wip wordpress

	https://wordpress.org/support/article/how-to-install-wordpress/
	https://wordpress.org/support/article/nginx/

diff --git a/etc/nginx/conf.d/restrictions.conf b/etc/nginx/conf.d/restrictions.conf
new file mode 100644 (file)
index 0000000..c098d26
--- /dev/null
+++ b/etc/nginx/conf.d/restrictions.conf
@@ -0,0 +1,25 @@
+# Global restrictions configuration file.
+# Designed to be included in any server {} block.
+location = /favicon.ico {
+    log_not_found off;
+    access_log off;
+}
+ 
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
+ 
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~ /\. {
+    deny all;
+}
+ 
+# Deny access to any files with a .php extension in the uploads directory
+# Works in sub-directory installs and also in multisite network
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~* /(?:uploads|files)/.*\.php$ {
+    deny all;
+}

diff --git a/etc/nginx/conf.d/wordpress.conf b/etc/nginx/conf.d/wordpress.conf
new file mode 100644 (file)
index 0000000..f1c8e62
--- /dev/null
+++ b/etc/nginx/conf.d/wordpress.conf
@@ -0,0 +1,45 @@
+# WordPress single site rules.
+# Designed to be included in any server {} block.
+# Upstream to abstract backend connection(s) for php
+upstream php {
+        server unix:/tmp/php-cgi.socket;
+        server 127.0.0.1:9000;
+}
+ 
+server {
+        ## Your website name goes here.
+        server_name domain.tld;
+        ## Your only path reference.
+        root /var/www/wordpress;
+        ## This should be in your http block and if it is, it's not needed here.
+        index index.php;
+ 
+        location = /favicon.ico {
+                log_not_found off;
+                access_log off;
+        }
+ 
+        location = /robots.txt {
+                allow all;
+                log_not_found off;
+                access_log off;
+        }
+ 
+        location / {
+                # This is cool because no php is touched for static content.
+                # include the "?$args" part so non-default permalinks doesn't break when using query string
+                try_files $uri $uri/ /index.php?$args;
+        }
+ 
+        location ~ \.php$ {
+                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+                include fastcgi.conf;
+                fastcgi_intercept_errors on;
+                fastcgi_pass php;
+        }
+ 
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+                expires max;
+                log_not_found off;
+        }
+}

diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default
index 10659010e4d2ef22b754861ea5ba74a569384446..77e721fc4420932c614833a013ba66b089bc69d4 100644 (file)
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -43,3 +43,26 @@ server {
   return 301 http://$1$request_uri;
 }
 
+
+# Wordpress
+server {
+        server_name  _;
+        return 302 $scheme://example.com$request_uri;
+}
+ 
+server {
+    server_name deveast.linode.poczatek.dev;
+    root /home/shane/nutra/wordpress;
+ 
+    index index.php;
+ 
+    #include restrictions.conf;
+ 
+    # Additional rules go here.
+ 
+    # Only include one of the files below.
+    include wordpress.conf;
+#    include global/wordpress-ms-subdir.conf;
+#    include global/wordpress-ms-subdomain.conf;
+}
+