| #x# HTTPS-DEFAULT | | #x# HTTPS-DEFAULT |
| server { | | server { |
| | | |
| server_name $vhost www.$vhost; | | server_name $vhost www.$vhost; |
| return 302 https://$vhost$request_uri; | | return 302 https://$vhost$request_uri; |
| include /usr/local/nginx/conf/staticfiles.conf; | | include /usr/local/nginx/conf/staticfiles.conf; |
| } | | } |
| | | |
| server { | | server { |
| listen 443 ssl http2; | | listen 443 ssl http2; |
| server_name $vhost www.$vhost; | | server_name $vhost www.$vhost; |
| | | |
| include /usr/local/nginx/conf/ssl/$vhost/$vhost.crt.key.conf; | | include /usr/local/nginx/conf/ssl/$vhost/$vhost.crt.key.conf; |
| include /usr/local/nginx/conf/ssl_include.conf; | | include /usr/local/nginx/conf/ssl_include.conf; |
| | | |
| # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/ | | # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/ |
| #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/$vhost/origin.crt; | | #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/$vhost/origin.crt; |
| #ssl_verify_client on; | | #ssl_verify_client on; |
| http2_max_field_size 16k; | | http2_max_field_size 16k; |
| http2_max_header_size 32k; | | http2_max_header_size 32k; |
| # mozilla recommended | | # mozilla recommended |
| ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; | | ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; |
| ssl_prefer_server_ciphers on; | | ssl_prefer_server_ciphers on; |
| #add_header Alternate-Protocol 443:npn-spdy/3; | | #add_header Alternate-Protocol 443:npn-spdy/3; |
| | | |
| # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts | | # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts |
| #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; | | #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; |
| #add_header X-Frame-Options SAMEORIGIN; | | #add_header X-Frame-Options SAMEORIGIN; |
| add_header X-Xss-Protection "1; mode=block" always; | | add_header X-Xss-Protection "1; mode=block" always; |
| add_header X-Content-Type-Options "nosniff" always; | | add_header X-Content-Type-Options "nosniff" always; |
| #add_header Referrer-Policy "strict-origin-when-cross-origin"; | | #add_header Referrer-Policy "strict-origin-when-cross-origin"; |
| #spdy_headers_comp 5; | | #spdy_headers_comp 5; |
| ssl_buffer_size 1369; | | ssl_buffer_size 1369; |
| ssl_session_tickets on; | | ssl_session_tickets on; |
| | | |
| # enable ocsp stapling | | # enable ocsp stapling |
| resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m; | | resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m; |
| resolver_timeout 10s; | | resolver_timeout 10s; |
| ssl_stapling on; | | ssl_stapling on; |
| ssl_stapling_verify on; | | ssl_stapling_verify on; |
| | | |
| # ngx_pagespeed & ngx_pagespeed handler | | # ngx_pagespeed & ngx_pagespeed handler |
| #include /usr/local/nginx/conf/pagespeed.conf; | | #include /usr/local/nginx/conf/pagespeed.conf; |
| #include /usr/local/nginx/conf/pagespeedhandler.conf; | | #include /usr/local/nginx/conf/pagespeedhandler.conf; |
| #include /usr/local/nginx/conf/pagespeedstatslog.conf; | | #include /usr/local/nginx/conf/pagespeedstatslog.conf; |
| | | |
| # limit_conn limit_per_ip 16; | | # limit_conn limit_per_ip 16; |
| # ssi on; | | # ssi on; |
| | | |
| access_log /home/nginx/domains/$vhost/log/access.log combined buffer=256k flush=5m; | | access_log /home/nginx/domains/$vhost/log/access.log combined buffer=256k flush=5m; |
| error_log /home/nginx/domains/$vhost/log/error.log; | | error_log /home/nginx/domains/$vhost/log/error.log; |
| | | |
| include /usr/local/nginx/conf/autoprotect/$vhost/autoprotect-$vhost.conf; | | include /usr/local/nginx/conf/autoprotect/$vhost/autoprotect-$vhost.conf; |
| root /home/nginx/domains/$vhost/public; | | root /home/nginx/domains/$vhost/public; |
| # uncomment cloudflare.conf include if using cloudflare for | | # uncomment cloudflare.conf include if using cloudflare for |
| # server and/or vhost site | | # server and/or vhost site |
| #include /usr/local/nginx/conf/cloudflare.conf; | | #include /usr/local/nginx/conf/cloudflare.conf; |
| include /usr/local/nginx/conf/503include-main.conf; | | include /usr/local/nginx/conf/503include-main.conf; |
| | | |
| include /usr/local/nginx/conf/wpincludes/$vhost/wpcacheenabler_$vhost.conf; | | include /usr/local/nginx/conf/wpincludes/$vhost/wpcacheenabler_$vhost.conf; |
| #include /usr/local/nginx/conf/wpincludes/$vhost/wpsupercache_$vhost.conf; | | #include /usr/local/nginx/conf/wpincludes/$vhost/wpsupercache_$vhost.conf; |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #include /usr/local/nginx/conf/wpincludes/$vhost/rediscache_$vhost.conf; | | #include /usr/local/nginx/conf/wpincludes/$vhost/rediscache_$vhost.conf; |
| # uncomment ddos.conf and blockbots.conf include | | # uncomment ddos.conf and blockbots.conf include |
| # if using the ultimate badbot blocker guide after testing | | # if using the ultimate badbot blocker guide after testing |
| # https://community.centminmod.com/threads/nginx-ultimate-bad-block-blocker.14413/ | | # https://community.centminmod.com/threads/nginx-ultimate-bad-block-blocker.14413/ |
| include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/ddos.conf; | | include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/ddos.conf; |
| include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/blockbots.conf; | | include /usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/blockbots.conf; |
| | | |
| | | |
| location / { | | location / { |
| include /usr/local/nginx/conf/503include-only.conf; | | include /usr/local/nginx/conf/503include-only.conf; |
| | | |
| | | |
| # Enables directory listings when index file not found | | # Enables directory listings when index file not found |
| #autoindex on; | | #autoindex on; |
| | | |
| # for wordpress super cache plugin | | # for wordpress super cache plugin |
| #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; | | #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; |
| | | |
| # for wp cache enabler plugin | | # for wp cache enabler plugin |
| try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; | | try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; |
| | | |
| # Wordpress Permalinks | | # Wordpress Permalinks |
| #try_files $uri $uri/ /index.php?q=$uri&$args; | | #try_files $uri $uri/ /index.php?q=$uri&$args; |
| | | |
| # Nginx level redis Wordpress | | # Nginx level redis Wordpress |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #try_files $uri $uri/ /index.php?$args; | | #try_files $uri $uri/ /index.php?$args; |
| | | |
| } | | } |
| | | |
| location ~* /(wp-login\.php) { | | location ~* /(wp-login\.php) { |
| limit_req zone=xwplogin burst=1 nodelay; | | limit_req zone=xwplogin burst=1 nodelay; |
| #limit_conn xwpconlimit 30; | | #limit_conn xwpconlimit 30; |
| auth_basic "Private"; | | auth_basic "Private"; |
| auth_basic_user_file /home/nginx/domains/$vhost/htpasswd_wplogin; | | auth_basic_user_file /home/nginx/domains/$vhost/htpasswd_wplogin; |
| include /usr/local/nginx/conf/php-wpsc.conf; | | include /usr/local/nginx/conf/php-wpsc.conf; |
| | | |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #include /usr/local/nginx/conf/php-rediscache.conf; | | #include /usr/local/nginx/conf/php-rediscache.conf; |
| } | | } |
| | | |
| location ~* /(xmlrpc\.php) { | | location ~* /(xmlrpc\.php) { |
| limit_req zone=xwprpc burst=45 nodelay; | | limit_req zone=xwprpc burst=45 nodelay; |
| #limit_conn xwpconlimit 30; | | #limit_conn xwpconlimit 30; |
| include /usr/local/nginx/conf/php-wpsc.conf; | | include /usr/local/nginx/conf/php-wpsc.conf; |
| | | |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #include /usr/local/nginx/conf/php-rediscache.conf; | | #include /usr/local/nginx/conf/php-rediscache.conf; |
| } | | } |
| | | |
| location ~* /wp-admin/(load-scripts\.php) { | | location ~* /wp-admin/(load-scripts\.php) { |
| limit_req zone=xwprpc burst=5 nodelay; | | limit_req zone=xwprpc burst=5 nodelay; |
| #limit_conn xwpconlimit 30; | | #limit_conn xwpconlimit 30; |
| include /usr/local/nginx/conf/php-wpsc.conf; | | include /usr/local/nginx/conf/php-wpsc.conf; |
| | | |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #include /usr/local/nginx/conf/php-rediscache.conf; | | #include /usr/local/nginx/conf/php-rediscache.conf; |
| } | | } |
| | | |
| location ~* /wp-admin/(load-styles\.php) { | | location ~* /wp-admin/(load-styles\.php) { |
| limit_req zone=xwprpc burst=5 nodelay; | | limit_req zone=xwprpc burst=5 nodelay; |
| #limit_conn xwpconlimit 30; | | #limit_conn xwpconlimit 30; |
| include /usr/local/nginx/conf/php-wpsc.conf; | | include /usr/local/nginx/conf/php-wpsc.conf; |
| | | |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #include /usr/local/nginx/conf/php-rediscache.conf; | | #include /usr/local/nginx/conf/php-rediscache.conf; |
| } | | } |
| | | |
| | | |
| location /webp { | | |
| #pagespeed off; | | |
| #pagespeed unplugged; | | |
| autoindex on; | | |
| add_header X-Robots-Tag "noindex, nofollow"; | | |
| location ~* ^/webp/.+\.(png|jpe?g)$ { | | |
| expires 30d; | | |
| add_header Vary "Accept-Encoding"; | | |
| add_header Cache-Control "public, no-transform"; | | |
| try_files $uri$webp_extension $uri =404; | | |
| } | | |
| } | | |
| | | |
| | | |
| include /usr/local/nginx/conf/wpincludes/$vhost/wpsecure_$vhost.conf; | | include /usr/local/nginx/conf/wpincludes/$vhost/wpsecure_$vhost.conf; |
| include /usr/local/nginx/conf/php-wpsc.conf; | | include /usr/local/nginx/conf/php-wpsc.conf; |
| | | |
| # https://community.centminmod.com/posts/18828/ | | # https://community.centminmod.com/posts/18828/ |
| #include /usr/local/nginx/conf/php-rediscache.conf; | | #include /usr/local/nginx/conf/php-rediscache.conf; |
| include /usr/local/nginx/conf/pre-staticfiles-local-$vhost.conf; | | include /usr/local/nginx/conf/pre-staticfiles-local-$vhost.conf; |
| include /usr/local/nginx/conf/pre-staticfiles-global.conf; | | include /usr/local/nginx/conf/pre-staticfiles-global.conf; |
| include /usr/local/nginx/conf/staticfiles.conf; | | include /usr/local/nginx/conf/staticfiles.conf; |
| include /usr/local/nginx/conf/drop.conf; | | include /usr/local/nginx/conf/drop.conf; |
| #include /usr/local/nginx/conf/errorpage.conf; | | #include /usr/local/nginx/conf/errorpage.conf; |
| include /usr/local/nginx/conf/vts_server.conf; | | include /usr/local/nginx/conf/vts_server.conf; |