diff --git a/docs/files/etc/nginx/common/hsts-nosub.conf b/docs/files/etc/nginx/common/hsts-nosub.conf new file mode 100644 index 0000000..7de3d5d --- /dev/null +++ b/docs/files/etc/nginx/common/hsts-nosub.conf @@ -0,0 +1,2 @@ +# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months) +add_header Strict-Transport-Security "max-age=31536000; preload"; diff --git a/docs/files/etc/nginx/common/hsts.conf b/docs/files/etc/nginx/common/hsts.conf index 5844387..05968d4 100644 --- a/docs/files/etc/nginx/common/hsts.conf +++ b/docs/files/etc/nginx/common/hsts.conf @@ -1,3 +1,3 @@ -# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months) -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + # Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months) + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; diff --git a/docs/files/etc/nginx/common/pagespeed.conf b/docs/files/etc/nginx/common/pagespeed.conf new file mode 100644 index 0000000..0641084 --- /dev/null +++ b/docs/files/etc/nginx/common/pagespeed.conf @@ -0,0 +1,30 @@ +pagespeed on; +# Ensure requests for pagespeed optimized resources go to the pagespeed handler +# and no extraneous headers get set. +location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { + add_header "" ""; +} +location ~ "^/pagespeed_static/" { } +location ~ "^/ngx_pagespeed_beacon$" { } +pagespeed RewriteLevel PassThrough; +pagespeed EnableFilters combine_css; +pagespeed EnableFilters combine_javascript; +pagespeed EnableFilters rewrite_javascript; +#pagespeed EnableFilters rewrite_images; +#pagespeed EnableFilters defer_javascript; +#pagespeed EnableFilters convert_to_webp_lossless; +#pagespeed EnableFilters resize_rendered_image_dimensions; +pagespeed PreserveUrlRelativity on; +#pagespeed MaxCombinedCssBytes -1; +pagespeed AvoidRenamingIntrospectiveJavascript on; +#pagespeed MaxInlinedPreviewImagesIndex -1; +pagespeed EnableFilters convert_meta_tags,extend_cache,rewrite_javascript_inline; +pagespeed Domain *.virtubox.net; + +location /ngx_pagespeed_statistics { include common/acl.conf; } +location /ngx_pagespeed_global_statistics { include common/acl.conf; } +location /ngx_pagespeed_message { include common/acl.conf; } +location /pagespeed_console { include common/acl.conf; } +location ~ ^/pagespeed_admin { include common/acl.conf; } +location ~ ^/pagespeed_global_admin { include common/acl.conf; } + diff --git a/docs/files/etc/nginx/common/redis-php71.conf b/docs/files/etc/nginx/common/redis-php71.conf new file mode 100644 index 0000000..808e72b --- /dev/null +++ b/docs/files/etc/nginx/common/redis-php71.conf @@ -0,0 +1,56 @@ +# Redis NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} + +location /redis-fetch { + internal ; + set $redis_key $args; + redis_pass redis; +} +location /redis-store { + internal ; + set_unescape_uri $key $arg_key ; + redis2_query set $key $echo_request_body; + redis2_query expire $key 14400; + redis2_pass redis; +} + +location ~ \.php$ { + set $key "nginx-cache:$scheme$request_method$host$request_uri"; + try_files $uri =404; + + srcache_fetch_skip $skip_cache; + srcache_store_skip $skip_cache; + + srcache_response_cache_control off; + + set_escape_uri $escaped_key $key; + + srcache_fetch GET /redis-fetch $key; + srcache_store PUT /redis-store key=$escaped_key; + + more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; + more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; + + include fastcgi_params; + fastcgi_pass php71; +} diff --git a/docs/files/etc/nginx/common/redis-php72.conf b/docs/files/etc/nginx/common/redis-php72.conf new file mode 100644 index 0000000..6cb6545 --- /dev/null +++ b/docs/files/etc/nginx/common/redis-php72.conf @@ -0,0 +1,56 @@ +# Redis NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} + +location /redis-fetch { + internal ; + set $redis_key $args; + redis_pass redis; +} +location /redis-store { + internal ; + set_unescape_uri $key $arg_key ; + redis2_query set $key $echo_request_body; + redis2_query expire $key 14400; + redis2_pass redis; +} + +location ~ \.php$ { + set $key "nginx-cache:$scheme$request_method$host$request_uri"; + try_files $uri =404; + + srcache_fetch_skip $skip_cache; + srcache_store_skip $skip_cache; + + srcache_response_cache_control off; + + set_escape_uri $escaped_key $key; + + srcache_fetch GET /redis-fetch $key; + srcache_store PUT /redis-store key=$escaped_key; + + more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; + more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; + + include fastcgi_params; + fastcgi_pass php72; +} diff --git a/docs/files/etc/nginx/common/w3tc-php71.conf b/docs/files/etc/nginx/common/w3tc-php71.conf new file mode 100644 index 0000000..e60250a --- /dev/null +++ b/docs/files/etc/nginx/common/w3tc-php71.conf @@ -0,0 +1,31 @@ + +# W3TC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php71; +} diff --git a/docs/files/etc/nginx/common/w3tc-php72.conf b/docs/files/etc/nginx/common/w3tc-php72.conf new file mode 100644 index 0000000..24b948c --- /dev/null +++ b/docs/files/etc/nginx/common/w3tc-php72.conf @@ -0,0 +1,31 @@ + +# W3TC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php72; +} diff --git a/docs/files/etc/nginx/common/wpcommon-php71.conf b/docs/files/etc/nginx/common/wpcommon-php71.conf index bae9f46..5b2ee59 100644 --- a/docs/files/etc/nginx/common/wpcommon-php71.conf +++ b/docs/files/etc/nginx/common/wpcommon-php71.conf @@ -12,22 +12,24 @@ location = /wp-config.txt { access_log off; log_not_found off; } -# Disallow php in upload folder +# Disallow php in upload folder and add webp rewrite location /wp-content/uploads/ { location ~ \.php$ { #Prevent Direct Access Of PHP Files From Web Browsers deny all; } -} -location ~* ^/wp-content/.+\.(png|jpg)$ { - add_header Vary Accept; + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; add_header "Access-Control-Allow-Origin" "*"; + add_header Cache-Control "public, no-transform"; access_log off; log_not_found off; expires max; try_files $uri$webp_suffix $uri =404; + } } +# mitigate DoS attack CVE with WordPress script concatenation location ~ \/wp-admin\/load-(scripts|styles).php { deny all; -} +} \ No newline at end of file diff --git a/docs/files/etc/nginx/common/wpcommon-php72.conf b/docs/files/etc/nginx/common/wpcommon-php72.conf index 108ff23..0cc7ae4 100644 --- a/docs/files/etc/nginx/common/wpcommon-php72.conf +++ b/docs/files/etc/nginx/common/wpcommon-php72.conf @@ -12,22 +12,24 @@ location = /wp-config.txt { access_log off; log_not_found off; } -# Disallow php in upload folder +# Disallow php in upload folder and add webp rewrite location /wp-content/uploads/ { location ~ \.php$ { #Prevent Direct Access Of PHP Files From Web Browsers deny all; } -} -location ~* ^/wp-content/.+\.(png|jpg)$ { - add_header Vary Accept; + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; add_header "Access-Control-Allow-Origin" "*"; + add_header Cache-Control "public, no-transform"; access_log off; log_not_found off; expires max; try_files $uri$webp_suffix $uri =404; + } } +# mitigate DoS attack CVE with WordPress script concatenation location ~ \/wp-admin\/load-(scripts|styles).php { deny all; } diff --git a/docs/files/etc/nginx/common/wpfc-php71.conf b/docs/files/etc/nginx/common/wpfc-php71.conf new file mode 100644 index 0000000..b9e3cf2 --- /dev/null +++ b/docs/files/etc/nginx/common/wpfc-php71.conf @@ -0,0 +1,37 @@ +# WPFC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php71; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache WORDPRESS; +} +location ~ /purge(/.*) { + fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; + access_log off; +} diff --git a/docs/files/etc/nginx/common/wpfc-php72.conf b/docs/files/etc/nginx/common/wpfc-php72.conf new file mode 100644 index 0000000..dc10e43 --- /dev/null +++ b/docs/files/etc/nginx/common/wpfc-php72.conf @@ -0,0 +1,37 @@ +# WPFC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php72; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache WORDPRESS; +} +location ~ /purge(/.*) { + fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; + access_log off; +} diff --git a/docs/files/etc/nginx/common/wpsc-php71.conf b/docs/files/etc/nginx/common/wpsc-php71.conf new file mode 100644 index 0000000..f1201d2 --- /dev/null +++ b/docs/files/etc/nginx/common/wpsc-php71.conf @@ -0,0 +1,31 @@ +# WPSC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + # If we add index.php?$args its break WooCommerce like plugins + # Ref: #330 + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php71; + # Following line is needed by WP Super Cache plugin + fastcgi_param SERVER_NAME $http_host; +} diff --git a/docs/files/etc/nginx/common/wpsc-php72.conf b/docs/files/etc/nginx/common/wpsc-php72.conf new file mode 100644 index 0000000..1abc396 --- /dev/null +++ b/docs/files/etc/nginx/common/wpsc-php72.conf @@ -0,0 +1,31 @@ +# WPSC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + # If we add index.php?$args its break WooCommerce like plugins + # Ref: #330 + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php72; + # Following line is needed by WP Super Cache plugin + fastcgi_param SERVER_NAME $http_host; +} diff --git a/docs/files/etc/nginx/mime.types b/docs/files/etc/nginx/mime.types new file mode 100644 index 0000000..8b7a463 --- /dev/null +++ b/docs/files/etc/nginx/mime.types @@ -0,0 +1,91 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/font-woff2 woff2; + application/x-font-ttf ttf; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} \ No newline at end of file diff --git a/docs/files/etc/nginx/nginx-intermediate.conf b/docs/files/etc/nginx/nginx-intermediate.conf index a8ecb95..d2d9ac4 100644 --- a/docs/files/etc/nginx/nginx-intermediate.conf +++ b/docs/files/etc/nginx/nginx-intermediate.conf @@ -59,7 +59,7 @@ http resolver 8.8.8.8 1.1.1.1 valid=300s; resolver_timeout 10; - + ## # GeoIP module configuration, before removing comments # read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840 diff --git a/docs/files/etc/nginx/proxy_params b/docs/files/etc/nginx/proxy_params index 547acd1..298004d 100644 --- a/docs/files/etc/nginx/proxy_params +++ b/docs/files/etc/nginx/proxy_params @@ -2,10 +2,12 @@ proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 256 16k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_max_temp_file_size 0; -proxy_read_timeout 3000; \ No newline at end of file +proxy_read_timeout 3000; +proxy_send_timeout 3000; diff --git a/etc/nginx/common/hsts-nosub.conf b/etc/nginx/common/hsts-nosub.conf new file mode 100644 index 0000000..7de3d5d --- /dev/null +++ b/etc/nginx/common/hsts-nosub.conf @@ -0,0 +1,2 @@ +# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months) +add_header Strict-Transport-Security "max-age=31536000; preload"; diff --git a/etc/nginx/common/hsts.conf b/etc/nginx/common/hsts.conf index 5844387..05968d4 100644 --- a/etc/nginx/common/hsts.conf +++ b/etc/nginx/common/hsts.conf @@ -1,3 +1,3 @@ -# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months) -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + # Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (15768000 seconds = 6 months) + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; diff --git a/etc/nginx/common/pagespeed.conf b/etc/nginx/common/pagespeed.conf new file mode 100644 index 0000000..0641084 --- /dev/null +++ b/etc/nginx/common/pagespeed.conf @@ -0,0 +1,30 @@ +pagespeed on; +# Ensure requests for pagespeed optimized resources go to the pagespeed handler +# and no extraneous headers get set. +location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { + add_header "" ""; +} +location ~ "^/pagespeed_static/" { } +location ~ "^/ngx_pagespeed_beacon$" { } +pagespeed RewriteLevel PassThrough; +pagespeed EnableFilters combine_css; +pagespeed EnableFilters combine_javascript; +pagespeed EnableFilters rewrite_javascript; +#pagespeed EnableFilters rewrite_images; +#pagespeed EnableFilters defer_javascript; +#pagespeed EnableFilters convert_to_webp_lossless; +#pagespeed EnableFilters resize_rendered_image_dimensions; +pagespeed PreserveUrlRelativity on; +#pagespeed MaxCombinedCssBytes -1; +pagespeed AvoidRenamingIntrospectiveJavascript on; +#pagespeed MaxInlinedPreviewImagesIndex -1; +pagespeed EnableFilters convert_meta_tags,extend_cache,rewrite_javascript_inline; +pagespeed Domain *.virtubox.net; + +location /ngx_pagespeed_statistics { include common/acl.conf; } +location /ngx_pagespeed_global_statistics { include common/acl.conf; } +location /ngx_pagespeed_message { include common/acl.conf; } +location /pagespeed_console { include common/acl.conf; } +location ~ ^/pagespeed_admin { include common/acl.conf; } +location ~ ^/pagespeed_global_admin { include common/acl.conf; } + diff --git a/etc/nginx/common/redis-php71.conf b/etc/nginx/common/redis-php71.conf new file mode 100644 index 0000000..808e72b --- /dev/null +++ b/etc/nginx/common/redis-php71.conf @@ -0,0 +1,56 @@ +# Redis NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} + +location /redis-fetch { + internal ; + set $redis_key $args; + redis_pass redis; +} +location /redis-store { + internal ; + set_unescape_uri $key $arg_key ; + redis2_query set $key $echo_request_body; + redis2_query expire $key 14400; + redis2_pass redis; +} + +location ~ \.php$ { + set $key "nginx-cache:$scheme$request_method$host$request_uri"; + try_files $uri =404; + + srcache_fetch_skip $skip_cache; + srcache_store_skip $skip_cache; + + srcache_response_cache_control off; + + set_escape_uri $escaped_key $key; + + srcache_fetch GET /redis-fetch $key; + srcache_store PUT /redis-store key=$escaped_key; + + more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; + more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; + + include fastcgi_params; + fastcgi_pass php71; +} diff --git a/etc/nginx/common/redis-php72.conf b/etc/nginx/common/redis-php72.conf new file mode 100644 index 0000000..6cb6545 --- /dev/null +++ b/etc/nginx/common/redis-php72.conf @@ -0,0 +1,56 @@ +# Redis NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} + +location /redis-fetch { + internal ; + set $redis_key $args; + redis_pass redis; +} +location /redis-store { + internal ; + set_unescape_uri $key $arg_key ; + redis2_query set $key $echo_request_body; + redis2_query expire $key 14400; + redis2_pass redis; +} + +location ~ \.php$ { + set $key "nginx-cache:$scheme$request_method$host$request_uri"; + try_files $uri =404; + + srcache_fetch_skip $skip_cache; + srcache_store_skip $skip_cache; + + srcache_response_cache_control off; + + set_escape_uri $escaped_key $key; + + srcache_fetch GET /redis-fetch $key; + srcache_store PUT /redis-store key=$escaped_key; + + more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; + more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; + + include fastcgi_params; + fastcgi_pass php72; +} diff --git a/etc/nginx/common/w3tc-php71.conf b/etc/nginx/common/w3tc-php71.conf new file mode 100644 index 0000000..e60250a --- /dev/null +++ b/etc/nginx/common/w3tc-php71.conf @@ -0,0 +1,31 @@ + +# W3TC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php71; +} diff --git a/etc/nginx/common/w3tc-php72.conf b/etc/nginx/common/w3tc-php72.conf new file mode 100644 index 0000000..24b948c --- /dev/null +++ b/etc/nginx/common/w3tc-php72.conf @@ -0,0 +1,31 @@ + +# W3TC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php72; +} diff --git a/etc/nginx/common/wpcommon-php71.conf b/etc/nginx/common/wpcommon-php71.conf index bae9f46..5b2ee59 100644 --- a/etc/nginx/common/wpcommon-php71.conf +++ b/etc/nginx/common/wpcommon-php71.conf @@ -12,22 +12,24 @@ location = /wp-config.txt { access_log off; log_not_found off; } -# Disallow php in upload folder +# Disallow php in upload folder and add webp rewrite location /wp-content/uploads/ { location ~ \.php$ { #Prevent Direct Access Of PHP Files From Web Browsers deny all; } -} -location ~* ^/wp-content/.+\.(png|jpg)$ { - add_header Vary Accept; + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; add_header "Access-Control-Allow-Origin" "*"; + add_header Cache-Control "public, no-transform"; access_log off; log_not_found off; expires max; try_files $uri$webp_suffix $uri =404; + } } +# mitigate DoS attack CVE with WordPress script concatenation location ~ \/wp-admin\/load-(scripts|styles).php { deny all; -} +} \ No newline at end of file diff --git a/etc/nginx/common/wpcommon-php72.conf b/etc/nginx/common/wpcommon-php72.conf index 108ff23..0cc7ae4 100644 --- a/etc/nginx/common/wpcommon-php72.conf +++ b/etc/nginx/common/wpcommon-php72.conf @@ -12,22 +12,24 @@ location = /wp-config.txt { access_log off; log_not_found off; } -# Disallow php in upload folder +# Disallow php in upload folder and add webp rewrite location /wp-content/uploads/ { location ~ \.php$ { #Prevent Direct Access Of PHP Files From Web Browsers deny all; } -} -location ~* ^/wp-content/.+\.(png|jpg)$ { - add_header Vary Accept; + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; add_header "Access-Control-Allow-Origin" "*"; + add_header Cache-Control "public, no-transform"; access_log off; log_not_found off; expires max; try_files $uri$webp_suffix $uri =404; + } } +# mitigate DoS attack CVE with WordPress script concatenation location ~ \/wp-admin\/load-(scripts|styles).php { deny all; } diff --git a/etc/nginx/common/wpfc-php71.conf b/etc/nginx/common/wpfc-php71.conf new file mode 100644 index 0000000..b9e3cf2 --- /dev/null +++ b/etc/nginx/common/wpfc-php71.conf @@ -0,0 +1,37 @@ +# WPFC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php71; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache WORDPRESS; +} +location ~ /purge(/.*) { + fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; + access_log off; +} diff --git a/etc/nginx/common/wpfc-php72.conf b/etc/nginx/common/wpfc-php72.conf new file mode 100644 index 0000000..dc10e43 --- /dev/null +++ b/etc/nginx/common/wpfc-php72.conf @@ -0,0 +1,37 @@ +# WPFC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} +location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ { + try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php72; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache WORDPRESS; +} +location ~ /purge(/.*) { + fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; + access_log off; +} diff --git a/etc/nginx/common/wpsc-php71.conf b/etc/nginx/common/wpsc-php71.conf new file mode 100644 index 0000000..f1201d2 --- /dev/null +++ b/etc/nginx/common/wpsc-php71.conf @@ -0,0 +1,31 @@ +# WPSC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + # If we add index.php?$args its break WooCommerce like plugins + # Ref: #330 + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php71; + # Following line is needed by WP Super Cache plugin + fastcgi_param SERVER_NAME $http_host; +} diff --git a/etc/nginx/common/wpsc-php72.conf b/etc/nginx/common/wpsc-php72.conf new file mode 100644 index 0000000..1abc396 --- /dev/null +++ b/etc/nginx/common/wpsc-php72.conf @@ -0,0 +1,31 @@ +# WPSC NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $cache_uri $request_uri; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $cache_uri 'null cache'; +} +if ($query_string != "") { + set $cache_uri 'null cache'; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") { + set $cache_uri 'null cache'; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") { + set $cache_uri 'null cache'; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + # If we add index.php?$args its break WooCommerce like plugins + # Ref: #330 + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php; +} +location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php72; + # Following line is needed by WP Super Cache plugin + fastcgi_param SERVER_NAME $http_host; +} diff --git a/etc/nginx/mime.types b/etc/nginx/mime.types new file mode 100644 index 0000000..8b7a463 --- /dev/null +++ b/etc/nginx/mime.types @@ -0,0 +1,91 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/font-woff2 woff2; + application/x-font-ttf ttf; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} \ No newline at end of file diff --git a/etc/nginx/proxy_params b/etc/nginx/proxy_params index 547acd1..298004d 100644 --- a/etc/nginx/proxy_params +++ b/etc/nginx/proxy_params @@ -2,10 +2,12 @@ proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 256 16k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_max_temp_file_size 0; -proxy_read_timeout 3000; \ No newline at end of file +proxy_read_timeout 3000; +proxy_send_timeout 3000;