might exist.
+
+## My other Nginx configurations on github
+
+ + [drupal](https://github.com/perusio/drupal-with-nginx "Drupal
+ Nginx configuration")
+
+ + [piwik](https://github.com/perusio/piwik-nginx "Piwik Nginx
+ configuration")
+
+ + [chive](https://github.com/perusio/piwik-nginx "Chive Nginx
+ configuration")
+
@@ -0,0 +1,9 @@
+#-*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+### fastcgi configuration.
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+include fastcgi_params;
+fastcgi_buffers 256 4k;
+fastcgi_intercept_errors on;
+## allow 4 hrs - pass timeout responsibility to upstrea
+fastcgi_read_timeout 14400;
+fastcgi_index index.php;
@@ -0,0 +1,24 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+### fastcgi parameters.
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
109 koi-utf
@@ -0,0 +1,109 @@
+
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+
+charset_map koi8-r utf-8 {
+
+ 80 E282AC ; # euro
+
+ 95 E280A2 ; # bullet
+
+ 9A C2A0 ; # &nbsp;
+
+ 9E C2B7 ; # &middot;
+
+ A3 D191 ; # small yo
+ A4 D194 ; # small Ukrainian ye
+
+ A6 D196 ; # small Ukrainian i
+ A7 D197 ; # small Ukrainian yi
+
+ AD D291 ; # small Ukrainian soft g
+ AE D19E ; # small Byelorussian short u
+
+ B0 C2B0 ; # &deg;
+
+ B3 D081 ; # capital YO
+ B4 D084 ; # capital Ukrainian YE
+
+ B6 D086 ; # capital Ukrainian I
+ B7 D087 ; # capital Ukrainian YI
+
+ B9 E28496 ; # numero sign
+
+ BD D290 ; # capital Ukrainian soft G
+ BE D18E ; # capital Byelorussian short U
+
+ BF C2A9 ; # (C)
+
+ C0 D18E ; # small yu
+ C1 D0B0 ; # small a
+ C2 D0B1 ; # small b
+ C3 D186 ; # small ts
+ C4 D0B4 ; # small d
+ C5 D0B5 ; # small ye
+ C6 D184 ; # small f
+ C7 D0B3 ; # small g
+ C8 D185 ; # small kh
+ C9 D0B8 ; # small i
+ CA D0B9 ; # small j
+ CB D0BA ; # small k
+ CC D0BB ; # small l
+ CD D0BC ; # small m
+ CE D0BD ; # small n
+ CF D0BE ; # small o
+
+ D0 D0BF ; # small p
+ D1 D18F ; # small ya
+ D2 D180 ; # small r
+ D3 D181 ; # small s
+ D4 D182 ; # small t
+ D5 D183 ; # small u
+ D6 D0B6 ; # small zh
+ D7 D0B2 ; # small v
+ D8 D18C ; # small soft sign
+ D9 D18B ; # small y
+ DA D0B7 ; # small z
+ DB D188 ; # small sh
+ DC D18D ; # small e
+ DD D189 ; # small shch
+ DE D187 ; # small ch
+ DF D18A ; # small hard sign
+
+ E0 D0AE ; # capital YU
+ E1 D090 ; # capital A
+ E2 D091 ; # capital B
+ E3 D0A6 ; # capital TS
+ E4 D094 ; # capital D
+ E5 D095 ; # capital YE
+ E6 D0A4 ; # capital F
+ E7 D093 ; # capital G
+ E8 D0A5 ; # capital KH
+ E9 D098 ; # capital I
+ EA D099 ; # capital J
+ EB D09A ; # capital K
+ EC D09B ; # capital L
+ ED D09C ; # capital M
+ EE D09D ; # capital N
+ EF D09E ; # capital O
+
+ F0 D09F ; # capital P
+ F1 D0AF ; # capital YA
+ F2 D0A0 ; # capital R
+ F3 D0A1 ; # capital S
+ F4 D0A2 ; # capital T
+ F5 D0A3 ; # capital U
+ F6 D096 ; # capital ZH
+ F7 D092 ; # capital V
+ F8 D0AC ; # capital soft sign
+ F9 D0AB ; # capital Y
+ FA D097 ; # capital Z
+ FB D0A8 ; # capital SH
+ FC D0AD ; # capital E
+ FD D0A9 ; # capital SHCH
+ FE D0A7 ; # capital CH
+ FF D0AA ; # capital hard sign
+}
Oops, something went wrong.

0 comments on commit 78298aa

Please sign in to comment.