66# ---------------------------------------------------------------------------- #
77
88# FastCGI Cache Path
9- ####################
9+ #####################
1010fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=NPP:100m max_size=400m inactive=30d;
11- ####################
11+ #####################
1212
1313server {
1414 # Listen HTTP
15- ##################################
15+ #################
1616 listen 80;
1717 server_name localhost;
1818
1919 # HTTPS Redirect
20- ##################################
20+ #################
2121 location / {
2222 rewrite ^ https://$host$request_uri? permanent;
2323 }
2424}
2525
2626server {
2727 # Listen HTTPS
28- ##################################
28+ #################
2929 listen 443 ssl;
3030 server_name localhost;
3131
32- # Document root
33- ###############
32+ # phpMyAdmin Reverse Proxy
33+ #################
34+ location = /phpmyadmin {
35+ return 301 $scheme://$host/phpmyadmin/;
36+ }
37+
38+ location ~ \/phpmyadmin {
39+ rewrite ^/phpmyadmin(/.*)$ $1 break;
40+ proxy_set_header Host $host;
41+ proxy_set_header X-Forwarded-Scheme $scheme;
42+ proxy_set_header X-Forwarded-Proto $scheme;
43+ proxy_set_header X-Forwarded-For $remote_addr;
44+ proxy_set_header X-Real-IP $remote_addr;
45+ proxy_pass http://phpmyadmin:80;
46+ }
47+ # End
48+ #####
49+
50+ # WP Document root
51+ #################
3452 root /var/www/html;
3553 index index.php index.html index.htm;
3654
37- # Cache Settings
55+ # FCGI Cache Settings
3856 #################
3957 set $skip_cache 0;
4058
@@ -61,7 +79,7 @@ server {
6179 #####
6280
6381 # Stop Nginx from logging
64- #########################
82+ #################
6583 location = /favicon.ico {
6684 log_not_found off;
6785 access_log off;
@@ -75,16 +93,16 @@ server {
7593 # End
7694 #####
7795
78- # Serve content
79- ##################
96+ # Serve WP content
97+ #################
8098 location / {
8199 try_files $uri $uri/ /index.php$is_args$args;
82100 }
83101 # End
84102 #####
85103
86104 # PHP-FPM Configuration
87- ################
105+ #################
88106 location ~ \.php$ {
89107 # Use NPP "Cache Key Regex" option for non-default structers
90108 # This structer supported in default by NPP
@@ -107,47 +125,47 @@ server {
107125 # End
108126 #####
109127
110- # WP Security Settings
111- #######################
128+ # WP Security Settings (Enable on Production)
129+ #################
112130 # Deny access to hidden files and directories (except .well-known)
113- location ~ /\.(?!well-known/) {
114- deny all;
115- }
131+ # location ~ /\.(?!well-known/) {
132+ # deny all;
133+ # }
116134
117135 # Deny access to wp-config files and other critical files
118- location ~* ^/(?:wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
119- deny all;
120- }
136+ # location ~* ^/(?:wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
137+ # deny all;
138+ # }
121139
122140 # Deny access to PHP files in uploads, files, plugins, themes
123- location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
124- deny all;
125- }
141+ # location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
142+ # deny all;
143+ # }
126144
127145 # Deny access to script file types
128- location ~* .(pl|cgi|py|sh|lua|asp)$ {
129- deny all;
130- }
146+ # location ~* .(pl|cgi|py|sh|lua|asp)$ {
147+ # deny all;
148+ # }
131149
132150 # Block access to wp-content plugin/theme log files
133- location ~* ^/wp-content/(plugins|themes)/.*\.(txt|log|md)$ {
134- deny all;
135- }
151+ # location ~* ^/wp-content/(plugins|themes)/.*\.(txt|log|md)$ {
152+ # deny all;
153+ # }
136154
137155 # Block common attack patterns
138- location ~* "(eval\(.*\)|base64_encode\(.*\)|\{0\}|phpinfo|self/environ)" {
139- deny all;
140- }
156+ # location ~* "(eval\(.*\)|base64_encode\(.*\)|\{0\}|phpinfo|self/environ)" {
157+ # deny all;
158+ # }
141159
142160 # Block dangerous file access
143- location ~* "/(thumb|timthumb|config|settings|sqlpatch|webshell|phpinfo)\.php" {
144- deny all;
145- }
161+ # location ~* "/(thumb|timthumb|config|settings|sqlpatch|webshell|phpinfo)\.php" {
162+ # deny all;
163+ # }
146164 # End
147165 #####
148166
149167 # Browser Cache (Enable on Production)
150- ###############
168+ #################
151169 # location ~*.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
152170 # expires max;
153171 # log_not_found off;
@@ -165,7 +183,7 @@ server {
165183 #####
166184
167185 # SSL Settings (Enable on Production)
168- ##############
186+ #################
169187 # ssl_protocols TLSv1.2 TLSv1.3;
170188 # ssl_prefer_server_ciphers on;
171189 # ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
@@ -178,7 +196,7 @@ server {
178196 #####
179197
180198 # Security Headers (Enable on Production)
181- ##################
199+ #################
182200 # add_header Content-Security-Policy upgrade-insecure-requests;
183201 # add_header Permissions-Policy "microphone=(), camera=(), interest-cohort=(), browsing-topics=()";
184202 # add_header Referrer-Policy no-referrer-when-downgrade;
@@ -190,7 +208,7 @@ server {
190208 #####
191209
192210 # FastCGI Cache Status Header
193- #############################
211+ #################
194212 add_header NPP-FastCGI-Cache $upstream_cache_status;
195- #############################
213+ #################
196214}
0 commit comments