If you plan to run high traffic wordpress blog(wordpress nginx), i would suggest to run it in virtual private server (VPS) or dedicated server together with NGINX FastCGI Caching.
Besides the low memory consumption when using Nginx as a web server, it has a fast performance. When you combine Nginx and FastCGI Caching module, you will further enhance the performance of your web application, including a WordPress site.
This can be an alternative to NGINX + Varnish setup that uses caching technology to accelerate the performance of wordpress site.
Nginx FastCGI module has instructions for caching dynamic content that is served through a PHP backend.
When a web page is cached, repeated requests for the same page with quickly returned to a customer by the nginx web server because it comes from the cache location.
The following tutorial will guide you to setup WordPress Nginx in CentOS 7 VPS. This setup has been tested in linode 4GB and ramnode 2GB VPS.
Prerequisites :
a) Assume that the linux CentOS 7 VPS has been setup properly with Mariadb as a database and Nginx as a web server run together with PHP-FPM.
b) You have domain name for your wordpress site and dns record pointing to your VPS ip address.
www.ehowstuff.local -> 10.9.8.7
1. To install Nginx in CentOS run the following commands to create Nginx repository file in CentOS.
vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
2. To install nginx, php, php-mysql MariaDB server, run the following command :
# yum install nginx php php-mysql php-fpm mariadb-server
3. Configure php-fpm :
Below are the configuration value for 4Gb ram VPS :
# vi /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
listen.mode = 0666
user = nginx
group = nginx
pm = dynamic
pm.max_children = 20
pm.start_servers = 15
pm.min_spare_servers = 15
pm.max_spare_servers = 15
pm.max_requests = 500
4. Configure NGINX with FastCGI Caching :
This is the main configuration file for Nginx.
# vi /etc/nginx/nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format blocked '$time_local: Blocked request from $remote_addr $request';
access_log /var/log/nginx/access.log main;
include /etc/nginx/conf.d/common.conf;
include /etc/nginx/conf.d/gzip.conf;
#FastCGI Cache and other configuration options
include /etc/nginx/conf.d/option.conf;
#Nginx for WordPress and security
include /etc/nginx/conf.d/wordpress.conf;
#Configure Nginx Fast-CGI Cache Exceptions
include /etc/nginx/conf.d/fastcgi_no_cache.conf;
#Multiple wordpress sites container
include /etc/nginx/sites-available/*.conf;
}
It is recommended to split a custom configuration of the original nginx.conf to make it easier to read and do modification.
# vi /etc/nginx/conf.d/common.conf
# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
log_not_found off;
access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires 30d;
# expires max;
add_header Pragma no-cache;
add_header Cache-Control "public";
}
vi /etc/nginx/conf.d/gzip.conf
gzip on;
gzip_comp_level 6;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_types text/css text/x-component application/ecmascript application/json application/pdf application/javascript application/x-javascript text/javascript application/postscript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
gzip_http_version 1.1;
gzip_vary on;
vi /etc/nginx/conf.d/option.conf
## FAST-CGI Configurations
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=WPCACHE:1024m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
add_header X-Fastcgi-Cache $upstream_cache_status;
## Other server option
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_requests 100000;
reset_timedout_connection on;
port_in_redirect off;
client_body_timeout 1460;
client_header_timeout 1460;
client_max_body_size 10m;
send_timeout 1460;
keepalive_timeout 1300;
vi /etc/nginx/conf.d/wordpress.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
# SECURITY : Zero day Exploit Protection
try_files $uri =404;
# ENABLE : Enable PHP, listen fpm sock
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
##Added below for fastcgi_cache
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache WPCACHE;
fastcgi_cache_valid 200 60m;
fastcgi_cache_valid 404 60m;
fastcgi_max_temp_file_size 4m;
fastcgi_cache_use_stale updating;
fastcgi_cache_methods GET HEAD; # Only GET and HEAD methods apply
add_header X-Fastcgi-Cache $upstream_cache_status;
}
# Deny access to htaccess files
location ~ /\. {
deny all;
}
# Deny access to .php files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*.(php|phps)$ {
deny all;
}
## Block SQL injections
location ~* union.*select.*\( {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* union.*all.*select.* {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* concat.*\( {access_log /var/log/nginx/*.*.log blocked; deny all;}
#
### Block common exploits
location ~* (< |%3C).*script.*(>|%3E) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* base64_(en|de)code\(.*\) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* (%24&x) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* \.\.\/ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* ~$ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* proc/self/environ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* /\.(htaccess|htpasswd|svn) {access_log /var/log/nginx/*.*.log blocked; deny all;}
#
### Block file injections
location ~* [a-zA-Z0-9_]=(\.\.//?)+ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ {access_log /var/log/nginx/*.*.log blocked; deny all;}
#
### wordpress security
location ~* wp-config.php {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* wp-admin/includes {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* wp-admin/setup-config.php {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* wp-app\.log {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* (licence|readme|license)\.(html|txt) {access_log /var/log/nginx/*.*.log blocked; deny all;}
# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
Configure Cache Exceptions :
vi /etc/nginx/conf.d/fastcgi_no_cache.conf
set $no_cache 0;
# POST requests and URLs with a query string should always go to PHP
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $no_cache 1;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
|sitemap(_index)?.xml") {
set $no_cache 1;
}
# Don't use the cache for logged-in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
# mkdir -p /etc/nginx/sites-available
vi /etc/nginx/sites-available/ehowstuff.local.conf
Add below information :
server {
listen 80;
server_name ehowstuff.local;
rewrite ^/(.*)$ http://www.ehowstuff.local/$1 permanent;
}
server {
server_name www.ehowstuff.local;
root /var/www/html/ehowstuff;
access_log /var/log/nginx/ehowstuff.local.access.log;
error_log /var/log/nginx/ehowstuff.local.error.log;
3. Create a database for wordpress site with your prefered user and password :
MariaDB [wordpressdb]> CREATE DATABASE wordpressdb;
MariaDB [wordpressdb]> CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspassword';
MariaDB [wordpressdb]> GRANT ALL PRIVILEGES ON wordpressdb.* to wordpressuser@localhost;
Extract the wordpress file into web server root directory :
# cd /var/www/html/
# wget http://wordpress.org/latest.tar.gz
# tar xzvf latest.tar.gz
# mv wordpress /var/www/html/ehowstuff
You can follow this steps to install wordpress on CentOS.
4. Start the services and make it auto start at boot :
# systemctl restart nginx && systemctl restart php-fpm && systemctl restart mariadb
# systemctl enable nginx && systemctl enable php-fpm && systemctl enable mariadb