misterorion
8/29/2018 - 6:15 PM

nginx.conf for dockerized wordpress

nginx.conf for dockerized wordpress

worker_processes 1;

events { 
    worker_connections 1024;
    multi_accept on;
}

http {
  
    sendfile on;
    tcp_nopush on;
    
    index index.php index.html;
    
    client_body_timeout     12;
    client_header_timeout   12;
    keepalive_timeout       15;
    send_timeout            10;
    
    # Types
    include         /etc/nginx/mime.types;
    default_type    application/octet-stream;

    gzip on;
    gzip_disable "msie6";
    
    gzip_vary on;
    gzip_comp_level 3;
    gzip_types 
        text/plain text/css application/json 
        application/x-javascript text/xml 
        application/xml application/xml+rss text/javascript;

    server {
    
        listen      443 ssl http2;
        listen [::]:443 ssl http2;
        
        server_name your.domain.com;
        
        root /var/www/html;
    
        add_header                Strict-Transport-Security "max-age=31536000" always;
    
        ssl_session_timeout       10m;
    
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
        ssl_stapling              on;
        ssl_stapling_verify       on;
        resolver                  8.8.8.8 8.8.4.4;
    
        ssl_certificate           /etc/letsencrypt/live/your.domain.com/fullchain.pem;
        ssl_certificate_key       /etc/letsencrypt/live/your.domain.com/privkey.pem;
        ssl_trusted_certificate   /etc/letsencrypt/live/your.domain.com/chain.pem;

    	# Basic Settings
    
    	client_max_body_size 64M;
        
        location / {
            try_files $uri $uri/ /index.php?q=$uri&$args;
        }
        
        location ~ \.php$ {
            try_files $uri =404;
            include fastcgi_params;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass wordpress:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        }
        
        # allow Let's Encrypt access to the .well-known folder
        location ^~ /.well-known {
            allow all;
            root /data/letsencrypt/;
        }
        location = /favicon.ico {
            access_log off;
            log_not_found off;
            expires max;
        }
        location = /robots.txt {
            access_log off;
            log_not_found off;
        }
        
        # Security Settings For Better Privacy Deny Hidden Files
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
        
        # Disallow PHP In Upload Folder
        location /wp-content/uploads/ {
            location ~ \.php$ {
                deny all;
            }
        }

    }
}