-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathadd_domain_with_rocket_nginx.sh
249 lines (199 loc) · 7.54 KB
/
add_domain_with_rocket_nginx.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
#!/bin/bash
clear
echo "We will create a new VHOST optimized for WP Rocket"
echo ""
sleep 1
echo ; read -p "Please, give me a domain: " DOMINIO
cd /usr/local/etc/nginx/conf.d && touch $DOMINIO.conf
mkdir -p /usr/local/www/public_html/$DOMINIO
chown -R www:www /usr/local/www/public_html/$DOMINIO
echo ""
cat << EOF > $DOMINIO.conf
server {
listen 8080;
listen [::]:8080;
server_name $DOMINIO www.$DOMINIO;
root /usr/local/www/public_html/$DOMINIO;
index index.php index.html;
# Brotli settings
brotli on;
brotli_comp_level 4;
brotli_types
text/plain
text/css
application/json
application/javascript
application/xml
application/x-font-ttf
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
image/webp
text/xml
application/x-web-app-manifest+json;
# Proxy buffers
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
# Upload limit
client_max_body_size 100m;
client_body_buffer_size 128k;
# WP Rocket Cache Control
set \$cache_uri \$request_uri;
# Bypass cache for query strings
if (\$query_string != "") {
set \$cache_uri 'null cache';
}
# Don't cache URIs containing the following segments
if (\$request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml|(.*)preview(.*)|\?(.+)|/checkout/|/cart/|/my-account/|/wc-api/|/wp-json/|/webp-express/|addons|removed_item|undo_item|applied_coupon|removed_coupon|update_shipping_method|update_order_review)") {
set \$cache_uri 'null cache';
}
# Don't use the cache for logged-in users or recent commenters
if (\$http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|wptouch_switch_toggle|comment_author_email_") {
set \$cache_uri 'null cache';
}
# Use cached or actual file if they exists, otherwise pass request to WordPress
location / {
try_files /wp-content/cache/wp-rocket/$DOMINIO\$cache_uri/_index.html \$uri \$uri/ /index.php\$is_args\$args;
error_page 404 = @nocache;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "interest-cohort=()";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
location @nocache {
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|webp|avif|heic)\$ {
expires max;
log_not_found off;
access_log off;
add_header Cache-Control "public, no-transform";
add_header Vary "Accept-Encoding";
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
# Logs
access_log /var/log/nginx/$DOMINIO-access.log;
error_log /var/log/nginx/$DOMINIO-error.log;
# Bad bots and referrer spam blocking
if (\$http_user_agent ~* (bot|crawler|spider|slurp|Baiduspider|80legs|360Spider|Sosospider|Sogou)) {
return 403;
}
# WordPress Security
# Block PHP files in uploads, template, cache and includes directory
location ~* /(?:uploads|files|wp-content|wp-includes|akismet|wp-content/cache|wp-content/themes)/*.*.php\$ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to sensitive files
location ~* /(wp-config\.php|xmlrpc\.php|readme\.html|license\.txt|wp-cli\.yml|wp-config-sample\.php) {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
try_files \$uri \$uri/ /index.php\$is_args\$args;
access_log off;
log_not_found off;
}
# Block access to hidden files
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
# PHP handling with improved FastCGI settings
location ~ [^/]\.php(/|\$) {
try_files \$uri \$uri/ /index.php\$is_args\$args;
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# FastCGI handling
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
fastcgi_connect_timeout 60s;
# Cache settings
fastcgi_cache_bypass \$cache_uri;
fastcgi_no_cache \$cache_uri;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_cache_use_stale error timeout http_500 http_503;
fastcgi_cache_lock on;
# Hide cache header
fastcgi_hide_header Cache-Control;
fastcgi_hide_header X-Powered-By;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
# Return 404 for all other php files not matching the front controller
location ~ \.php\$ {
return 404;
}
# WP Rocket specific rules
location ~ /wp-content/cache/wp-rocket/.*html\$ {
add_header Vary "Accept-Encoding, Cookie";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Rocket-Cache "Hit";
expires 30s;
}
location ~ /wp-content/cache/wp-rocket/.*_gzip\$ {
gzip off;
types {}
default_type text/html;
add_header Content-Encoding gzip;
add_header Vary "Accept-Encoding, Cookie";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Rocket-Cache "Hit";
expires 30s;
}
# WP Rocket Mobile Detection
location ~ /wp-content/cache/wp-rocket/.*-mobile\.html\$ {
add_header Vary "Accept-Encoding, Cookie, User-Agent";
}
# Don't cache uris containing the following segments
if (\$request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set \$rocket_bypass 1;
}
# Don't use the cache for logged in users or recent commenters
if (\$http_cookie ~* "wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in|comment_author|comment_author_email") {
set \$rocket_bypass 1;
}
# WooCommerce specific rules
if (\$request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*|/wp-json.*") {
set \$rocket_bypass 1;
}
if (\$http_cookie ~* "woocommerce_items_in_cart|woocommerce_cart_hash") {
set \$rocket_bypass 1;
}
if (\$rocket_bypass = 1) {
set \$rocket_bypass_flag "1";
}
if (\$https = "on") {
set \$rocket_https_prefix "https";
}
if (\$https = "") {
set \$rocket_https_prefix "http";
}
set \$rocket_bypass_flag "";
}
EOF
echo "VHOST for $DOMINIO created with WP Rocket optimizations"
echo ""
echo "Restarting NGINX"
sleep 2
service nginx restart
service php-fpm restart
echo ""
echo "Complete"