{"id":13556850,"url":"https://github.com/perusio/wordpress-nginx","last_synced_at":"2025-04-03T10:31:36.812Z","repository":{"id":1357569,"uuid":"1305592","full_name":"perusio/wordpress-nginx","owner":"perusio","description":"Nginx configuration for running WordPress","archived":false,"fork":false,"pushed_at":"2012-04-14T23:46:42.000Z","size":156,"stargazers_count":380,"open_issues_count":6,"forks_count":58,"subscribers_count":40,"default_branch":"master","last_synced_at":"2024-11-04T06:35:20.936Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/perusio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-01-29T08:23:51.000Z","updated_at":"2024-08-29T19:39:03.000Z","dependencies_parsed_at":"2022-07-07T03:31:59.856Z","dependency_job_id":null,"html_url":"https://github.com/perusio/wordpress-nginx","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perusio%2Fwordpress-nginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perusio%2Fwordpress-nginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perusio%2Fwordpress-nginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perusio%2Fwordpress-nginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/perusio","download_url":"https://codeload.github.com/perusio/wordpress-nginx/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246984625,"owners_count":20864481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:04:03.202Z","updated_at":"2025-04-03T10:31:36.521Z","avatar_url":"https://github.com/perusio.png","language":null,"readme":"# Nginx configuration for WordPress\n\n## Introduction \n\n This is a nginx configuration for running [WordPress](http://wordpress.org \"WordPress\").\n \n It **differs** from the _usual_ configuration, like the\n [one](http://wiki.nginx.org/Wordpress \"Nginx Wiki WordPress\n config\") available on the [Nginx Wiki](http://wiki.nginx.org \"Nginx\n Wiki\").\n \n It makes use of **nested locations** with named capture groups\n instead of [fastcgi_split\\_path\\_info](http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info\n \"FastCGI split path info\").\n\n This example configuration assumes that the site is called\n `example.com`. Change accordingly to reflect your server setup.\n \n## Features\n\n 1. Filtering of invalid HTTP `Host` headers.\n\n 2. Access to install files, like `install.php,` is protected using\n [HTTP Basic Auth](http://wiki.nginx.org/NginxHttpAuthBasicModule\n \"Basic Auth Nginx Module\"). \n\n 3. Protection of all the _internal_ directories, like version\n control repositories and the `readme` file(s) \n that come with WP or an external plugin.\n\n 4. Faster and more secure handling of PHP FastCGI by Nginx using\n named groups in regular expressions instead of using\n [fastcgi_split\\_path\\_info](http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info\n \"FastCGI split path info\"). Requires Nginx version \u0026ge; 0.8.25.\n\n 5. Compatible with the WordPress plugin\n [wp-super-cache](http://wordpress.org/extend/plugins/wp-super-cache \"WordPress\n SuperCache\") for serving static pages to anonymous users.\n \n 6. [Upload Progress](http://wiki.nginx.org/NginxHttpUploadProgressModule\n \"Upload progress Nginx module\") support. \n \n 7. Possibility of using **Apache** as a backend for dealing with\n PHP. Meaning using Nginx as\n [reverse proxy](http://wiki.nginx.org/HttpProxyModule \"Nginx\n Proxy Module\").\n \n 8. Operating system\n [open files cache](http://wiki.nginx.org/HttpCoreModule#open_file_cache)\n for static assets like CSS and JS, for example.\n \n 9. [FLV](http://wiki.nginx.org/HttpFlvStreamModule) and\n [H264/AAC](http://nginx.org/en/docs/http/ngx_http_mp4_module.html)\n pseudo streaming support. \n \n Note that for **mp4** streaming to work properly, with seeking\n enabled, you must use a **compatible player** and run a Nginx\n version greater or equal to 1.1.3 for the development branch and\n 1.0.7 for the stable branch.\n\n## Basic Auth for access to restricted files like install.php\n\n `install.php` and the WordPress `readme.html` are protected using\n Basic Auth. The readme file discloses the version number of\n WordPress.\n \n Not only `install.php`, but any PHP file that has **install.php**\n as the ending is protected. This way if, for example, there's a\n permission problem with `wp-config.php` and WP can't read the file\n it will invoke `install.php` since it assumes that if no specific\n configuration information is available then the site must not yet\n be installed. Now imagine that this happens on your site and that\n someone stumbles on the `install.php`? If not protected by the\n Basic Auth, information disclosure would be the least potential\n problem.\n\n You have to create the `.htpasswd-users` file with the user(s) and\n password(s). For that, if you're on Debian or any of its\n derivatives like Ubuntu you need the\n [apache2-utils](http://packages.debian.org/search?suite%3Dall\u0026section%3Dall\u0026arch%3Dany\u0026searchon%3Dnames\u0026keywords%3Dapache2-utils)\n package installed. Then create your password file by issuing:\n\n htpasswd -d -b -c .htpasswd-users \u003cuser\u003e \u003cpassword\u003e\n\n You should delete this command from your shell history\n afterwards with `history -d \u003ccommand number\u003e` or alternatively\n omit the `-b` switch, then you'll be prompted for the password.\n\n This creates the file (there's a `-c` switch). For adding\n additional users omit the `-c`.\n\n Of course you can rename the password file to whatever you want,\n then accordingly change its name in the virtual host config\n file, `example.com`.\n\n## Nginx as a Reverse Proxy: Proxying to Apache for PHP\n\n If you **absolutely need** to use the rather _bad habit_ of\n deploying web apps relying on `.htaccess`, or you just want to use\n Nginx as a reverse proxy. The config allows you to do so. Note that\n this provides some benefits over using only Apache, since Nginx is\n much faster than Apache. Furthermore you can use the proxy cache\n and/or use Nginx as a load balancer. \n\n## IPv6 and IPv4\n\nThe configuration of the example vhosts uses **separate** sockets for\nIPv6 and IPv4. This way is simpler for those not (yet) having IPv6\nsupport to disable it by commenting out the\n[`listen`](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)\ndirective with the `ipv6only=on` parameter.\n\nNote that the IPv6 address uses an IP _stolen_ from the\n[IPv6 Wikipedia page](https://en.wikipedia.org/wiki/IPv6). You **must\nreplace** the indicated address by **your** address.\n\n## Installation\n\n 1. Move the old `/etc/nginx` directory to `/etc/nginx.old`.\n \n 2. Clone the git repository from github:\n \n `git clone https://github.com/perusio/wordpress-nginx.git`\n \n 3. Edit the `sites-available/example.com.conf` configuration file\n to suit your requirements. Namely replacing `example.com` with\n **your** domain.\n \n 4. Setup the PHP handling method. It can be:\n \n + Upstream HTTP server like Apache with mod_php. To use this\n method comment out the `include upstream_phpcgi.conf;`\n line in `nginx.conf` and uncomment the lines:\n \n include reverse_proxy.conf;\n include upstream_phpapache.conf;\n\n Now you must set the proper address and port for your\n backend(s) in the `upstream_phpapache.conf`. By default it\n assumes the loopback `127.0.0.1` interface on port\n `8080`. Adjust accordingly to reflect your setup.\n\n Comment out **all** `fastcgi_pass` directives in either\n `drupal_boost.conf` or `drupal_boost_drush.conf`, depending\n which config layout you're using. Uncomment out all the\n `proxy_pass` directives. They have a comment around them,\n stating these instructions.\n \n + FastCGI process using php-cgi. In this case an\n [init script](https://github.com/perusio/php-fastcgi-debian-script\n \"Init script for php-cgi\") is\n required. This is how the server is configured out of the\n box. It uses UNIX sockets. You can use TCP sockets if you prefer.\n \n + [PHP FPM](http://www.php-fpm.org \"PHP FPM\"), this requires you\n to configure your fpm setup, in Debian/Ubuntu this is done in\n the `/etc/php5/fpm` directory.\n \n Look [here](https://github.com/perusio/php-fpm-example-config) for\n an **example configuration** of `php-fpm`.\n \n Check that the socket is properly created and is listening. This\n can be done with `netstat`, like this for UNIX sockets:\n \n netstat --unix -l\n \n And like this for TCP sockets: \n \n netstat -t -l\n \n It should display the PHP CGI socket.\n \n Note that the default socket type is UNIX and the config assumes\n it to be listening on `unix:/tmp/php-cgi/php-cgi.socket`, if\n using the `php-cgi`, or in `unix:/var/run/php-fpm.sock` using\n `php-fpm` and that you should **change** to reflect your setup\n by editing `upstream_phpcgi.conf`.\n \n \n 5. Create the `/etc/nginx/sites-enabled` directory and enable the\n virtual host using one of the methods described below.\n\n Note that if you're using the\n [nginx_ensite](http://github.com/perusio/nginx_ensite) script\n described below it **creates** the `/etc/nginx/sites-enabled`\n directory if it doesn't exist the first time you run it for\n enabling a site. \n\n 6. Reload Nginx:\n \n `/etc/init.d/nginx reload`\n \n 7. Check that WordPress is working by visiting the configured site\n in your browser.\n \n 8. Remove the `/etc/nginx.old` directory.\n \n 9. Done.\n \n## Enabling and Disabling Virtual Hosts\n\n I've created a shell script\n [nginx_ensite](http://github.com/perusio/nginx_ensite) that lives\n here on github for quick enabling and disabling of virtual hosts.\n \n If you're not using that script then you have to **manually**\n create the symlinks from `sites-enabled` to `sites-available`. Only\n the virtual hosts configured in `sites-enabled` will be available\n for Nginx to serve.\n \n## Acessing the php-fpm status and ping pages\n\n You can get the\n [status and a ping](http://forum.nginx.org/read.php?3,56426) pages\n for the running instance of `php-fpm`. There's a\n `php_fpm_status.conf` file with the configuration for both\n features.\n \n + the **status page** at `/fpm-status`;\n \n + the **ping page** at `/ping`.\n\n For obvious reasons these pages are acessed only from a given set\n of IP addresses. In the suggested configuration only from\n localhost and non-routable IPs of the 192.168.1.0 network.\n\n The allowed hosts are defined in a geo block in file\n `php_fpm_status_allowed_hosts.conf`. You should edit the predefined\n IP addresses to suit your setup. \n \n To enable the status and ping pages uncomment the line in the\n `example.com.conf` virtual host configuration file. \n \n \n## Getting the latest Nginx packaged for Debian or Ubuntu\n\n I maintain a [debian repository](http://debian.perusio.net/unstable\n \"my debian repo\") with the\n [latest](http://nginx.org/en/download.html \"Nginx source download\")\n version of Nginx. This is packaged for Debian **unstable** or\n **testing**. The instructions for using the repository are\n presented on this [page](http://debian.perusio.net/debian.html\n \"Repository instructions\").\n \n It may work or not on Ubuntu. Since Ubuntu seems to appreciate more\n finding semi-witty names for their releases instead of making clear\n what's the status of the software included. Is it **stable**? Is it\n **testing**? Is it **unstable**? The package may work with your\n currently installed environment or not. I don't have the faintest\n idea which release to advise. So you're on your own. Generally the\n APT machinery will sort out for you any dependencies issues that\n might exist.\n\n## My other Nginx configs on github\n\n + [Drupal](https://github.com/perusio/drupal-with-nginx \"Drupal\n Nginx configuration\")\n \n + [Piwik](https://github.com/perusio/piwik-nginx \"Piwik Nginx\n configuration\")\n \n + [Chive](https://github.com/perusio/chive-nginx \"Chive Nginx\n configuration\")\n \n + [Redmine](https://github.com/perusio/redmine-nginx \"Redmine Nginx\n configuration\") \n\n + [SquirrelMail](https://github.com/perusio/squirrelmail-nginx\n \"SquirrelMail Nginx configuration\")\n\n## Securing your PHP configuration\n\n I have created a small shell script that parses your `php.ini` and\n sets a sane environment, be it for **development** or\n **production** settings. \n \n Grab it [here](https://github.com/perusio/php-ini-cleanup \"PHP\n cleanup script\").\n\n## Acknowledgments\n\n Thanks to [Burçe Boran](http://www.burceboran.com) for helping me\n sort out the issues of the configuration for supercache 0.9.9.9.\n","funding_links":[],"categories":["Others","others"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperusio%2Fwordpress-nginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperusio%2Fwordpress-nginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperusio%2Fwordpress-nginx/lists"}