• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question NGINX Directives FPM for Joomla & Wordpress

N

Noise

New Pleskian
Dear peoples

i change from apache cgi & fast cgi to nginx fpm.
i read much and do my directives, but i think i have a lot that is perhaps not needed or missing.

The other thing is i want to create a cdn with 2 subdomain.
Loading static files and cookieless works but gtmetrix says there is no cdn. and please come not use cloudflare I do not want that :)

Can anyone show on my directives and helps me a bit ?

This settings are all per domain not server incl php. Plesk version is up to date (17.8.11 update 21) php 7.2.10
CMS running Joomla 3.8.12 but it would be cool if it ran under wordpress too.

thanks in advance.

p.s. can't post the full code so this is part 1:

php config Additional configuration directives :

Code: 
output_buffering = Off
realpath_cache_size = 1024k
upload_tmp_dir = /tmp
opcache.enable=1
session_cache_limiter(''); >

Main Domain:

MIME types: Default

Handlers: Default

Deny access to the site: Default

Index files: Default

Expires: custom value 14 Days ans set the chop response with Expires headers for static files only

Additional headers: Default

Set chop to: Restrict the ability to follow symbolic links


Additional Apache directives HTTP:


Here I am not sure if Additional Apache directives is right and if it is really meaningful ?

Code: 
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

<IfModule mod_deflate.c>
    # Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml
</IfModule>

## EXPIRES CACHING ##
<IfModule mod_expires.c>
    ExpiresActive On
    FileETag None
    ExpiresDefault "access plus 1 week"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/html "access plus 1 days"
    ExpiresByType application/x-compressed "access plus 1 week"
    ExpiresByType application/x-gzip "access plus 1 week"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType text/css "now plus 1 month"
    ExpiresByType image/ico "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
</IfModule>
## EXPIRES CACHING ##
 
Last edited:
part 2:

Additional Apache directives HTTPS:
Code: 
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

<IfModule mod_deflate.c>
    # Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml
</IfModule>

## EXPIRES CACHING ##
<IfModule mod_expires.c>
    ExpiresActive On
    FileETag None
    ExpiresDefault "access plus 1 week"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/html "access plus 1 days"
    ExpiresByType application/x-compressed "access plus 1 week"
    ExpiresByType application/x-gzip "access plus 1 week"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType text/css "now plus 1 month"
    ExpiresByType image/ico "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
</IfModule>
## EXPIRES CACHING ##

nginx settings:

chop to: Proxy mode
chop to: Smart static files processing
Serve static files directly by nginx are disabled here.

chop to: Enable nginx caching

Cache size: 64mb
Cache timeout: 5 seconds
Cache key: $scheme$request_method$host$request_uri

Cache requests with cookies:
Code: 
_ga
_gid

Additional nginx directives:
Code: 
# location letsencrypt
# ——————————————————
location ~ /.well-known {
    allow all;
}
# rewrite rules
# ——————————————————
if (!-e $request_filename){
    rewrite ^(.*)$ /index.php break;
}

if (!-d $request_filename){
    set $rule_1 2$rule_1;
}
if ($rule_1 = "21"){
    rewrite /. /index.php last;
}
#location ~ / {
    #try_files $uri $uri/ /index.php?$args;
    #}
    # NGINX Gzip Section:
    # ——————————————————
    gzip on;
    gzip_disable "MSIE [1-6]\\.(?!.*SV1)";
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp image/svg+xml;
    gzip_vary on;

    # 404 /Slash Problem
    # ——————————————————
    if (!-e $request_filename) {
        set $test P;
    }
    if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
        set $test "${test}C";
    }

    #——————————————————————————
    # Leverage Browsing Cache #Expire rules for static content

    # cache.appcache, your document html and data
    location ~* ^.+\.(manifest|appcache|html?|xml|less|json)$ {
        expires -1;
        etag on;
        if_modified_since exact;
        add_header Pragma "public";
        #access_log off;
        # access_log logs/static.log; # I don't usually include a static log
    }

    # Feed
    location ~* ^.+\.(rss|atom)$ {
        expires 1h;
        etag on;
        if_modified_since exact;
        add_header Pragma "public";
        #access_log off;
        add_header Cache-Control "public";
    }

    # Media: images, icons, video, audio, text HTC
    location ~* ^.+\.(jpg|jpeg|gif|png|bmp|ico|swf|flv|cur|gz|svg|svgz|mp3|mp4|ogg|wav|ogv|webm|tgz|zip|rar|bz2|doc|pdf|ppt|tar|rtf|txt|htc)$ {
        expires 1M;
        etag on;
        if_modified_since exact;
        add_header Pragma "public";
        add_header Cache-Control "public";
        #access_log off;
    }

    # CSS, Javascript, cgi
    location ~* ^.+\.(css|js?|js|cgi)$ {
        expires 1y;
        etag on;
        if_modified_since exact;
        add_header Pragma "public";
        #access_log off;
        add_header Cache-Control "public";
    }

    # WebFonts
    location ~* ^.+\.(ttf|ttc|otf|eot|woff|woff2)$ {
        expires 1M;
        etag on;
        if_modified_since exact;
        add_header Pragma "public";
        #access_log off;
        add_header Cache-Control “public”;
    }
    #——————————————————————————

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~ /\. {
        deny all;
    }

    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~* /(?:images|files)/.*\.php$ {
        deny all;
    }

    if (!-e $request_filename) {
        rewrite /administrator$ $scheme://$host$uri/ permanent;
        rewrite ^(/[^/]+)?(/wp-.*) $2 last;
        rewrite ^(/[^/]+)?(/.*\.php) $2 last;
    }

    # Global restrictions configuration file.
    # Designed to be included in any server {} block.
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /sitemap.xml {
        log_not_found off;
        access_log off;
    }
    # Display webmanifest instead of download
    location = /images/favicons/site.webmanifest {
        default_type webmanifest;
        log_not_found off;
        access_log off;
    }
 
and least part 3

Sub Domain(s) in my case 2 static and cdn (want need for cookieless domain and cdn:

MIME types: Default

Handlers: Default

Deny access to the site: Default

Index files: Default

Expires: custom value 14 Days ans set the chop response with Expires headers for static files only

Additional headers: Default

Set chop to: Restrict the ability to follow symbolic links

Additional Apache directives
Additional directives for HTTP: none

Additional directives for HTTPS: none


nginx settings:

chop to: Proxy mode
chop to: Smart static files processing
chop to: Enable nginx caching
chop to: Serve static files

chop to: Enable nginx caching
Cache size: 64mb
Cache timeout: 5 seconds
Cache key: $scheme$request_method$host$request_uri

Cache requests with cookies: none


nginx additional directives:
Code: 
# location letsencrypt
# ——————————————————
location ~ /.well-known {
    allow all;
}
rewrite ^/$ http://www.mydomain.com permanent;
location / {
    if ($request_filename ~ "\.(css|js|jpg|jpeg|gif|ico|png|bmp|pict|csv|doc|pdf|pls|ppt|tif|tiff|eps|ejs|swf|midi|mid|ttf|eot|woff|otf|svg|svgz|webp|docx|xlsx|xls|pptx|ps|class|jar|woff2|less|scss)$") {
        add_header Pragma "public";
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        add_header Access-Control-Allow-Origin *;
        access_log off;
        expires 1M;
        break;
    }
    return 302 http://www.mydomain.com$request_uri;
}
# NGINX Gzip Section:
# ——————————————————

gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_disable "MSIE [1-6]\\.(?!.*SV1)";
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/javascript application/javascript application/x-javascript text/xml application/xml application/xml+rss image/x-icon image/bmp image/svg+xml;
gzip_vary on;

# 404 /Slash Problem
# ——————————————————
if (!-e $request_filename) {
    set $test P;
}
if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
    set $test "${test}C";
}
#——————————————————————————
# Leverage Browsing Cache #Expire rules for static content

# cache.appcache, your document html and data
location ~* ^.+\.(manifest|appcache|html?|xml|less|json)$ {
    expires -1;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    proxy_cookie_domain off;
    proxy_cookie_domain localhost www.mydomain.com;
    fastcgi_hide_header "Set-Cookie";
    #access_log off;
}

# Feed
location ~* ^.+\.(rss|atom)$ {
    expires 1h;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    proxy_cookie_domain off;
    proxy_cookie_domain localhost www.mydomain.com;
    fastcgi_hide_header "Set-Cookie";
    #access_log off;
}

# Media: images, icons, video, audio, text HTC
location ~* ^.+\.(jpg|jpeg|gif|png|bmp|ico|swf|flv|cur|gz|svg|svgz|mp3|mp4|ogg|wav|ogv|webm|tgz|zip|rar|bz2|doc|pdf|ppt|tar|rtf|txt|htc)$ {
    expires 1M;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    proxy_cookie_domain off;
    proxy_cookie_domain localhost www.mydomain.com;
    fastcgi_hide_header "Set-Cookie";
    #access_log off;
}

# CSS, Javascript, cgi
location ~* ^.+\.(css|js?|js|cgi)$ {
    expires 1y;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    proxy_cookie_domain off;
    proxy_cookie_domain localhost www.mydomain.com;
    fastcgi_hide_header "Set-Cookie";
    #access_log off;
}

# WebFonts
location ~* ^.+\.(ttf|ttc|otf|eot|woff|woff2)$ {
    expires 1M;
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "public";
    proxy_cookie_domain off;
    proxy_cookie_domain localhost www.mydomain.com;
    fastcgi_hide_header "Set-Cookie";
    #access_log off;
}
#——————————————————————————

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
    deny all;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:images|files)/.*\.php$ {
    deny all;
}
# Global restrictions

location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    return 200 "User-agent: *\nDisallow: /";
}

location = /sitemap.xml {
    log_not_found off;
    access_log off;
}
# Display webmanifest instead of download
location = /images/favicons/site.webmanifest {
    default_type webmanifest;
    log_not_found off;
    access_log off;
}
 
Last edited:
You must log in or register to reply here.

Similar threads

T
Issue Host settings and htaccess behavior in nginx proxy mode
Replies
3
Views
2K
Peter Debik
P
O
Issue .htaccess Expires Headers not working at all
Replies
3
Views
2K
MartinT
M
T
Question Plesk Odoo Nginx Reverse Proxy
Replies
4
Views
4K
Edinson
E
N
Question NGINX & Wordpress(Woocommerce) Setup
Replies
0
Views
1K
nikosvl97
N
S
Apache + Nginx directives
Replies
9
Views
4K
Sally1
S
Back
Top