✨ Features: - Complete LEMP stack automation - WordPress with WP-CLI - Redis Object Cache (50% performance boost) - Multi-OS support - SSL/Let's Encrypt integration - Security hardening - Enterprise features - Docker testing environment - GitHub Actions CI/CD - Comprehensive documentation 🧪 Fully tested and production-ready Copyright (c) 2025 Sebastian Palencsár
76 lines
1.9 KiB
Django/Jinja
76 lines
1.9 KiB
Django/Jinja
server {
|
|
listen 80;
|
|
server_name {{ domain_name | default('_') }};
|
|
|
|
root {{ wordpress_path }};
|
|
index index.php index.html index.htm;
|
|
|
|
# Logging
|
|
access_log {{ log_dir }}/nginx/wordpress_access.log;
|
|
error_log {{ log_dir }}/nginx/wordpress_error.log;
|
|
|
|
# WordPress specific rules
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_pass unix:{{ php_fpm_socket }};
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
|
|
# Security
|
|
fastcgi_hide_header X-Powered-By;
|
|
}
|
|
|
|
# Deny access to hidden files
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# WordPress uploads
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
access_log off;
|
|
}
|
|
|
|
# WordPress security
|
|
location ~* ^/(wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Deny access to any files with a .php extension in the uploads directory
|
|
location ~* /(?:uploads|files)/.*\.php$ {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# WordPress REST API and XMLRPC protection
|
|
location = /xmlrpc.php {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Block access to wp-includes folders and files
|
|
location ~* ^/wp-includes/.*.php$ {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Block wp-content/uploads php files
|
|
location ~* ^/wp-content/uploads/.*.php$ {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
}
|