nginx.conf:`user www-data;worker_processes auto;worker_rlimit_nofile 10000

1. nginx.conf:
2. `user www-data;
3. worker_processes auto;
4. worker_rlimit_nofile 100000;
5. pid /run/nginx.pid;
6.  
7. events {
8. worker_connections 4096;
9. multi_accept on;
10. }
11.  
12. http {
13. ##
14. # EasyEngine Settings
15. ##
16.  
17. sendfile on;
18. tcp_nopush on;
19. tcp_nodelay on;
20. keepalive_timeout 30;
21. types_hash_max_size 2048;
22.  
23. server_tokens off;
24. reset_timedout_connection on;
25. add_header X-Powered-By "EasyEngine 3.7.5";
26. add_header rt-Fastcgi-Cache $upstream_cache_status;
27.  
28. # Limit Request
29. limit_req_status 403;
30. limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
31.  
32. # Proxy Settings
33. # set_real_ip_from proxy-server-ip;
34. # real_ip_header X-Forwarded-For;
35.  
36. fastcgi_read_timeout 300;
37. client_max_body_size 100m;
38.  
39. ##
40. # SSL Settings
41. ##
42.  
43. ssl_session_cache shared:SSL:20m;
44. ssl_session_timeout 10m;
45. ssl_prefer_server_ciphers on;
46. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
47. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
48.  
49. ##
50. # Basic Settings
51. ##
52. # server_names_hash_bucket_size 64;
53. # server_name_in_redirect off;
54.  
55. include /etc/nginx/mime.types;
56. default_type application/octet-stream;
57.  
58. ##
59. # Logging Settings
60. ##
61.  
62. access_log /var/log/nginx/access.log;
63. error_log /var/log/nginx/error.log;
64.  
65. # Log format Settings
66. log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
67. '$http_host "$request" $status $body_bytes_sent '
68. '"$http_referer" "$http_user_agent"';
69.  
70. ##
71. # Gzip Settings
72. ##
73.  
74. gzip on;
75. gzip_disable "msie6";
76.  
77. gzip_vary on;
78. gzip_proxied any;
79. gzip_comp_level 6;
80. gzip_buffers 16 8k;
81. gzip_http_version 1.1;
82. gzip_types
83. application/atom+xml
84. application/javascript
85. application/json
86. application/rss+xml
87. application/vnd.ms-fontobject
88. application/x-font-ttf
89. application/x-web-app-manifest+json
90. application/xhtml+xml
91. application/xml
92. font/opentype
93. image/svg+xml
94. image/x-icon
95. text/css
96. text/plain
97. text/x-component
98. text/xml
99. text/javascript;
100.  
101. ##
102. # Virtual Host Configs
103. ##
104.  
105. include /etc/nginx/conf.d/*.conf;
106. include /etc/nginx/sites-enabled/*;
107. }
108.  
109.  
110. #mail {
111. # # See sample authentication script at:
112. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
113. #
114. # # auth_http localhost/auth.php;
115. # # pop3_capabilities "TOP" "USER";
116. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
117. #
118. # server {
119. # listen localhost:110;
120. # protocol pop3;
121. # proxy on;
122. # }
123. #
124. # server {
125. # listen localhost:143;
126. # protocol imap;
127. # proxy on;
128. # }
129. #}`
130.  
131. sites-enabled/example.com:
132. `server {
133.  
134.  
135. server_name example.com www.example.com;
136.  
137.  
138. access_log /var/log/nginx/example.com.access.log rt_cache;
139. error_log /var/log/nginx/example.com.error.log;
140.  
141.  
142. root /var/www/example.com/htdocs;
143.  
144.  
145.  
146. index index.php index.html index.htm;
147.  
148. add_header X-Content-Security-Policy "default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com";
149.  
150. include common/php7.conf;
151.  
152. include common/wpcommon-php7.conf;
153. include common/locations-php7.conf;
154. include /var/www/example.com/conf/nginx/*.conf;
155. }`
156.  
157. common/php7.conf:
158. `# PHP NGINX CONFIGURATION
159. # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
160. location / {
161. try_files $uri $uri/ /index.php?$args;
162. }
163. location ~ \.php$ {
164. try_files $uri =404;
165. include fastcgi_params;
166. fastcgi_pass php7;
167. }`
168.  
169. common/wpcommon-php7.conf:
170. `# PHP NGINX CONFIGURATION
171. # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
172. location / {
173. try_files $uri $uri/ /index.php?$args;
174. }
175. location ~ \.php$ {
176. try_files $uri =404;
177. include fastcgi_params;
178. fastcgi_pass php7;
179. }
180. root@900ugpqf:/etc/nginx# cat common/wpcommon-php7.conf
181. # WordPress COMMON SETTINGS
182. # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
183. # Limit access to avoid brute force attack
184. location = /wp-login.php {
185. limit_req zone=one burst=1 nodelay;
186. include fastcgi_params;
187. fastcgi_pass php7;
188. }
189. # Disable wp-config.txt
190. location = /wp-config.txt {
191. deny all;
192. access_log off;
193. log_not_found off;
194. }
195. # Disallow php in upload folder
196. location /wp-content/uploads/ {
197. location ~ \.php$ {
198. #Prevent Direct Access Of PHP Files From Web Browsers
199. deny all;
200. }
201. }
202. # Yoast sitemap
203. location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
204. rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
205. rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
206. # Rules for yoast sitemap with wp|wpsubdir|wpsubdomain
207. rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last;
208. rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
209. # Following lines are options. Needed for WordPress seo addons
210. rewrite ^/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last;
211. rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
212. rewrite ^/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last;
213. rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
214. access_log off;
215. }`
216.  
217. common/locations-php7.conf:
218. `# NGINX CONFIGURATION FOR COMMON LOCATION
219. # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
220. # Basic locations files
221. location = /favicon.ico {
222. access_log off;
223. log_not_found off;
224. expires max;
225. }
226. location = /robots.txt {
227. # Some WordPress plugin gererate robots.txt file
228. # Refer #340 issue
229. try_files $uri $uri/ /index.php?$args;
230. access_log off;
231. log_not_found off;
232. }
233. # Cache static files
234. location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
235. add_header "Access-Control-Allow-Origin" "*";
236. access_log off;
237. log_not_found off;
238. expires max;
239. }
240. # Security settings for better privacy
241. # Deny hidden files
242. location ~ /\.well-known {
243. allow all;
244. }
245. location ~ /\. {
246. deny all;
247. access_log off;
248. log_not_found off;
249. }
250. # Deny backup extensions & log files
251. location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
252. deny all;
253. access_log off;
254. log_not_found off;
255. }
256. # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
257. if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
258. return 403;
259. }
260. # Status pages
261. location /nginx_status {
262. stub_status on;
263. access_log off;
264. include common/acl.conf;
265. }
266. location ~ ^/(status|ping) {
267. include fastcgi_params;
268. fastcgi_pass php7;
269. include common/acl.conf;
270. }
271. # EasyEngine (ee) utilities
272. # phpMyAdmin settings
273. location /pma {
274. return 301 https://$host:22222/db/pma;
275. }
276. location /phpMyAdmin {
277. return 301 https://$host:22222/db/pma;
278. }
279. location /phpmyadmin {
280. return 301 https://$host:22222/db/pma;
281. }
282. # Adminer settings
283. location /adminer {
284. return 301 https://$host:22222/db/adminer;
285. }`