# move next 4 lines to /etc/nginx/nginx.conf if using fastcgi_cache across many sites
fastcgi_cache_path /tmp/example_cache levels=1:2 keys_zone=zone_www.example.com:100m max_size=1g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
server {
root /var/www/www.example.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name fallback.example.com *.example.com www.example.com;
# logs
access_log /var/log/nginx/www-example.access.log;
error_log /var/log/nginx/www-example.error.log;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP, no cache
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't cache for logged in users or recent commenter
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
include /etc/nginx/fastcgi.conf;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_cache zone_www.example.com;
fastcgi_cache_valid 200 5m;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
add_header php-cache-5m $upstream_cache_status;
add_header Last-Modified $date_gmt;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~ /\. {
deny all; log_not_found off; access_log off;
}
location ~ /\.ht {
deny all;
}
location ~* ^.+\.(cogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires 1d;
add_header Cache-Control "public, no-transform";
}
listen 443 ssl;
ssl_certificate /etc/ssl/cf-ssl/*.user.example.com.crt;
ssl_certificate_key /etc/ssl/cf-ssl/*.user.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
}
server {
listen 80;
server_name fallback.example.com *.example.com www.example.com;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
rewrite ^(.*[^/])$ $1/ permanent;
}