Jump to content

ProcessWire on NGINX

jose

By jose,
in General Support

 Share

Recommended Posts

jacmaes Sr. Member

jacmaes

Posted
Posted

Here's the full vhost file for one of my PW sites that uses ProCache. (Note that I've changed the real domain to example.com, and the ProCache string to "ProCache-xxxxxxxxxxxxx".) 

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  server_name example.com;
  return 301 https://www.example.com$request_uri;
}

server {
  listen 8080;
  listen [::]:8080;
  server_name www.example.com www1.example.com;
  {{root}}
  index index.php index.html;

}

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  server_name www.example.com www1.example.com;
  {{root}}
  index index.php index.html;

  {{nginx_access_log}}
  {{nginx_error_log}}

  if ($scheme != "https") {
    rewrite ^ https://$host$uri permanent;
  }

  location ~ /.well-known {
    auth_basic off;
    allow all;
  }
  
  {{settings}}


  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
    add_header Access-Control-Allow-Origin "*";
    expires 48h;
    access_log off;
    try_files $uri $uri/ /index.php?it=$uri&$args;
  }
	
	
	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}


	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}
	
	# ProCache Rules

    set $cache_uri $request_uri;

	if ($request_method = POST) {
		set $cache_uri 'nocache';
	}
	
	if ($request_method = HX_REQUEST) {
		set $cache_uri 'nocache';
	}

	if ($http_cookie ~* "wires_challenge") {
		set $cache_uri 'nocache';
	}
	
	if ($http_cookie ~* "persist") {
		set $cache_uri 'nocache';
	}


	

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		expires -1;
		try_files /site/assets/ProCache-xxxxxxxxxxxxx/$cache_uri/index.html $uri $uri/ /index.php?it=$uri&$args;
	}


  
 location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files $uri =404;
    fastcgi_read_timeout 3600;
    fastcgi_send_timeout 3600;
    fastcgi_param HTTPS "on";
    fastcgi_param SERVER_PORT 443;
    fastcgi_pass 127.0.0.1:{{php_fpm_port}};
    fastcgi_param PHP_VALUE "{{php_settings}}";
  }

  if (-f $request_filename) {
    break;
  }


}

 Hope this helps.

  • Like 4
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...