Add sample configuration for apache / nginx web servers.

shulard · shulard · commit 07a24c857706 · 2017-02-10T11:59:16.000+01:00
diff --git a/dist/apache/sample.htaccess b/dist/apache/sample.htaccess
@@ -0,0 +1,101 @@
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+
+    RewriteBase "/"
+
+    #Fix issue #1 invalid wp-admin redirect
+    RewriteRule ^wp\-admin$ /wp-admin/ [L,R=301]
+
+    #If the URL start with public stop redirect
+    RewriteRule wp\-cms\/index\.php$ - [L]
+
+    #If you request an URL it does not start with wp-cms
+    #Else the HTACCESS have done the redirect, you can go to the index.php to execute code
+    RewriteCond %{REQUEST_URI} ^/wp-cms
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteRule ^(.*)$ /wp-cms/index.php [L]
+
+    #wp-cms is not here so we add it :)
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteRule ^(.*)$ /wp-cms/$1 [L]
+</IfModule>
+
+########################### MOD_DEFLATE COMPRESSION ############################
+<IfModule mod_deflate.c>
+    SetOutputFilter DEFLATE
+    AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript application/x-httpd-php
+</IfModule>
+
+#For incompatible browsers
+BrowserMatch ^Mozilla/4 gzip-only-text/html
+BrowserMatch ^Mozilla/4\.0[678] no-gzip
+BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+#Do not put in cache if files are already in
+SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|swf)$ no-gzip
+
+################################ EXPIRE HEADERS ################################
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresDefault "access plus 7200 seconds"
+    ExpiresByType image/jpg "access plus 2592000 seconds"
+    ExpiresByType image/jpeg "access plus 2592000 seconds"
+    ExpiresByType image/png "access plus 2592000 seconds"
+    ExpiresByType image/gif "access plus 2592000 seconds"
+
+    AddType image/x-icon .ico
+    ExpiresByType image/ico "access plus 2592000 seconds"
+    ExpiresByType image/icon "access plus 2592000 seconds"
+    ExpiresByType image/x-icon "access plus 2592000 seconds"
+    ExpiresByType text/css "access plus 2592000 seconds"
+    ExpiresByType text/javascript "access plus 2592000 seconds"
+    ExpiresByType text/html "access plus 7200 seconds"
+    ExpiresByType application/xhtml+xml "access plus 7200 seconds"
+    ExpiresByType application/javascript A259200
+    ExpiresByType application/x-javascript "access plus 2592000 seconds"
+    ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
+</IfModule>
+
+############################ CACHE CONTROL HEADERS #############################
+<IfModule mod_headers.c>
+    #les proxies doivent donner le bon contenu
+    Header append Vary User-Agent env=!dont-vary
+
+    <FilesMatch "\\.(ico|jpe?g|png|gif|swf|gz|ttf)$">
+        Header set Cache-Control "max-age=2592000, public"
+    </FilesMatch>
+    <FilesMatch "\\.(css)$">
+        Header set Cache-Control "max-age=2592000, public"
+    </FilesMatch>
+    <FilesMatch "\\.(js)$">
+        Header set Cache-Control "max-age=2592000, private"
+    </FilesMatch>
+    <FilesMatch "\\.(html|htm)$">
+        Header set Cache-Control "max-age=7200, public"
+    </FilesMatch>
+
+    # Disable caching for scripts and other dynamic files
+    <FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
+        Header unset Cache-Control
+    </FilesMatch>
+
+    # KILL THEM ETAGS
+    Header unset ETag
+    FileETag none
+</IfModule>
+
+############################ PROTECT HTACCESS FILE #############################
+<Files .htaccess>
+    Order allow,deny
+    Deny from all
+</Files>
+<Files wp-config.php>
+    Order allow,deny
+    Deny from all
+</Files>
+
+############################ PROTECT FOLDER LISTING ############################
+Options -Indexes
diff --git a/dist/nginx/sample.conf b/dist/nginx/sample.conf
@@ -0,0 +1,84 @@
+upstream phpfpm-sock {
+    server {sock};
+}
+
+fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone={host}:100m inactive=60m;
+fastcgi_cache_key "$scheme$request_method$host$request_uri";
+
+server {
+    listen 80;
+
+    server_name {host};
+    root /home/{host}/public;
+
+    index index.php;
+
+    access_log /var/log/nginx/{host}-access.log;
+    error_log /var/log/nginx/{host}-error.log;
+
+    set $root "";
+    if ($request_uri ~* "^(/wp-admin/.+)|(/wp-[^/]+\.php)" ){
+        set $root "/wp-cms";
+    }
+
+    # Global restrictions configuration file.
+    # Designed to be included in any server {} block.
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+    location ~ /\.(?!well-known).+ {
+        deny all;
+    }
+
+    # Deny access to any files with a .php extension in the uploads directory
+    # Works in sub-directory installs and also in multisite network
+    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+    location ~* /(?:uploads|files)/.*\.php$ {
+        deny all;
+    }
+
+    # WordPress single site rules.
+    # Designed to be included in any server {} block.
+
+    # This order might seem weird - this is attempted to match last if rules below fail.
+    # http://wiki.nginx.org/HttpCoreModule
+    location / {
+        try_files $uri $uri/ /wp-cms/$uri /wp-cms/$uri/ /wp-cms/index.php?$args;
+    }
+
+    # Add trailing slash to */wp-admin requests.
+    rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+
+    # Directives to send expires headers and turn off 404 error logging.
+    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+        access_log off;
+        log_not_found off;
+        expires max;
+    }
+
+    # Pass all .php files onto a php-fpm/php-fcgi server.
+    location ~ [^/]\.php(/|$) {
+        fastcgi_split_path_info ^(/.+?\.php)(/.*)$;
+        if (!-f $document_root$root$fastcgi_script_name) {
+            return 404;
+        }
+        # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
+
+        include /etc/nginx/fastcgi_params;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$root$fastcgi_script_name;
+        fastcgi_pass phpfpm-sock;
+        fastcgi_cache {host};
+        fastcgi_cache_valid 200 60m;
+    }
+}
