Files
ansible-lemp-wordpress/templates/wordpress.nginx.j2
Sebastian Palencsár 573224a36b 🚀 Initial release: Complete Ansible LEMP WordPress automation
 Features:
- Complete LEMP stack automation
- WordPress with WP-CLI
- Redis Object Cache (50% performance boost)
- Multi-OS support
- SSL/Let's Encrypt integration
- Security hardening
- Enterprise features
- Docker testing environment
- GitHub Actions CI/CD
- Comprehensive documentation

🧪 Fully tested and production-ready

Copyright (c) 2025 Sebastian Palencsár
2025-06-18 18:24:55 +02:00

85 lines
2.2 KiB
Django/Jinja

server {
listen 80;
server_name {{ domain_name }};
root /var/www/html;
index index.php index.html index.htm;
# Sicherheits-Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# Gzip-Kompression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/javascript application/xml+rss application/json;
# WordPress-spezifische Regeln
location / {
try_files $uri $uri/ /index.php?$args;
}
# PHP-Dateien verarbeiten
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# WordPress-Admin-Bereich optimieren
location ~ ^/wp-admin/(.*)$ {
try_files $uri $uri/ /wp-admin/index.php?$args;
}
# Statische Dateien cachen
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# WordPress-Uploads-Verzeichnis
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 1y;
add_header Cache-Control "public";
}
# Sensible Dateien blockieren
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ ~$ {
access_log off;
log_not_found off;
deny all;
}
# wp-config.php schützen
location ~ wp-config.php {
deny all;
}
# xmlrpc.php begrenzen (gegen Brute-Force)
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}
# Logs
access_log /var/log/nginx/wordpress_access.log;
error_log /var/log/nginx/wordpress_error.log;
}