2014-09-07 21:51:34 +02:00
|
|
|
|
|
|
|
# try for WordPress index.php in /
|
2016-04-25 11:33:12 +02:00
|
|
|
# fall back to index.php + args (passed to php-fpm later)
|
2016-10-19 03:41:46 +02:00
|
|
|
# also serves static files from the disk instead of passing to interpreter.
|
2014-09-07 21:51:34 +02:00
|
|
|
location / {
|
|
|
|
try_files $uri $uri/ /index.php?$args;
|
2016-11-20 16:22:47 +01:00
|
|
|
|
|
|
|
{% if enable_hsts == True %}
|
|
|
|
# Enable this if you want HSTS (recommended, but be careful)
|
|
|
|
# Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
|
|
|
|
# See: https://hstspreload.appspot.com/
|
2021-03-23 14:36:28 +01:00
|
|
|
add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
|
2016-11-20 16:22:47 +01:00
|
|
|
{% endif %}
|
2014-09-07 21:51:34 +02:00
|
|
|
}
|
|
|
|
|
2016-03-12 18:17:40 +01:00
|
|
|
location ~* \.(?:ico|css|js|gif|jpe?g|png|svg)$ {
|
2016-11-14 06:58:46 +01:00
|
|
|
add_header Cache-Control "max-age=604800";
|
2016-11-20 16:22:47 +01:00
|
|
|
|
|
|
|
{% if enable_hsts == True %}
|
|
|
|
# Enable this if you want HSTS (recommended, but be careful)
|
|
|
|
# Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
|
|
|
|
# See: https://hstspreload.appspot.com/
|
2021-03-23 14:36:28 +01:00
|
|
|
add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
|
2016-11-20 16:22:47 +01:00
|
|
|
{% endif %}
|
2014-10-10 10:05:42 +02:00
|
|
|
}
|
|
|
|
|
2014-09-07 21:51:34 +02:00
|
|
|
# Add trailing slash to */wp-admin requests.
|
|
|
|
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
|
|
|
|
|
2015-02-26 15:05:50 +01:00
|
|
|
# Deny access to any files with a .php extension in the uploads directory
|
|
|
|
# Works in sub-directory installs and also in multisite network
|
|
|
|
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
|
|
|
|
location ~* /(?:uploads|files)/.*\.php$ {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
|