NGINX config with WordPress and Moodle

Working config for Moodle config:

nginx.conf file:

user www-data;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

client_max_body_size 20m;
sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;
upstream php {
server unix:/var/run/php/php7.4-fpm.sock;
}
include /etc/nginx/conf.d/*.conf;
}

sites.conf file:

server {
#Version 2.0
#1. IP Restrictions
#allow 14.201.246.57;
#deny all;

client_max_body_size 20M;
access_log /srv/www/lms.dchstudio.com.au/logs/access.log;
error_log /srv/www/lms.dchstudio.com.au/logs/error.log;
server_name www.lms.dchstudio.com.au lms.dchstudio.com.au;# is your website name

root /srv/www/lms.dchstudio.com.au/public_html;

index index.html index.htm index.php;


# We check IP Address against the whitelists
#allow 14.201.246.57;#Testing
#deny all;
# Moodle big fix_rewrite rule
rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
#Exceptions
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
access_log off;
log_not_found off;
}

# Cache Static Files For As Long As Possible
location ~*\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$
{
access_log off;
log_not_found off;
expires max;
}

# pass the PHP scripts to FPM socket
location ~ [^/]\.php(/|$) {
try_files $uri =404;

fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini

include fastcgi_params;
}


#Error outputs:
# error_page 400 /400;
# error_page 401 /401;
# error_page 403 /403;
# error_page 404 /404;
# error_page 500 502 503 504 /500.shtml;

 

Working config for WordPress:

server {
#Version 2.0
#1. IP Restrictions
#allow 14.201.246.57;
#deny all;
listen 80;
client_max_body_size 10M;
access_log /srv/www/blog.bjdch.org/logs/access.log;
error_log /srv/www/blog.bjdch.org/logs/error.log;
server_name www.blog.bjdch.org blog.bjdch.org;# is your website name
root /srv/www/blog.bjdch.org/public_html;

# Rocket-Nginx configuration
include rocket-nginx/default.conf;

index index.html index.htm index.php;

#AJAX Script
location /wp-admin {
location ~ /wp-admin/admin-ajax.php$ {

# Php handler
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
fastcgi_pass php;
fastcgi_param SCRIPT_FILENAME /srv/www/blog.bjdch.org/public_html$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /srv/www/blog.bjdch.org/public_html;
# send bad requests to 404
fastcgi_intercept_errors on;
include fastcgi_params;

}

location /wp-admin {
location ~ /wp-admin/admin-ajax.php$ {

# Php handler
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
fastcgi_pass php;
fastcgi_param SCRIPT_FILENAME /srv/www/blog.bjdch.org/public_html$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /srv/www/blog.bjdch.org/public_html;
# send bad requests to 404
fastcgi_intercept_errors on;
include fastcgi_params;

}


#wp-admin IP and Password Protection

location ~* /wp-admin/.*\.php$ {

# We check IP Address against the whitelists
# allow 14.201.246.57;#Testing
# deny all;

# Then we check the password
auth_basic “All of the user access are recorded. Authorised Personnel Only!”;
auth_basic_user_file /srv/www/blog.bjdch.org/logs/.htpasswd;

# Php handler
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
fastcgi_pass php;

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/www/blog.bjdch.org/public_html/$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /srv/www/blog.bjdch.org/public_html;
# send bad requests to 404
fastcgi_intercept_errors on;
include fastcgi_params;
}
}

#Exceptions
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
access_log off;
log_not_found off;

fastcgi_param DOCUMENT_ROOT /srv/www/blog.bjdch.org/public_html;
# send bad requests to 404
fastcgi_intercept_errors on;
include fastcgi_params;
}
}

#Exceptions
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
access_log off;
log_not_found off;
}

# Cache Static Files For As Long As Possible
location ~*\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|$
{
access_log off;
log_not_found off;
expires max;
}
# Security Settings For Better Privacy Deny Hidden Files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}

# Disallow PHP In Upload Folder
location /wp-content/uploads/ {
location ~ \.php$ {
deny all;
}
}
# Return 403 Forbidden For readme.(txt|html) or license.(txt|html)
if ($request_uri ~* “^.+(readme|license)\.(txt|html)$”) {
return 403;
}

#WP Rewrite
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
#index index.html index.htm index.php;

rewrite ^.*/files/(.*)$ /wp-includes/ms-files.php?file=$1 last;
if (!-e $request_filename) {
rewrite ^.+?(/wp-.*) $1 last;

rewrite ^.+?(/.*\.php)$ $1 last;
rewrite ^ /index.php last;
}
# index index.html index.htm index.php;

}

# pass the PHP scripts to FPM socket
location ~ \.php$ {
try_files $uri =404;

fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini

fastcgi_pass php;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /srv/www/blog.bjdch.org/public_html$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /srv/www/blog.bjdch.org/public_html;

# send bad requests to 404
fastcgi_intercept_errors on;

include fastcgi_params;
}


#Error outputs:
error_page 400 /400;
error_page 401 /401;
error_page 403 /403;
error_page 404 /404;
error_page 500 502 503 504 /500.shtml;

}