Hi there,

just created a sites config for MUltisite SSL and FastCGI Cache. Can you add this to the sites-available?

multisite-subdirectory-ssl-fastcgi.com.txt

For a static site, a simple:
error_page 404 /404.html; location /404.html { internal; }
within the server block, never reaches.

Unless uncomment the lines https://github.com/A5hleyRich/wordpress-nginx/blob/master/global/server/static-files.conf#L2-L4

This could be reated to #18

Add to the exclusions.conf the ACME challenge:

location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)

location ~ /\. {
	deny all;
}

above rule is causing issues with certbot , Is there a way to exclude single hidden folder eg: .well-known ?

Nginx error
2018/01/28 17:06:25 [error] 3290#3290: *1316 access forbidden by rule,
certbot error
The client lacks sufficient authorization :: Invalid response from http://www.blog.com/**.well-known**/acme-challenge/8nYiIsdsdsd2cfLZwsdsdPxNhCA: "

Hi!

Thanks for the awesome configuration kit and the the WordPress server setup tutorial! I must say, this is the most complete guide I've found anywhere so far to set-up a full Linux server for WordPress!

I have a concern about the FastCGI cache purging. Before discovering your tutorial, I was following this tutorial to setup FastCGI cache: https://www.linuxbabe.com/nginx/setup-nginx-fastcgi-cache

It says to install http-cache-purge module to purge cache. My question is, does the nginx version in your tutorial includes this module. I assume it is, as you've not instructed to install it on the tutorial. But want to make sure. From this tutorial, it looks like cache purging with the Nginx Helper plugin will not work.

Also it says to add the following code to the server block for cache purging, which I do not see in this kit (probably I've missed it somehow!):

location ~ /purge(/.*) {
      fastcgi_cache_purge phpcache "$scheme$request_method$host$1";
}

I've also found this comment on the Nginx website regarding FastCGI: https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#comment-2804093220

Using $host in fastcgi_cache_key can result in infinite redirect loops with WordPress.

WordPress has this silly little thing called redirect_canonical, which will attempt to strip the port number (:80, :443) from the Host header by redirecting to the same URL without the port number. Many web crawlers and especially monitoring systems explicitly provide the port number in the Host header, so they get a redirect.

But the $host variable in Nginx does not contain the port number, even if explicitly set in the Host header, resulting in the same cache keys for requests with and without the port. So if somebody is lucky enough (and monitoring systems are very persistent) they'll eventually hit a redirect, which will cause Nginx to cache that redirect and serve it to regular visitors requesting the same cache key, i.e. an infinite redirect loop for the duration of the cache.

Example:

$ curl -v https://example.org/ -H "Host: example.org:443" -o /dev/null
Location: https://example.org/
X-Cache: MISS

$ curl -v https://example.org/ -H "Host: example.org" -o /dev/null
Location: https://example.org/
X-Cache: HIT

This is a bit of an edge case because the :443 hit must arrive during a time where the cache is missing or has expired. But when it happens it's very hard to catch and debug.

The workaround is to use $http_host in the cache key instead, which is the original value of the Host header.

I can see $host is used on the kit configuration in key. Is it alright?

Thanks a lot for the clarification!

Regards

Thank you for the setting up tutorials. Checked your blog, very details steps also.

Hello,

I followed your tutorial to setup fast-cgi caching, and right now the

if ($query_string != "") {
       set $skip_cache 1;
}

test makes caching to always fails for anything but the index.

The reason seems to be that when a post is loaded, the $query_string contains the path of the post q=/2018/07/28/never-cached/& (I use a header to see that:
add_header X-query-string "$query_string";)

Thus, the page always return "BYPASS".

I am not sure how one could discriminate what should be cached in that case. Any idea?

need to add this in order to work with '%postname%.html' as permalink.

if (!-e $request_filename) {
    rewrite ^.*$ /index.php last;
}

You should update to not cache URLs that lead to /wp-json

if ($request_uri ~* "/wp-admin/|/wp-json/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { set $skip_cache 1; }

After using this for my nginx config structure and using multisite-subdomain.com as the structure for my enabled-site config I received a error message when testing the configuration:

# nginx -t
nginx: [emerg] invalid number of arguments in "add_header" directive in /etc/nginx/global/server/security.conf:8
nginx: configuration file /etc/nginx/nginx.conf test failed

I removed the inclution of the file in global/server/defaults.conf and was able to get error free test results.

I have not touched any of the configs when testing the setup other than the basics from the instructions found on deliciousbrains.com

Hi, that configuration worksfine with letsencrypt managed by certbot?

It is in static and restrictions... thoughts?

This config works very well but if the server is running several websites it seems nicer to use separate PHP pools. (and a bit more secure).
With different pools it is easier to monitor memory use etc.
I was wondering if this could be implemented in this setup. Currently everything points to a global file.
Any hints?

Update:
Noticed some remarks in this setup about using different pools for different PHP version.
Can't really figure out how to use newly made pools.

My wishlist for an updated new article: (and big thank you for all the previous ones!)

1. More about using pools, both for changing PHP version and for separating sites so monitoring eg memory becomes easier
2. Memory tuning / time out tuning. I have spent a lot of time to get this working ok but love to hear some more opinions what to tweak in in all the possible locations.
3. monit or other watchdog setups. How to make sure if the system stops, it restarts, reports, alerts. (why does this always happen in the middle of the night :-) )

Hy Ashley,

I love this repository. Made a lot of our sites damn fast 👍

For one of our projects we are using webfonts like woff, woff2, eot or ttf files. So I added these extensions to the static-files.conf

When you allow pull requests I can create one otherwise here is the changed line:

location ~* .(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff|woff2|eot|ttf)$ {

Best Christofer, keep up the good work!

Hello;

Thanks for this configuration, feel like kissing you lol. i have few questions please.

1. I am using wp-rocket on wp-super cache for different sites what would be the configuration? wp-rocket has its own (i can get that via support)
2. What is the rewrite run for sitemap plugin, i am not using the one included in yoast.

Thanks

I am not sure if this is on purpose but in part 7 of Hosting Wordpress Yourself you suggest security tips like the ones that included at the file global/server/security.conf but this file is not used anywhere in nginx.conf or files at sites-available directory.

HEY, Ashley

Been following your series and everything's been working out great up until I cloned this repo.

Now I'm getting a 502 Bad Gateway page on a site that was working before the change.

Did I miss something?

Please add the following lines to a global file for Yoast XML Support:

rewrite /sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite /([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

hey
I don't feel like kissing you but thanks again lol

Well, after many tries and reloads and investigations, I can tell you that there 2 issues with the current configuration:

1. the security header for click-jacking and all the other headers in this files are wiped out by the Cache-control header in static-files.conf

2. moreover, whatever header is declared before an image extension is matched by this static-files.conf location is wiped out.

I think it's an issue, because you lose the click-jacking protection, just for a cache control header.
On the other hand, how do you add this cache-control header just for images without a location?

I'm thinking of a possible workaround that would :

1. Since you cannot include the server_tokens directive more than once, move this one in nginx.conf or create a global/security.conf?
2. include server/security.conf in any locations that need a specific header

what do you think?

Thanks for organizing this documentation! Very helpful.

We currently have some issues with responsiveness in mobile devices, i.e., some mobile-specific menus or features would not appear correctly. How can we make separate cache for mobile? See examples:
https://docs.wp-rocket.me/article/708-mobile-caching
https://crocoblock.com/troubleshooting/articles/cannot-make-jetmenu-mega-menu-mobile-responsive/

Thank you!

Copyright (c)

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

I think the fast cgi cach is not working for me

when I enter this line

add header to make sure cach with hit or missed

add_header X-Cache $upstream_cache_status;

I dont see the header

I would like to update the link and text to reflect the updated version and update link Install WordPress on Ubuntu 20.04.