WordPress specific Nginx configuration templates and best practices!
HTML Shell
Switch branches/tags
Nothing to show
Clone or download
pothi Merge pull request #13 from frudas24/master
Update a Comment Label
Latest commit 7127028 Jun 11, 2018

README.md

WordPress Nginx Configuration Templates

WordPress specific Nginx configurations, tweaks, and much more!

Features

There are multiplpe advantages of using this repo as your go-to nginx configuration.

  • Correct use of if statement because ifisevil.
  • SSL / LetsEncrypt / Certbot compatible.
  • Multisite support.
  • Contains ready-to-use sample vhost entries.
  • Continuously updated sample configurations with best practices.
  • IPv6 is supported out of the box.
  • Cloudflare support.
  • WebP support.

Available templates / vhost entries

  • WP Super Cache plugin (with support for SSL and separate mobile cache)
  • WP Rocket cache plugin (SSL and / or mobile supported out of the box)
  • WP Fastest Cache plugin (SSL and / or mobile supported out of the box)
  • Multisite (sub-domain and sub-directory)
  • Varnish with Nginx for SSL termination.
  • Custom error pages.
  • Catchall template.

Performance

  • All static content have maximum expiration headers.
  • SSL session cache is enabled by default.
  • Google PageSpeed Module support.
  • Open file cache support.
  • Server-level 301 support (for http => https, non-www => www, etc).
  • Autoptimize support.

Security

  • Support for strong dhparam.
  • TLSv1 and other insecure protocols are disabled by default.
  • Mitigate httpoxy vulnerability.
  • HSTS support.
  • All hidden and backup files are forbidden by default.
  • Passes most security features in Sonar Scanner.

Compatibility

Tested with the following servers...

  • Debian Debian 9 (Stretch)
  • Ubuntu 16.04 LTS (Xenial Xerus)
  • Ubuntu 18.04 LTS (Bionic Beaver)

Test with the following Nginx versions...

  • Stable verisons 1.12.x and 1.14.x
  • Mainline versions 1.13.x

For RPM based distros (Fedora, Redhat, CentOS and Amazon Linux AMI), the configuration mentioned in the repo should work. Additional steps may be needed, though. See below for some details!

How to Deploy

For all the steps mentioned below, you need sudo or root privileges!

Step #1 - Install Nginx

You may use the official Nginx repo or just use the Nginx package that comes with the OS. Both would work fine! I will leave the decision to you. Since, the installation process varies across Operating Systems, please refer the official installation guide to complete this step.

Step #2 - Please backup your existing configuration files. Probably, have /etc under version control!

TIMESTAMP=$(date +%F_%H-%M-%S)
mkdir $HOME/nginx-backup-$TIMESTAMP
sudo cp -a /etc/nginx $HOME/nginx-backup-$TIMESTAMP

Step #3 - Copy this repo to your server.

git clone https://github.com/pothi/wordpress-nginx.git $HOME/git/wordpress-nginx
sudo cp -a $HOME/git/wordpress-nginx/* /etc/nginx/
sudo mkdir /etc/nginx/sites-enabled &> /dev/null
sudo cp /etc/nginx/nginx-sample.conf /etc/nginx/nginx.conf

Further steps varies depending on your particular requirement:

  • you may edit /etc/nginx/conf.d/lb.conf and update the upstream block for 'fpm' (one-off process)
  • then you may do the following for each vhost, depending on your environment...
WP_DOMAIN=example.com
WP_ROOT=/path/to/wordpress/for/example.com
sudo cp /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-available/$WP_DOMAIN.conf
sudo sed -i 's:/home/username/sites/example.com/public:'$WP_ROOT':gp' /etc/nginx/sites-available/$WP_DOMAIN.conf
sudo sed -i 's/example.com/'$WP_DOMAIN'/g' /etc/nginx/sites-available/$WP_DOMAIN.conf
cd /etc/nginx/sites-enabled/
sudo ln -s ../sites-available/$WP_DOMAIN.conf
sudo nginx -t && sudo systemctl restart nginx

Changes on CentOS (and on rpm based distros in general)

CentOS has a different file naming convention, yet simple directory structure, when compared to Debian derivatives. Let me describe them and I'd let you decide upon how you'd want to structure your files and name those files.

  • The configuration for default sites are named as default.conf and ssl.conf in /etc/nginx/conf.d/.
  • There is no sites-available or sites-enabled folder.
  • The file /etc/nginx/fastcgi_params in Debian is named as /etc/nginx/fastcgi.conf in CentOS.

About me

Can you implement it on my server?

Yes, of course. My hourly rate is USD 50 per hour. Please contact me for any queries in this regard.

Have questions or just wanted to say hi?

Please ping me on Twitter or send me a message.

If you find this repo useful, please spread the word! Suggestions, bug reports, future requests, forks are always welcome!