-
Notifications
You must be signed in to change notification settings - Fork 3
/
add_domain_with_rocket_nginx.sh
188 lines (147 loc) · 5.35 KB
/
add_domain_with_rocket_nginx.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
#!/bin/bash
clear
echo "We will create a new VHOST optimized for WP Rocket"
echo ""
sleep 1
echo ; read -p "Please, give me a domain: " DOMINIO
cd /usr/local/etc/nginx/conf.d && touch $DOMINIO.conf
mkdir -p /usr/local/www/public_html/$DOMINIO
chown -R www:www /usr/local/www/public_html/$DOMINIO
echo ""
cat << EOF > $DOMINIO.conf
server {
listen 8080;
listen [::]:8080;
server_name $DOMINIO www.$DOMINIO;
root /usr/local/www/public_html/$DOMINIO;
index index.php index.html;
# Brotli settings
brotli on;
brotli_comp_level 4;
brotli_types text/plain text/css application/json application/javascript application/xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon;
# Proxy buffers
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
# Upload limit
client_max_body_size 100m;
client_body_buffer_size 128k;
# WP Rocket Cache Control
set \$cache_uri \$request_uri;
# Bypass cache for query strings
if (\$query_string != "") {
set \$cache_uri 'null cache';
}
# Don't cache URIs containing the following segments
if (\$request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set \$cache_uri 'null cache';
}
# Don't use the cache for logged-in users or recent commenters
if (\$http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
set \$cache_uri 'null cache';
}
# Use cached or actual file if they exists, otherwise pass request to WordPress
location / {
try_files /wp-content/cache/wp-rocket/$DOMINIO\$cache_uri/_index.html \$uri \$uri/ /index.php\$is_args\$args;
# Serve cached page if it exists
error_page 404 = @nocache;
}
location @nocache {
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|webp)\$ {
expires max;
log_not_found off;
access_log off;
add_header Cache-Control "public";
}
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# Logs
access_log /var/log/nginx/$DOMINIO-access.log;
error_log /var/log/nginx/$DOMINIO-error.log;
# Bad bots (simplified list)
if (\$http_user_agent ~* (bot|spider|crawler|slurp|Baiduspider)) {
return 403;
}
# Deny access to sensitive files
location ~* /(wp-config\.php|xmlrpc\.php) {
deny all;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
# Block access to hidden files
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
# PHP handling
location ~ \.php$ {
try_files \$uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 600s;
fastcgi_cache_bypass \$cache_uri;
fastcgi_no_cache \$cache_uri;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
}
# WP Rocket specific rules
location ~ /wp-content/cache/wp-rocket/.*html$ {
add_header Vary "Accept-Encoding, Cookie";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Rocket-Cache "Hit";
}
location ~ /wp-content/cache/wp-rocket/.*_gzip$ {
gzip off;
types {}
default_type text/html;
add_header Content-Encoding gzip;
add_header Vary "Accept-Encoding, Cookie";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Rocket-Cache "Hit";
}
# Don't cache uris containing the following segments
if (\$request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set \$rocket_bypass 1;
}
# Don't use the cache for logged in users or recent commenters
if (\$http_cookie ~* "wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in|comment_author|comment_author_email") {
set \$rocket_bypass 1;
}
if (\$rocket_bypass = 1) {
set \$rocket_bypass_flag "1";
}
if (\$https = "on") {
set \$rocket_https_prefix "https";
}
if (\$https = "") {
set \$rocket_https_prefix "http";
}
set \$rocket_bypass_flag "";
}
EOF
echo "VHOST for $DOMINIO created with WP Rocket optimizations"
echo ""
echo "Restarting NGINX"
sleep 2
service nginx restart
service php-fpm restart
echo ""
echo "Complete"