ini CONF：Linux，Nginx，PHP，Php-fpm

Posted 2021-05-24

ec2 aws linux ami

cambiar valores
/etc/php-fpm.d/www.conf
	/var/run/php-main.socket
/etc/nginx/nginx.conf
/etc/nginx/conf.d/new-site.conf

chown ec2-user o ubuntu
/var/lib/nginx
/var/log/nginx

ini 用于Nginx的PHP 7 Wordpress.conf

##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################
# /etc/nginx/wordpress.conf
#
# Contains a common configuration for use by nginx on a WordPress
# installation. This file should be included in any WordPress site
# nginx virtual host config located in sites-available  with the following line:
#
#       include                         /etc/nginx/wordpress.config;
#

# Attempt to rewrite wordpress in sub directory 
rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc\.php|wp-[0-9a-z-]+\.php) /wp/$2;
rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;


location / {
    index                               index.php index.html;
    try_files                           $uri $uri/ /index.php?$args;
}

#############
# Specify a charset
############
        charset                         utf-8;

############
# GZIP
###########

        gzip                            off;

#############
# Add trailing slash to */wp-admin requests.
############

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;


############
# this prevents hidden files (beginning with a period) from being served
############

location ~ /\. {
        access_log                      off;
        log_not_found                   off;
        deny                            all;
}

###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########

        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log                      off;
        log_not_found                   off;
        expires                         max;
}

############
# Pass uploaded files to wp-includes/ms-files.php.
############

#       rewrite                         /files/$ /index.php last;

if ($uri !~ wp-content/plugins) {
        rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
}

# Rewrite multisite in a subdirectory '.../wp-.*' and '.../*.php'.
# if (!-e $request_filename) {
#    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*\.php)$ $1 last;
#    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
#}

# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;
    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) /wp$1 last;
    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ /wp$1 last;
}


############
# Pass all .php files onto a php-fpm or php-cgi server
############

location ~ \.php$ {

        # Try the files specified in order. In our case, try the requested URI and if
        # that fails, try (successfully) to pass a 404 error.
        # zero day exploit defense

        try_files                       $uri =404;

        # Include the fastcgi_params defaults provided by nginx

        include                         snippets/fastcgi-php.conf;

        # The amount of time for upstream to wait for a fastcgi process to send data.
        # We keep this *extremely* high so that one can be lazy when remote debugging.

        fastcgi_read_timeout            3600s;
        
         # Buffer size for reading the header of the backend FastCGI process.
        # This defaults to the value of a single fastcgi_buffers, so does not
        # need to be specified in our case, but it's good to be explicit.

        fastcgi_buffer_size             128k;

        # The number and size of the buffers into which the reply from the FastCGI
        # process in the backend is read.
        #
        # 4 buffers at 128k means that any reply by FastCGI greater than 512k goes
        # to disk and replies under 512k are handled directly in memory.

        fastcgi_buffers                 4 128k;

        # SCRIPT_FILENAME is a required parameter for things to work properly,
        # but was missing in the default fastcgi_params on upgrade to nginx 1.4.
        # We define it here to be sure that it exists.

        fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;


 # Use the upstream for php5-fpm that we defined in nginx.conf

        include                         snippets/fastcgi-php.conf;
        fastcgi_pass                    unix:/run/php/php7.0-fpm.sock;

        # And get to serving the file!

        fastcgi_index                   index.php;
}


############
# ROBOTS
###########

        location = /robots.txt {
              allow all;
              log_not_found off;
              access_log off;
        }


############
# RESTRICTIONS
############

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
 deny all;
}