Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 80;
- server_name www.domain.name domain.name *.domain.name;
- return 301 https://www.domain.name$request_uri;
- }
- server {
- listen 443 ssl;
- server_name domain.name;
- ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
- return 301 https://www.domain.name$request_uri;
- }
- server {
- listen 443 ssl;
- server_name www.domain.name;
- root /var/www/wordpress;
- access_log /var/log/nginx/domain.name.access.log;
- error_log /var/log/nginx/domain.name.error.log;
- ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
- include global/common.conf;
- # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
- location / {
- try_files $uri $uri/ /index.php?q=$uri&$args;
- }
- # SECURITY : Deny all attempts to access PHP Files in the uploads directory
- location ~* /(?:uploads|files)/.*.php$ {
- deny all;
- }
- # REQUIREMENTS : Enable PHP Support
- location ~ .php$ {
- # SECURITY : Zero day Exploit Protection
- try_files $uri =404;
- # ENABLE : Enable PHP, listen fpm sock
- fastcgi_split_path_info ^(.+.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm-www.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- }
- # PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
- rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
- rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
- }
- # Global configuration file.
- # ESSENTIAL : Configure Nginx Listening Port
- listen 80;
- # ESSENTIAL : Default file to serve. If the first file isn't found,
- index index.php index.html index.htm;
- # ESSENTIAL : no favicon logs
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- # ESSENTIAL : robots.txt
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- # ESSENTIAL : Configure 404 Pages
- error_page 404 /404.html;
- # ESSENTIAL : Configure 50x Pages
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/www;
- }
- # SECURITY : Deny all attempts to access hidden files .abcde
- location ~ /. {
- deny all;
- }
- # PERFORMANCE : Set expires headers for static files and turn off logging.
- location ~* ^.+.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
- access_log off; log_not_found off; expires 30d;
- }
Add Comment
Please, Sign In to add comment