perusio/wordpress-nginx perusio/wordpress-nginx

  • Stars
    star
    383
  • Rank 111,995 (Top 3 %)
  • Language
  • Created almost 14 years ago
  • Updated over 12 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
perusio/wordpress-nginx
github

perusio

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Nginx configuration for running WordPress

Nginx configuration for WordPress

Introduction

This is a nginx configuration for running WordPress.

It differs from the usual configuration, like the one available on the Nginx Wiki.

It makes use of nested locations with named capture groups instead of fastcgi_split_path_info.

This example configuration assumes that the site is called example.com. Change accordingly to reflect your server setup.

Features

  1. Filtering of invalid HTTP Host headers.

  2. Access to install files, like install.php, is protected using HTTP Basic Auth.

  3. Protection of all the internal directories, like version control repositories and the readme file(s) that come with WP or an external plugin.

  4. Faster and more secure handling of PHP FastCGI by Nginx using named groups in regular expressions instead of using fastcgi_split_path_info. Requires Nginx version β‰₯ 0.8.25.

  5. Compatible with the WordPress plugin wp-super-cache for serving static pages to anonymous users.

  6. Upload Progress support.

  7. Possibility of using Apache as a backend for dealing with PHP. Meaning using Nginx as reverse proxy.

  8. Operating system open files cache for static assets like CSS and JS, for example.

  9. FLV and H264/AAC pseudo streaming support.

    Note that for mp4 streaming to work properly, with seeking enabled, you must use a compatible player and run a Nginx version greater or equal to 1.1.3 for the development branch and 1.0.7 for the stable branch.

Basic Auth for access to restricted files like install.php

install.php and the WordPress readme.html are protected using Basic Auth. The readme file discloses the version number of WordPress.

Not only install.php, but any PHP file that has install.php as the ending is protected. This way if, for example, there's a permission problem with wp-config.php and WP can't read the file it will invoke install.php since it assumes that if no specific configuration information is available then the site must not yet be installed. Now imagine that this happens on your site and that someone stumbles on the install.php? If not protected by the Basic Auth, information disclosure would be the least potential problem.

You have to create the .htpasswd-users file with the user(s) and password(s). For that, if you're on Debian or any of its derivatives like Ubuntu you need the apache2-utils package installed. Then create your password file by issuing:

      htpasswd -d -b -c .htpasswd-users <user> <password>

You should delete this command from your shell history afterwards with history -d <command number> or alternatively omit the -b switch, then you'll be prompted for the password.

This creates the file (there's a -c switch). For adding additional users omit the -c.

Of course you can rename the password file to whatever you want, then accordingly change its name in the virtual host config file, example.com.

Nginx as a Reverse Proxy: Proxying to Apache for PHP

If you absolutely need to use the rather bad habit of deploying web apps relying on .htaccess, or you just want to use Nginx as a reverse proxy. The config allows you to do so. Note that this provides some benefits over using only Apache, since Nginx is much faster than Apache. Furthermore you can use the proxy cache and/or use Nginx as a load balancer.

IPv6 and IPv4

The configuration of the example vhosts uses separate sockets for IPv6 and IPv4. This way is simpler for those not (yet) having IPv6 support to disable it by commenting out the listen directive with the ipv6only=on parameter.

Note that the IPv6 address uses an IP stolen from the IPv6 Wikipedia page. You must replace the indicated address by your address.

Installation

  1. Move the old /etc/nginx directory to /etc/nginx.old.

  2. Clone the git repository from github:

    git clone https://github.com/perusio/wordpress-nginx.git

  3. Edit the sites-available/example.com.conf configuration file to suit your requirements. Namely replacing example.com with your domain.

  4. Setup the PHP handling method. It can be:

    • Upstream HTTP server like Apache with mod_php. To use this method comment out the include upstream_phpcgi.conf; line in nginx.conf and uncomment the lines:

      include reverse_proxy.conf;
include upstream_phpapache.conf;

      Now you must set the proper address and port for your backend(s) in the upstream_phpapache.conf. By default it assumes the loopback 127.0.0.1 interface on port 8080. Adjust accordingly to reflect your setup.

      Comment out all fastcgi_pass directives in either drupal_boost.conf or drupal_boost_drush.conf, depending which config layout you're using. Uncomment out all the proxy_pass directives. They have a comment around them, stating these instructions.

    • FastCGI process using php-cgi. In this case an init script is required. This is how the server is configured out of the box. It uses UNIX sockets. You can use TCP sockets if you prefer.

    • PHP FPM, this requires you to configure your fpm setup, in Debian/Ubuntu this is done in the /etc/php5/fpm directory.

      Look here for an example configuration of php-fpm.

    Check that the socket is properly created and is listening. This can be done with netstat, like this for UNIX sockets:

    netstat --unix -l

    And like this for TCP sockets:

    netstat -t -l

    It should display the PHP CGI socket.

    Note that the default socket type is UNIX and the config assumes it to be listening on unix:/tmp/php-cgi/php-cgi.socket, if using the php-cgi, or in unix:/var/run/php-fpm.sock using php-fpm and that you should change to reflect your setup by editing upstream_phpcgi.conf.

  5. Create the /etc/nginx/sites-enabled directory and enable the virtual host using one of the methods described below.

    Note that if you're using the nginx_ensite script described below it creates the /etc/nginx/sites-enabled directory if it doesn't exist the first time you run it for enabling a site.

  6. Reload Nginx:

    /etc/init.d/nginx reload

  7. Check that WordPress is working by visiting the configured site in your browser.

  8. Remove the /etc/nginx.old directory.

  9. Done.

Enabling and Disabling Virtual Hosts

I've created a shell script nginx_ensite that lives here on github for quick enabling and disabling of virtual hosts.

If you're not using that script then you have to manually create the symlinks from sites-enabled to sites-available. Only the virtual hosts configured in sites-enabled will be available for Nginx to serve.

Acessing the php-fpm status and ping pages

You can get the status and a ping pages for the running instance of php-fpm. There's a php_fpm_status.conf file with the configuration for both features.

  • the status page at /fpm-status;

  • the ping page at /ping.

For obvious reasons these pages are acessed only from a given set of IP addresses. In the suggested configuration only from localhost and non-routable IPs of the 192.168.1.0 network.

The allowed hosts are defined in a geo block in file php_fpm_status_allowed_hosts.conf. You should edit the predefined IP addresses to suit your setup.

To enable the status and ping pages uncomment the line in the example.com.conf virtual host configuration file.

Getting the latest Nginx packaged for Debian or Ubuntu

I maintain a debian repository with the latest version of Nginx. This is packaged for Debian unstable or testing. The instructions for using the repository are presented on this page.

It may work or not on Ubuntu. Since Ubuntu seems to appreciate more finding semi-witty names for their releases instead of making clear what's the status of the software included. Is it stable? Is it testing? Is it unstable? The package may work with your currently installed environment or not. I don't have the faintest idea which release to advise. So you're on your own. Generally the APT machinery will sort out for you any dependencies issues that might exist.

My other Nginx configs on github

Securing your PHP configuration

I have created a small shell script that parses your php.ini and sets a sane environment, be it for development or production settings.

Grab it here.

Acknowledgments

Thanks to Burçe Boran for helping me sort out the issues of the configuration for supercache 0.9.9.9.

More Repositories

1

drupal-with-nginx

Running Drupal using nginx: an idiosyncratically crafted bleeding edge configuration.
Nginx
855
star
2

nginx_ensite

A script to enable or disable a site in nginx.
Shell
556
star
3

nginx-cache-purge

A bash script for deleting items from Nginx cache
Shell
245
star
4

php-fpm-example-config

A php-fpm example configuration for both UNIX and TCP sockets.
197
star
5

nginx-hello-world-module

A hello world module for learning Nginx module development
C
195
star
6

linux-programming-by-example

C code from the book "Linux Programming by Example"
C
118
star
7

nginx-munin

A set of plugins for monitoring nginx with Munin
Perl
110
star
8

php-ini-cleanup

A script that cleans up the php.ini file with security in mind
Awk
106
star
9

nginx-auth-request-module

A Nginx module that enables authorizations on sub-requests
C
83
star
10

nginx-cache-inspector

Script that allows to inspect the Nginx cache
Shell
83
star
11

monit-miscellaneous

Monit configuration files for miscellaneous services
64
star
12

high-performance-web-kernel-parameters

A bunch of files with parameters for enabling a high performance web host
54
star
13

lua-resty-tarantool

Library for working with tarantool from nginx with the embedded Lua module or with Openresty
Lua
45
star
14

nginx-delay-module

Nginx module for inserting delays when serving requests.
C
38
star
15

redmine-nginx

A opinionated config for running Redmine with Nginx and thin.
35
star
16

chive-nginx

Running Chive with Nginx
27
star
17

nginx-spamhaus-drop

A shell script that creates a Nginx configuration for using Spamhaus DROP lists
Shell
26
star
18

php-fastcgi-debian-script

An init script to launch PHP the FastCGI daemon and spawn when needed in Debian
Shell
22
star
19

php-relaunch-web

Relaunch a PHP FPM and/or CGI process on timeout or termination
Shell
22
star
20

php-handlersocket

A PECL extension for using the HandlerSocket NoSQL MySQL plugin
PHP
18
star
21

add-etc-hosts

A script to add/remove hosts from the /etc/hosts file
Shell
15
star
22

squirrelmail-nginx

A secure and fast configuration for running squirrelmail with Nginx.
15
star
23

i3-config-dynamic-tagging

An opinionated i3 config with dynamic tagging
R
13
star
24

monit-graph

A PHP script for visualizing your servers Monit monitored services
PHP
13
star
25

nginx-http-concat

A Nginx module for concatenating files in a given context: CSS and JS files usually
12
star
26

drush-sql-extras

Various drush extra commands
PHP
9
star
27

drupal-nginx-fast-x-accel-redirect

A Drupal module that provides fast private file transfer with Nginx
PHP
8
star
28

memcached-better-init-script

A better init script for memcached. Specific config dir and stats integration if memcached library tools are installed.
Shell
8
star
29

nginx-mdounin-patches

A couple of patches from Nginx connaisseur Maxim Dounin
8
star
30

nginx-load-balancing-extras

Nginx load balancing extra algorithms: sharded, consistent hashing
6
star
31

xorg-synaptics-led-support

Patches for supporting the LED in synaptics touchpads
6
star
32

drush-cache-warmer

A drush command implementing a cache warmer for keeping a cache primed. Adequate for Nginx cache and Varnish.
Lua
6
star
33

apache-mod_aclr-nginx-frontend

Apache mod_aclr: easy setup of Nginx as a frontend to Apache
C
5
star
34

munin-php-cgi

Munin plugin for monitoring PHP FastCGI Memory usage
4
star
35

drupal-db

A set of shell scripts for working with databases in Drupal
Shell
4
star
36

lml2-html5

The LML2 Common Lisp Markup Language with HTML5 support
Common Lisp
4
star
37

thttpd-config

thttpd config for using as an upstream CGI processor with Nginx
4
star
38

nginx-reverse-proxying-beyond

Nginx Reverse Proxying and Beyond Code
4
star
39

php-heartbeat

Simple script that functions as an hearbeat for PHP
PHP
4
star
40

kit

Guidelines for creating reusable features in Drupal
4
star
41

nginx-cache-simple-crawler

A script for keeping a bunch of static files in Nginx cache
Shell
3
star
42

docker-tarantool

Dockerfile setup for running tarantool in a secure and scalable way
Lua
3
star
43

lua-uri

A URI manipulation library written in pure Lua
Lua
3
star
44

filefield-nginx-progress

A drupal module for RFC1867 POST upload progress bar
PHP
3
star
45

memcached-inspect-keys

A script in Lua to inspect a memcached instance
Lua
3
star
46

drupal-nginx-aggregation

A drupal module for aggregating CSS and JS files using Nginx HTTP concat
PHP
3
star
47

drush-aliases

A shell script that defines a bunch of aliases for drush fun and profit
3
star
48

panels_extra_layouts

Extra layouts for the Drupal panels module
PHP
3
star
49

doxymacs-luadoc

Luadoc support for Doxymacs
Emacs Lisp
3
star
50

beautiful-invoicing

A simple invoicing software for producing beautiful invoices using LuaLaTeX
Lua
3
star
51

php-fpm-relaunch

A shell script to run as CGI in thttpd that (re)launches php-fpm on an Nginx 502
Shell
3
star
52

misc-git-hooks

Miscellaneous git hooks for fun and profit
Shell
2
star
53

commerce-examples

The drupal commerce examples module
PHP
2
star
54

nginx-get-source

A script that downloads a Nginx source tarball verifiying its signature
Shell
2
star
55

encrypt-file

A simple script for encrypting/decrypting a file using Triple DES
Shell
2
star
56

create-ssl-certificates

Helper scripts to create Certificate Signing Requests (CSR) and certifcate bundles - particularly useful for nginx
Shell
2
star
57

clips-cpp-interface

CLIPS C++ interface
C++
2
star
58

memcache-server-config-drupal

A multi-bin Memcache configuration for Drupal
2
star
59

nginx-debianization

nginx debianization using git-buildpackage for building a debian package
C
2
star
60

nginx-debian-package-build-helpers

A bunch of helper scripts to help me build my nginx debian package
Shell
2
star
61

angular-generate-urls-sitemap

Generates an URL list given an angular router - this makes sense only for static routes.
Awk
2
star
62

nginx_httpd_twiter_module

this is test nginx module
C
1
star
63

nginx-manpage

A nginx manpage written with ronn
1
star
64

yui_editor

The drupal module for the YUI Rich Text Editor
JavaScript
1
star
65

nginx-http-slice

Nginx module for serving a file in slices (reverse byte-range)
1
star
66

token

Forked version of the Drupal token module
PHP
1
star
67

apache-mod_helloworld

An hello world module for Apache 2.2
C
1
star
68

nginx-http-footer-filter

A nginx module that prints some text in the footer of a request
1
star
69

mkmf

A clone of the mkmf tool of HP-UX (Makefile creation for lazy programmers)
Perl
1
star
70

cg-training

The Commerce Guys training module
PHP
1
star
71

set-laptop-projector

A shell script for setting a projector with a laptop
Shell
1
star
72

lua-linenoise-debian-package

Debian packaging of the Lua linenoise binding.
C
1
star
73

google-weather-nginx-proxy

A script and Nginx configuration for getting Google Weather info on high traffic sites
PHP
1
star
74

nginx-fast-config

A simple helper module for running Drupal 6 with a 0 rewrites Nginx config
PHP
1
star
75

commerce-order-counter

A generic framework for setting the order number/code in Drupal Commerce or Commerce Kickstart.
PHP
1
star
76

perusio.github.com

My github page
JavaScript
1
star