WordPress Nginx 配置指南

這篇文章大部分來自對wordpress.org官網(wǎng)的翻譯。滿意之后會提交給官方。
https://codex.wordpress.org/Nginx

LAMP(Linux + Apache + MySQL + PHP)現(xiàn)在是建立WordPress最流行的技術(shù)棧,但也可以使用Nginx。WordPress支持Nginx,類似WordPress.com的大型WordPress網(wǎng)站,就是基于Nginx的。

有很多方法實(shí)施Nginx。可以做為Aach的前置reverse-proxy(反向代理),可以同時使用Apache的特性、功能,又獲得Nginx高速的優(yōu)點(diǎn)。很多使用nginx的網(wǎng)站實(shí)際上都是運(yùn)行著Apache,Nginx做為reverse proxy。

這篇指南主要用于獨(dú)立的Nginx setup配置,Nginx代替Apache做為主服務(wù)器。請注意,Nginx并不是Apache的完全替代品。關(guān)于WordPress的部署啟動,動手之前請注意這些關(guān)鍵點(diǎn):

  • Nginx沒有目錄級配置文件(類似Apache的.htaccess 或IIS的web.config文件)。所有的配置都在管理員處理server level時完成,所有WordPress無法修正配置。
  • 當(dāng)使用Nginx的時候,仿固定鏈接功能(Pretty Permalinks functionality)有些不同
  • 因?yàn)镹ginx沒有.htaccess-type 能力,所以WordPress無法為你自動修正服務(wù)器配置。(不能自動產(chǎn)生rewrite rules)
  • 如果你沒有修改install, "index.php"將被添加到你的固定鏈接。(通過插件或者在子主題"child theme"的functions.php中添加自定義代碼)
  • 最后,如果你一定要使用一些.htaccess 的某些功能,技術(shù)上來說,可以通過安裝htscanner PECL extension for PHP實(shí)現(xiàn)。 (請注意,這不是一個完美的解決方案,所以在網(wǎng)站上線使用之前,請對其進(jìn)行充分的測試和Debug)

這篇指南并不包括安裝和配置Nginx,建議你已經(jīng)安裝了Nginx,并了解Nginx的基本工作調(diào)試知識后再進(jìn)行閱讀。

通用多站點(diǎn)支持(Generic and Multi-Site Support)

WordPress要與Nginx一起工作,必須先配置后端php-cgi,可選擇 FastCGI 或 PHP - FPM 。因?yàn)?PHP 5.3 中php-fpm已經(jīng)直接安裝,所以我們就用它了。

Nginx 配置已分成 5 個不同文件 , 為了便于理解,對每個設(shè)置都已經(jīng)詳細(xì)注釋。筆者盡量嘗試做 Nginx 配置的“最佳實(shí)踐”。

主啟動文件(通用)

此文件就是 /etc/nginx/nginx.conf (或者 /etc/nginx/conf/nginx.conf 如用的是 Arch Linux).

# Generic startup file.
user {user} {group};

#一般等于你的CPU數(shù)。執(zhí)行命令 "grep processor /proc/cpuinfo | wc -l" 可獲得
worker_processes  2;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

# Keeps the logs free of messages about not being able to bind().
#daemon     off;

events {
    worker_connections  1024;
}

http {
#   rewrite_log on;
    include mime.types;
    default_type       application/octet-stream;
    access_log         /var/log/nginx/access.log;
    sendfile           on;
#   tcp_nopush         on;
    keepalive_timeout  3;
#   tcp_nodelay        on;
#   gzip               on;
#php max upload limit cannot be larger than this 此參數(shù)譯者設(shè)置后測試失敗      
    client_max_body_size 13m;
    index              index.php index.html index.htm;

    # Upstream to abstract backend connection(s) for PHP.
    upstream php {
        #this should match value of "listen" directive in php-fpm pool
        server unix:/tmp/php-fpm.sock;
#       server 127.0.0.1:9000;
    }

    include sites-enabled/*;
}

與標(biāo)準(zhǔn)的 nginx.conf 文件稍微有點(diǎn)不同,此配置遵循 Ubuntu / Debian 聲明的最大彈性啟動站點(diǎn)(enabled sites)法- - 用“sites-available”存儲一個配置, 然后鏈接到"sites-enabled"中的配置文件 。

單站點(diǎn)配置(Per Site Configuration)

# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

server {
        server_name  _;
        return 302 $scheme://example.com$request_uri;
}

server {
    server_name example.com;
    root /var/www/example.com;

    index index.php;

    include global/restrictions.conf;

    #附加規(guī)則可以寫在這里

    # 下面的文件只能包含一個
    include global/wordpress.conf;
#   include global/wordpress-ms-subdir.conf;
#   include global/wordpress-ms-subdomain.conf;
}

將配置分成多個片段放在多個文件中,可以允許同樣的邏輯復(fù)用。'global'子目錄可用于添加額外功能配置(通用功能)。(基于Nginx的安裝設(shè)置情況,目錄可能是 /etc/nginx/conf/global/ 也可能是 /etc/nginx/global/)

全局限制文件

# Global restrictions configuration file.
# Designed to be included in any server {} block.
location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
    deny all;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

General WordPress rules

對于單個站點(diǎn)安裝情況來說,這就是 'global/wordpress.conf'文件:

# WordPress single site rules.
# Designed to be included in any server {} block.
# Upstream to abstract backend connection(s) for php
upstream php {
        server unix:/tmp/php-cgi.socket;
        server 127.0.0.1:9000;
}

server {
        ## Your website name goes here.
        server_name domain.tld;
        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi.conf;
                fastcgi_intercept_errors on;
                fastcgi_pass php;
                fastcgi_buffers 16 16k;
                fastcgi_buffer_size 32k;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

nginxv.10及之后版本的最新例子,請Ref: https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/

WordPress Multisite Subdirectory rules

多網(wǎng)站子目錄安裝,對應(yīng)的 'global/wordpress.conf'文件如下:

# WordPress multisite subdirectory rules.
# Designed to be included in any server {} block.
map $uri $blogname{
    ~^(?P<blogpath>/[^/]+/)files/(.*)       $blogpath ;
}

map $blogname $blogid{
    default -999;

    #Ref: http://wordpress.org/extend/plugins/nginx-helper/
    #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
}

server {
    server_name example.com ;

    root /var/www/example.com/htdocs;
    index index.php;

    location ~ ^(/[^/]+/)?files/(.+) {
        try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
        access_log off;     log_not_found off; expires max;
    }

    #avoid php readfile()
    location ^~ /blogs.dir {
        internal;
        alias /var/www/example.com/htdocs/wp-content/blogs.dir ;
        access_log off;     log_not_found off; expires max;
    }

    if (!-e $request_filename) {
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
        rewrite ^(/[^/]+)?(/wp-.*) $2 last;
        rewrite ^(/[^/]+)?(/.*\.php) $2 last;
    }

    location / {
        try_files $uri $uri/ /index.php?$args ;
    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass php;
    }

    #add some rules for static content expiry-headers here
}

Ref: https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/

HTTPS in Nginx

在Nginx中打開HTTPS非常簡單(譯者:確實(shí)簡單,但是WordPress要跑正確可不容易,大家記得要保留http的入口,另外后臺設(shè)置的地址記得修改)

server {
    # 同時監(jiān)聽 IPv4 and IPv6 on 443 ,并且打開and enables HTTPS and HTTP/2 support.
    # HTTP/2 is available in nginx 1.9.5 and above.
    listen *:443 ssl http2;
    listen [::]:443 ssl http2;

    # indicate locations of SSL key files.
    ssl_certificate /srv/www/ssl/ssl.crt;
    ssl_certificate_key /srv/www/ssl/ssl.key;
    ssl_dhparam /srv/www/master/ssl/dhparam.pem;
    
    # indicate the server name
    server_name example.com *.example.com;

    # Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    # Set caches, protocols, and accepted ciphers. 
    # This config will merit an A+ SSL Labs score as of Sept 2015.
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA256;
}

Mozilla 提供了一個非常棒的 SSL 配置生成工具。

PS:下面是關(guān)于引用和緩存的一些東西。待續(xù):

WP Super Cache Rules

W3Total Cache Rules

Nginx fastcgi_cache

Better Performance for Static Files in Multisite

Notes

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容