Welcome! Log In Create A New Profile

Advanced

Looking for some advice on my current vhost config

Posted by cartpauj 
Forum List Message List New Topic
cartpauj
Looking for some advice on my current vhost config
January 27, 2015 07:39PM
I'm setting up an SSL-only WordPress site and have got my config working. However, some of the tutorials/docs I've read seem to contradict each-other -- and most are a few years old by now.

So I've put some questions (on lines with #####) in the configuration file below, if someone could help answer these questions, and make any other general suggestions for improvements or simplification -- or point out flaws etc that would be awesome! I'll just say thanks in advance.

A bit of helpful information:
* Ubuntu 14.04LTS
* nginx - 1.4.6
* php5-fpm - 5.5.9
* WordPress 4.x + W3TC

#Redirect http => https without the www
server {
listen 80 default_server;
server_name domain.com www.domain.com;
##### Which redirection method below is best/quickest?
# rewrite ^(.*) https://domain.com$1 permanent;
return 301 https://domain.com$request_uri;
}

#Main SSL server block
server {
listen 443 ssl default_server;
server_name domain.com;

root /usr/share/nginx/html/domain.com;
index index.php index.html index.htm;

# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
# END W3TC Browser Cache

# ssl on;
ssl_certificate /etc/ssl/certs/domain.com.rapidssl.crt;
ssl_certificate_key /etc/ssl/private/domain.com.key;
##### Are these ssl_ lines below ok?
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}

##### Are these error_page directives even needed with WP?
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ \.php$ {
# security fix
try_files $uri =404;

include fastcgi_params;
##### Is this fastcgi_split_path_info needed (I have disabled "cgi.fix_pathinfo" in php.ini FYI)?
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
##### Is this SCRIPT_FILENAME line below (currently disabled) needed any more - since I'm using a newer nginx version than 0.8.30?
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 123
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready