-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.conf
247 lines (203 loc) · 8.48 KB
/
default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
###################################################################################################
# Rocket-Nginx
#
# Rocket-Nginx is a NGINX configuration to speedup your WordPress
# website with the cache plugin WP-Rocket (http://wp-rocket.me)
#
# Author: Maxime Jobin
# Maintainer: SatelliteWP.com
# URL: https://github.com/satellitewp/rocket-nginx
#
# Tested with WP-Rocket version: 3.10.5
# Tested with NGINX: 1.21.4 (mainline)
#
# Version 3.0.0
#
###################################################################################################
# Add debug information into header
set $rocket_debug 0;
###################################################################################################
# Do not alter theses values
#
set $rocket_bypass 1; # Should NGINX bypass WordPress and call cache file directly ?
set $rocket_encryption ""; # Is GZIP accepted by client ?
set $rocket_file ""; # Filename to look for
set $rocket_is_bypassed "MISS"; # Header text added to check if the bypass worked or not. Header: X-Rocket-Nginx-Serving-Static
set $rocket_reason ""; # Reason why cache file was not used. If cache file is used, what file was used
set $rocket_https_prefix ""; # HTTPS prefix to use when cached files are using HTTPS
set $rocket_has_query_cache 0; # Checks if a query string from URL is found from the cached query string
set $rocket_is_https 0; # Checks if the request is HTTPS
set $rocket_support_webp 0; # Checks if the request supports WebP
set $rocket_dynamic ""; # Dynamic value to add to cached filename
###################################################################################################
# PAGE CACHE
#
# Security header variables
set $appnet_hsts "";
set $appnet_csp "";
if ($https = "on") {
set $appnet_hsts "max-age=31536000; preload";
set $appnet_csp "default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval';";
}
# Define Rocket-Nginx $is_args
set $rocket_is_args $is_args;
set $rocket_uri_path "";
if ($request_uri ~ "^([^?]*)(\?.*)?$") {
set $rocket_uri_path $1;
}
# Is GZIP accepted by client ?
if ($http_accept_encoding ~ gzip) {
set $rocket_encryption "_gzip";
}
# Is Brotli accepted by client ?
if ($http_accept_encoding ~ br) {
set $rocket_encryption "";
}
# Is HTTPS request ?
if ($https = "on") { set $rocket_is_https 1; }
if ($http_x_forwarded_proto = "https") { set $rocket_is_https 1; }
if ($http_front_end_https = "on") { set $rocket_is_https 1; }
if ($http_x_forwarded_protocol = "https") { set $rocket_is_https 1; }
if ($http_x_forwarded_ssl = "on") { set $rocket_is_https 1; }
if ($http_x_url_scheme = "https") { set $rocket_is_https 1; }
if ($http_forwarded ~ /proto=https/) { set $rocket_is_https 1; }
if ($rocket_is_https = "1") {
set $rocket_https_prefix "-https";
}
# Check if request supports WebP ?
if ($http_accept ~* "webp") {
set $rocket_support_webp "1";
}
# Set mobile detection file path
set $rocket_mobile_detection "$document_root/wp-content/cache/wp-rocket/$http_host/$request_uri/.mobile-active";
# Query strings to ignore
set $rocket_args $args;
if ($rocket_args ~ (.*)(?:&|^)utm_source=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)utm_campaign=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)utm_medium=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)utm_expid=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)utm_term=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)utm_content=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)fb_action_ids=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)fb_action_types=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)fb_source=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)fbclid=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)_ga=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)gclid=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)age-verified=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)ao_noptimize=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)usqp=[^&]*(.*)) { set $rocket_args $1$2; }
if ($rocket_args ~ (.*)(?:&|^)cn-reloaded=[^&]*(.*)) { set $rocket_args $1$2; }
# Remove & at the beginning (if needed)
if ($rocket_args ~ ^&(.*)) { set $rocket_args $1; }
# Do not count arguments if part of caching arguments
if ($rocket_args ~ ^\?$) {
set $rocket_is_args "";
}
if ($rocket_args = "") {
set $rocket_is_args "";
}
# Query string to cache
# File/URL to return IF we must bypass WordPress
# Desktop: index.html
# Gzip: index.html_gzip
# HTTPS: index-https.html
# Mobile: index-mobile-https.html
set $rocket_file_start "index$rocket_https_prefix";
set $rocket_pre_url "/wp-content/cache/wp-rocket/$http_host/$rocket_uri_path/$rocket_args/";
set $rocket_pre_file "$document_root/wp-content/cache/wp-rocket/$http_host/$rocket_uri_path/$rocket_args/";
# Standard cache file format
set $rocket_url "$rocket_pre_url$rocket_file_start$rocket_dynamic.html";
set $rocket_file "$rocket_pre_file$rocket_file_start$rocket_dynamic.html";
# Check if gzip version cached file is available
if (-f "$rocket_file$rocket_encryption") {
set $rocket_file "$rocket_file$rocket_encryption";
set $rocket_url "$rocket_url$rocket_encryption";
}
# Do not bypass if the cached file does not exist
if (!-f "$rocket_file") {
set $rocket_bypass 0;
set $rocket_is_bypassed "MISS";
set $rocket_reason "File not cached";
}
# Do not bypass if it's a POST request
if ($request_method = POST) {
set $rocket_bypass 0;
set $rocket_is_bypassed "BYPASS";
set $rocket_reason "POST request";
}
# Do not bypass if arguments are found (e.g. ?page=2)
if ($rocket_is_args) {
set $rocket_bypass 0;
set $rocket_is_bypassed "BYPASS";
set $rocket_reason "Arguments found";
}
# Do not bypass if the site is in maintenance mode
if (-f "$document_root/.maintenance") {
set $rocket_bypass 0;
set $rocket_is_bypassed "BYPASS";
set $rocket_reason "Maintenance mode";
}
# Do not bypass if one of those cookie if found
# wordpress_logged_in_[hash] : When a user is logged in, this cookie is created (we'd rather let WP-Rocket handle that)
# wp-postpass_[hash] : When a protected post requires a password, this cookie is created.
if ($http_cookie ~* "(wordpress_logged_in_|wp\-postpass_|woocommerce_items_in_cart|woocommerce_cart_hash|wptouch_switch_toogle|comment_author_|comment_author_email_)") {
set $rocket_bypass 0;
set $rocket_is_bypassed "BYPASS";
set $rocket_reason "Cookie";
}
if (-f "$rocket_mobile_detection") {
set $rocket_bypass 0;
set $rocket_is_bypassed "BYPASS";
set $rocket_reason "Specific mobile cache activated";
}
# If the bypass token is still on, let's bypass WordPress with the cached URL
if ($rocket_bypass = 1) {
set $rocket_is_bypassed "HIT";
set $rocket_reason "$rocket_url";
}
# Clear variables if debug is not needed
if ($rocket_debug = 0) {
set $rocket_reason "";
set $rocket_file "";
}
# If the bypass token is still on, rewrite according to the file linked to the request
if ($rocket_bypass = 1) {
rewrite .* "$rocket_url" last;
}
# Add header to HTML cached files
location ~ /wp-content/cache/wp-rocket/.*html$ {
etag on;
add_header Vary "Accept-Encoding, Cookie";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Rocket-Nginx-Serving-Static $rocket_is_bypassed;
add_header X-Rocket-Nginx-Reason $rocket_reason;
add_header X-Rocket-Nginx-File $rocket_file;
# Security headers
include /etc/nginx/appnet-nginx/headers.conf;
}
# Do not gzip cached files that are already gzipped
location ~ /wp-content/cache/wp-rocket/.*_gzip$ {
etag on;
gzip off;
types {}
default_type text/html;
add_header Content-Encoding gzip;
add_header Vary "Accept-Encoding, Cookie";
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Rocket-Nginx-Serving-Static $rocket_is_bypassed;
add_header X-Rocket-Nginx-Reason $rocket_reason;
add_header X-Rocket-Nginx-File $rocket_file;
# Security headers
include /etc/nginx/appnet-nginx/headers.conf;
}
# Debug header (when file is not cached)
add_header X-Rocket-Nginx-Serving-Static $rocket_is_bypassed;
add_header X-Rocket-Nginx-Reason $rocket_reason;
add_header X-Rocket-Nginx-File $rocket_file;
# Security headers
include /etc/nginx/appnet-nginx/headers.conf;
# File/folders rotection
include /etc/nginx/appnet-nginx/protection.conf;
# Static files caching
include /etc/nginx/appnet-nginx/static-files.conf;