fastcgi_cache_path or proxy_cache_path directive."
+msgstr ""
+
+#: includes/settings-page.php:23
+#: includes/settings-page.php:36
+#: nginx-cache.php:128
+msgid "Purge Cache"
+msgstr ""
+
+#: includes/settings-page.php:27
+msgid "Automatically flush the cache when content changes"
+msgstr ""
+
+#: nginx-cache.php:80
+msgid "Cache purged."
+msgstr ""
+
+#: nginx-cache.php:85
+msgid "Cache could not be purged. %s"
+msgstr ""
+
+#: nginx-cache.php:120
+msgid "Nginx"
+msgstr ""
+
+#: nginx-cache.php:155
+msgid "Settings"
+msgstr ""
+
+#: nginx-cache.php:177
+msgid "\"Cache Zone Path\" is not set."
+msgstr ""
+
+#: nginx-cache.php:183
+msgid "\"Cache Zone Path\" does not exist."
+msgstr ""
+
+#: nginx-cache.php:187
+msgid "\"Cache Zone Path\" is not a directory."
+msgstr ""
+
+#: nginx-cache.php:193
+msgid "\"Cache Zone Path\" does not appear to be a Nginx cache zone directory."
+msgstr ""
+
+#: nginx-cache.php:197
+msgid "\"Cache Zone Path\" is not writable."
+msgstr ""
+
+#: nginx-cache.php:204
+msgid "Filesystem API could not be initialized."
+msgstr ""
diff --git a/conf/nginx-cache-custom/nginx-cache.php b/conf/nginx-cache-custom/nginx-cache.php
new file mode 100644
index 0000000..89fee6c
--- /dev/null
+++ b/conf/nginx-cache-custom/nginx-cache.php
@@ -0,0 +1,316 @@
+screen, array( $this, 'do_admin_actions' ) );
+ add_action( 'load-' . $this->screen, array( $this, 'add_settings_notices' ) );
+ }
+
+ public function register_purge_actions() {
+
+ // use `nginx_cache_purge_actions` filter to alter default purge actions
+ $purge_actions = (array) apply_filters(
+ 'nginx_cache_purge_actions',
+ array(
+ 'publish_phone', 'save_post', 'edit_post', 'delete_post', 'wp_trash_post', 'clean_post_cache',
+ 'trackback_post', 'pingback_post', 'comment_post', 'edit_comment', 'delete_comment', 'wp_set_comment_status',
+ 'switch_theme', 'wp_update_nav_menu', 'edit_user_profile_update'
+ )
+ );
+
+ foreach ( $purge_actions as $action ) {
+ if ( did_action( $action ) ) {
+ $this->purge_zone_once();
+ } else {
+ add_action( $action, array( $this, 'purge_zone_once' ) );
+ }
+ }
+
+ }
+
+ public function register_settings() {
+
+ register_setting( 'nginx-cache', 'nginx_cache_path', 'sanitize_text_field' );
+ register_setting( 'nginx-cache', 'nginx_auto_purge', 'absint' );
+
+ }
+
+ public function add_settings_notices() {
+
+// $path_error = $this->is_valid_path();
+
+ if ( isset( $_GET[ 'message' ] ) && ! isset( $_GET[ 'settings-updated' ] ) ) {
+
+ // show cache purge success message
+ if ( $_GET[ 'message' ] === 'cache-purged' ) {
+ add_settings_error( '', 'nginx_cache_path', __( 'Cache purged.', 'nginx-cache' ), 'updated' );
+ }
+
+ // show cache purge failure message
+ if ( $_GET[ 'message' ] === 'purge-cache-failed' ) {
+ add_settings_error( '', 'nginx_cache_path', sprintf( __( 'Cache could not be purged. %s', 'nginx-cache' ), wptexturize( $path_error->get_error_message() ) ) );
+ }
+
+ } elseif ( is_wp_error( $path_error ) && $path_error->get_error_code() === 'fs' ) {
+
+ // show cache path problem message
+ add_settings_error( '', 'nginx_cache_path', wptexturize( $path_error->get_error_message( 'fs' ) ) );
+
+ }
+
+ }
+
+ public function do_admin_actions() {
+
+ // purge cache
+ if ( isset( $_GET[ 'action' ] ) && $_GET[ 'action' ] === 'purge-cache' && wp_verify_nonce( $_GET[ '_wpnonce' ], 'purge-cache' ) ) {
+
+ $result = $this->purge_zone();
+ wp_safe_redirect( admin_url( add_query_arg( 'message', is_wp_error( $result ) ? 'purge-cache-failed' : 'cache-purged', $this->admin_page ) ) );
+ exit;
+
+ }
+
+ }
+
+ public function add_admin_bar_node( $wp_admin_bar ) {
+
+ // verify user capability
+ if ( ! current_user_can( $this->capability ) ) {
+ return;
+ }
+
+ // add "Nginx" node to admin-bar
+ $wp_admin_bar->add_node( array(
+ 'id' => 'nginx-cache',
+ 'title' => __( 'Nginx', 'nginx-cache' ),
+ 'href' => admin_url( $this->admin_page )
+ ) );
+
+ // add "Purge Cache" to "Nginx" node
+ $wp_admin_bar->add_node( array(
+ 'parent' => 'nginx-cache',
+ 'id' => 'purge-cache',
+ 'title' => __( 'Purge Cache', 'nginx-cache' ),
+ 'href' => wp_nonce_url( admin_url( add_query_arg( 'action', 'purge-cache', $this->admin_page ) ), 'purge-cache' )
+ ) );
+
+ }
+
+ public function add_admin_menu_page() {
+
+ // add "Tools" sub-page
+ add_management_page(
+ __( 'Nginx Cache', 'nginx-cache' ),
+ __( 'Nginx Cache', 'nginx-cache' ),
+ $this->capability,
+ 'nginx-cache',
+ array( $this, 'show_settings_page' )
+ );
+
+ }
+
+ public function show_settings_page() {
+ require_once plugin_dir_path( __FILE__ ) . '/includes/settings-page.php';
+ }
+
+ public function add_plugin_actions_links( $links ) {
+
+ // add settings link to plugin actions
+ return array_merge(
+ array( '' . __( 'Settings', 'nginx-cache' ) . '' ),
+ $links
+ );
+
+ }
+
+ public function enqueue_admin_styles( $hook_suffix ) {
+
+ if ( $hook_suffix === $this->screen ) {
+ $plugin = get_plugin_data( __FILE__ );
+ wp_enqueue_style( 'nginx-cache', plugin_dir_url( __FILE__ ) . 'includes/settings-page.css', null, $plugin[ 'Version' ] );
+ }
+
+ }
+
+ private function is_valid_path() {
+
+ global $wp_filesystem;
+
+ $path = get_option( 'nginx_cache_path' );
+
+ if ( empty( $path ) ) {
+ return new WP_Error( 'empty', __( '"Cache Zone Path" is not set.', 'nginx-cache' ) );
+ }
+
+ if ( $this->initialize_filesystem() ) {
+
+ if ( ! $wp_filesystem->exists( $path ) ) {
+ return new WP_Error( 'fs', __( '"Cache Zone Path" does not exist.', 'nginx-cache' ) );
+ }
+
+ if ( ! $wp_filesystem->is_dir( $path ) ) {
+ return new WP_Error( 'fs', __( '"Cache Zone Path" is not a directory.', 'nginx-cache' ) );
+ }
+
+ $list = $wp_filesystem->dirlist( $path, true, true );
+
+ if ( is_array( $list ) && ! $this->validate_dirlist( $list ) ) {
+ return new WP_Error( 'fs', __( '"Cache Zone Path" does not appear to be a Nginx cache zone directory.', 'nginx-cache' ) );
+ }
+
+ if ( ! $wp_filesystem->is_writable( $path ) ) {
+ return new WP_Error( 'fs', __( '"Cache Zone Path" is not writable.', 'nginx-cache' ) );
+ }
+
+ return true;
+
+ }
+
+ return new WP_Error( 'fs', __( 'Filesystem API could not be initialized.', 'nginx-cache' ) );
+
+ }
+
+ private function validate_dirlist( $list ) {
+
+ foreach ( $list as $item ) {
+
+ // abort if file is not a MD5 hash
+ if ( $item[ 'type' ] === 'f' && ( strlen( $item[ 'name' ] ) !== 32 || ! ctype_xdigit( $item[ 'name' ] ) ) ) {
+ return false;
+ }
+
+ // validate subdirectories recursively
+ if ( $item[ 'type' ] === 'd' && ! $this->validate_dirlist( $item[ 'files' ] ) ) {
+ return false;
+ }
+
+ }
+
+ return true;
+
+ }
+
+ public function purge_zone_once() {
+
+ static $completed = false;
+
+ if ( ! $completed ) {
+ $this->purge_zone();
+ $completed = true;
+ }
+
+ }
+
+ private function purge_zone() {
+
+ global $wp_filesystem;
+
+ if ( ! $this->should_purge() ) {
+ return false;
+ }
+
+// $path = get_option( 'nginx_cache_path' );
+// $path_error = $this->is_valid_path();
+
+ // abort if cache zone path is not valid
+// if ( is_wp_error( $path_error ) ) {
+// return $path_error;
+// }
+
+ // delete cache directory (recursively)
+// $wp_filesystem->rmdir( $path, true );
+
+ // recreate empty cache directory
+// $wp_filesystem->mkdir( $path );
+
+ system('sudo /bin/rm -r /var/run/nginx-cache/APP_NAME/*');
+
+ do_action( 'nginx_cache_zone_purged', $path );
+
+ return true;
+
+ }
+
+ private function should_purge() {
+
+ $post_type = get_post_type();
+
+ if ( ! $post_type ) {
+ return true;
+ }
+
+ if ( ! in_array( $post_type, (array) apply_filters( 'nginx_cache_excluded_post_types', array() ) ) ) {
+ return true;
+ }
+
+ return false;
+ }
+
+ private function initialize_filesystem() {
+
+ $path = get_option( 'nginx_cache_path' );
+
+ // if the cache directory doesn't exist, try to create it
+ if ( ! file_exists( $path ) ) {
+ mkdir( $path );
+ }
+
+ // load WordPress file API?
+ if ( ! function_exists( 'request_filesystem_credentials' ) ) {
+ require_once ABSPATH . 'wp-admin/includes/file.php';
+ }
+
+ ob_start();
+ $credentials = request_filesystem_credentials( '', '', false, $path, null, true );
+ ob_end_clean();
+
+ if ( $credentials === false ) {
+ return false;
+ }
+
+ if ( ! WP_Filesystem( $credentials, $path, true ) ) {
+ return false;
+ }
+
+ return true;
+
+ }
+
+}
+
+new NginxCache;
diff --git a/conf/nginx-cache-custom/readme.txt b/conf/nginx-cache-custom/readme.txt
new file mode 100644
index 0000000..b6bb44a
--- /dev/null
+++ b/conf/nginx-cache-custom/readme.txt
@@ -0,0 +1,66 @@
+=== Nginx Cache ===
+Contributors: tillkruess
+Donate link: https://github.com/sponsors/tillkruss
+Tags: nginx, nginx cache, cache, caching, purge, purge cache, flush, flush cache, server, performance, optimize, speed, load, fastcgi, fastcgi purge, proxy, proxy purge, reverse proxy
+Requires at least: 3.1
+Tested up to: 5.6
+Stable tag: 1.0.5
+License: GPLv3
+License URI: http://www.gnu.org/licenses/gpl-3.0.html
+
+Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.
+
+
+== Description ==
+
+Purge the [Nginx](http://nginx.org) cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.
+
+Requirements:
+
+ * The [Filesystem API](http://codex.wordpress.org/Filesystem_API) needs to function without asking for credentials.
+ * Nginx and PHP need to run under the same user, or PHP's user needs write access to Nginx's cache path.
+
+
+== Installation ==
+
+For detailed installation instructions, please read the [standard installation procedure for WordPress plugins](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins).
+
+1. Install and activate plugin.
+2. Enter "Cache Zone Path" under _Tools -> Nginx_.
+3. Done.
+
+
+== Screenshots ==
+
+1. Plugin settings page.
+
+
+== Changelog ==
+
+= 1.0.5 =
+
+ * Added `nginx_cache_zone_purged` action
+
+= 1.0.4 =
+
+ * Improved translatable strings
+ * Fixed auto-purge bug
+ * Fixed bug when validating directory
+
+= 1.0.3 =
+
+ * Create cache directory if it doesn't exists
+ * Re-create cache directory after cache purge
+ * Allow post types to be excluded from triggering a cache purge
+
+= 1.0.2 =
+
+ * Fixed 4.6 issue with file-system credentials
+
+= 1.0.1 =
+
+ * Improved testing of file-system credentials
+
+= 1.0 =
+
+ * Initial release
diff --git a/conf/nginx-cache.conf b/conf/nginx-cache.conf
new file mode 100644
index 0000000..bdc0279
--- /dev/null
+++ b/conf/nginx-cache.conf
@@ -0,0 +1,312 @@
+#--MULTISITE--if (!-e $request_filename) {
+ #--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+ #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last;
+ #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last;
+#--MULTISITE--}
+
+# fallback for robots.txt with default wordpress rules
+location @robots {
+ return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
+}
+
+location @empty_gif {
+ empty_gif;
+}
+
+add_header X-fastcgi-cache $upstream_cache_status;
+
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
+
+ # Path to source
+ alias __FINALPATH__/;
+
+ index index.php;
+ if (!-e $request_filename)
+ {
+ rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
+ }
+
+ # Force usage of https
+ if ($scheme = http) {
+ rewrite ^ https://$server_name$request_uri? permanent;
+ }
+
+ client_max_body_size 1G;
+ location ~ [^/]\.php(/|$) {
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ fastcgi_cache_bypass $skip_cache;
+ fastcgi_no_cache $skip_cache;
+ fastcgi_cache __NAME__;
+ fastcgi_cache_valid 60m;
+ }
+
+ ##### CACHE CONFIGURATION #####
+
+ set $skip_cache 0;
+
+ # POST requests and urls with a query string should always go to PHP
+ if ($request_method = POST) {
+ set $skip_cache 1;
+ }
+ if ($query_string != "") {
+ set $skip_cache 1;
+ }
+
+ # Don't cache uris containing the following segments
+ if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
+ set $skip_cache 1;
+ }
+
+ # Don't use the cache for logged in users or recent commenters
+ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
+ set $skip_cache 1;
+ }
+
+ location ~ /purge(/.*) {
+ fastcgi_cache_purge __NAME__ "$scheme$request_method$host$1";
+ }
+
+ location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+ access_log off; log_not_found off; expires max;
+ }
+
+ location ~ /\. { deny all; access_log off; log_not_found off; }
+
+ ##### SECURITY CONFIGURATION #####
+
+ location = /wp-login.php {
+ limit_req zone=one burst=1 nodelay;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ fastcgi_cache_bypass $skip_cache;
+ fastcgi_no_cache $skip_cache;
+ fastcgi_cache __NAME__;
+ fastcgi_cache_valid 60m;
+ }
+ # Prevent DoS attacks on wp-cron
+ location = /wp-cron.php {
+ limit_req zone=two burst=1 nodelay;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ fastcgi_cache_bypass $skip_cache;
+ fastcgi_no_cache $skip_cache;
+ fastcgi_cache __NAME__;
+ fastcgi_cache_valid 60m;
+ }
+ # Prevent DoS attacks with xmlrpc.php
+ location = /xmlrpc.php {
+ limit_req zone=two burst=1 nodelay;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ fastcgi_cache_bypass $skip_cache;
+ fastcgi_no_cache $skip_cache;
+ fastcgi_cache __NAME__;
+ fastcgi_cache_valid 60m;
+ }
+ # Disable wp-config.txt
+ location = /wp-config.txt {
+ deny all;
+ access_log off;
+ log_not_found off;
+ }
+ location = /robots.txt {
+ # Some WordPress plugin gererate robots.txt file
+ # Refer #340 issue
+ try_files $uri $uri/ /index.php?$args @robots;
+ access_log off;
+ log_not_found off;
+ }
+ # webp rewrite rules for jpg and png images
+ # try to load alternative image.png.webp before image.png
+ location /wp-content/uploads {
+ location ~ \.(png|jpe?g)$ {
+ add_header Vary "Accept-Encoding";
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ try_files $uri$webp_suffix $uri =404;
+ }
+ location ~* \.(php|gz|log|zip|tar|rar|xz)$ {
+ #Prevent Direct Access Of PHP Files & Backups from Web Browsers
+ deny all;
+ }
+ }
+ # webp rewrite rules for EWWW testing image
+ location /wp-content/plugins/ewww-image-optimizer/images {
+ location ~ \.(png|jpe?g)$ {
+ add_header Vary "Accept-Encoding";
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ try_files $uri$webp_suffix $uri =404;
+ }
+ location ~ \.php$ {
+ #Prevent Direct Access Of PHP Files From Web Browsers
+ deny all;
+ }
+ }
+ # enable gzip on static assets - php files are forbidden
+ location /wp-content/cache {
+ # Cache css & js files
+ location ~* \.(?:css(\.map)?|js(\.map)?|.html)$ {
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ access_log off;
+ log_not_found off;
+ expires 30d;
+ }
+ location ~ \.php$ {
+ #Prevent Direct Access Of PHP Files From Web Browsers
+ deny all;
+ }
+ }
+ # Deny access to any files with a .php extension in the uploads directory
+ # Works in sub-directory installs and also in multisite network
+ # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+ location ~* /(?:uploads|files)/.*\.php$ {
+ deny all;
+ }
+ # mitigate DoS attack CVE with WordPress script concatenation
+ # add the following line to wp-config.php
+ # define( 'CONCATENATE_SCRIPTS', false );
+ location ~ \/wp-admin\/load-(scripts|styles).php {
+ deny all;
+ }
+ # Protect Easy Digital Download files from being accessed directly.
+ location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ {
+ rewrite / permanent;
+ }
+
+ ##### ADDITIONAL LOCATIONS #####
+
+ # Basic locations files
+ location = /favicon.ico {
+ try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif;
+ access_log off;
+ log_not_found off;
+ expires max;
+ }
+
+ # Cache static files
+ location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ {
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ }
+ # Cache css & js files
+ location ~* \.(?:css(\.map)?|js(\.map)?)$ {
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires 30d;
+ }
+ # Security settings for better privacy
+ # Deny hidden files
+ location ~ /\.(?!well-known\/) {
+ deny all;
+ }
+ # letsencrypt validation
+ location /.well-known/acme-challenge/ {
+ alias /var/www/html/.well-known/acme-challenge/;
+ allow all;
+ auth_basic off;
+ }
+ # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
+ location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
+ deny all;
+ }
+ # Deny backup extensions & log files and return 403 forbidden
+ location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
+ deny all;
+ }
+ location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
+ deny all;
+ }
+
+ # block base64_encoded content
+ location ~* "(base64_encode)(.*)(\()" {
+ deny all;
+ }
+
+ # block javascript eval()
+ location ~* "(eval\()" {
+ deny all;
+ }
+
+ # Additional security settings
+
+ location ~* "(127\.0\.0\.1)" {
+ deny all;
+ }
+ location ~* "([a-z0-9]{2000})" {
+ deny all;
+ }
+ location ~* "(javascript\:)(.*)(\;)" {
+ deny all;
+ }
+ location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
+ deny all;
+ }
+ location ~* "(<|%3C).*script.*(>|%3)" {
+ deny all;
+ }
+ location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
+ deny all;
+ }
+ location ~* "(boot\.ini|etc/passwd|self/environ)" {
+ deny all;
+ }
+ location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
+ deny all;
+ }
+ location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
+ deny all;
+ }
+ location ~* "(https?|ftp|php):/" {
+ deny all;
+ }
+ location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
+ deny all;
+ }
+ location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
+ deny all;
+ }
+ location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
+ deny all;
+ }
+
+ # Include SSOWAT user panel.
+ include conf.d/yunohost_panel.conf.inc;
+}
\ No newline at end of file
diff --git a/conf/nginx-standard.conf b/conf/nginx-standard.conf
new file mode 100644
index 0000000..c962095
--- /dev/null
+++ b/conf/nginx-standard.conf
@@ -0,0 +1,268 @@
+#--MULTISITE--if (!-e $request_filename) {
+ #--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+ #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last;
+ #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last;
+#--MULTISITE--}
+
+# fallback for robots.txt with default wordpress rules
+location @robots {
+ return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
+}
+
+location @empty_gif {
+ empty_gif;
+}
+
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
+
+ # Path to source
+ alias __FINALPATH__/;
+
+ index index.php;
+ if (!-e $request_filename)
+ {
+ rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
+ }
+
+ # Force usage of https
+ if ($scheme = http) {
+ rewrite ^ https://$server_name$request_uri? permanent;
+ }
+
+ client_max_body_size 1G;
+ location ~ [^/]\.php(/|$) {
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ }
+
+ location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+ access_log off; log_not_found off; expires max;
+ }
+
+ location ~ /\. { deny all; access_log off; log_not_found off; }
+
+ ##### SECURITY CONFIGURATION #####
+
+ location = /wp-login.php {
+ limit_req zone=one burst=1 nodelay;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ }
+ # Prevent DoS attacks on wp-cron
+ location = /wp-cron.php {
+ limit_req zone=two burst=1 nodelay;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ }
+ # Prevent DoS attacks with xmlrpc.php
+ location = /xmlrpc.php {
+ limit_req zone=two burst=1 nodelay;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $request_filename;
+ try_files $uri =404;
+ }
+ # Disable wp-config.txt
+ location = /wp-config.txt {
+ deny all;
+ access_log off;
+ log_not_found off;
+ }
+ location = /robots.txt {
+ # Some WordPress plugin gererate robots.txt file
+ # Refer #340 issue
+ try_files $uri $uri/ /index.php?$args @robots;
+ access_log off;
+ log_not_found off;
+ }
+ # webp rewrite rules for jpg and png images
+ # try to load alternative image.png.webp before image.png
+ location /wp-content/uploads {
+ location ~ \.(png|jpe?g)$ {
+ add_header Vary "Accept-Encoding";
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ try_files $uri$webp_suffix $uri =404;
+ }
+ location ~* \.(php|gz|log|zip|tar|rar|xz)$ {
+ #Prevent Direct Access Of PHP Files & Backups from Web Browsers
+ deny all;
+ }
+ }
+ # webp rewrite rules for EWWW testing image
+ location /wp-content/plugins/ewww-image-optimizer/images {
+ location ~ \.(png|jpe?g)$ {
+ add_header Vary "Accept-Encoding";
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ try_files $uri$webp_suffix $uri =404;
+ }
+ location ~ \.php$ {
+ #Prevent Direct Access Of PHP Files From Web Browsers
+ deny all;
+ }
+ }
+ # enable gzip on static assets - php files are forbidden
+ location /wp-content/cache {
+ # Cache css & js files
+ location ~* \.(?:css(\.map)?|js(\.map)?|.html)$ {
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ access_log off;
+ log_not_found off;
+ expires 30d;
+ }
+ location ~ \.php$ {
+ #Prevent Direct Access Of PHP Files From Web Browsers
+ deny all;
+ }
+ }
+ # Deny access to any files with a .php extension in the uploads directory
+ # Works in sub-directory installs and also in multisite network
+ # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+ location ~* /(?:uploads|files)/.*\.php$ {
+ deny all;
+ }
+ # mitigate DoS attack CVE with WordPress script concatenation
+ # add the following line to wp-config.php
+ # define( 'CONCATENATE_SCRIPTS', false );
+ location ~ \/wp-admin\/load-(scripts|styles).php {
+ deny all;
+ }
+ # Protect Easy Digital Download files from being accessed directly.
+ location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ {
+ rewrite / permanent;
+ }
+
+ ##### ADDITIONAL LOCATIONS #####
+
+ # Basic locations files
+ location = /favicon.ico {
+ try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif;
+ access_log off;
+ log_not_found off;
+ expires max;
+ }
+
+ # Cache static files
+ location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ {
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ }
+ # Cache css & js files
+ location ~* \.(?:css(\.map)?|js(\.map)?)$ {
+ more_set_headers 'Access-Control-Allow-Origin : *';
+ more_set_headers "Cache-Control : public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires 30d;
+ }
+ # Security settings for better privacy
+ # Deny hidden files
+ location ~ /\.(?!well-known\/) {
+ deny all;
+ }
+ # letsencrypt validation
+ location /.well-known/acme-challenge/ {
+ alias /var/www/html/.well-known/acme-challenge/;
+ allow all;
+ auth_basic off;
+ }
+ # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
+ location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
+ deny all;
+ }
+ # Deny backup extensions & log files and return 403 forbidden
+ location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
+ deny all;
+ }
+ location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
+ deny all;
+ }
+
+ # block base64_encoded content
+ location ~* "(base64_encode)(.*)(\()" {
+ deny all;
+ }
+
+ # block javascript eval()
+ location ~* "(eval\()" {
+ deny all;
+ }
+
+ # Additional security settings
+
+ location ~* "(127\.0\.0\.1)" {
+ deny all;
+ }
+ location ~* "([a-z0-9]{2000})" {
+ deny all;
+ }
+ location ~* "(javascript\:)(.*)(\;)" {
+ deny all;
+ }
+ location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
+ deny all;
+ }
+ location ~* "(<|%3C).*script.*(>|%3)" {
+ deny all;
+ }
+ location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
+ deny all;
+ }
+ location ~* "(boot\.ini|etc/passwd|self/environ)" {
+ deny all;
+ }
+ location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
+ deny all;
+ }
+ location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
+ deny all;
+ }
+ location ~* "(https?|ftp|php):/" {
+ deny all;
+ }
+ location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
+ deny all;
+ }
+ location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
+ deny all;
+ }
+ location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
+ deny all;
+ }
+
+ # Include SSOWAT user panel.
+ include conf.d/yunohost_panel.conf.inc;
+}
\ No newline at end of file
diff --git a/conf/nginx.conf b/conf/nginx.conf
deleted file mode 100644
index 2b5cf35..0000000
--- a/conf/nginx.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-#--MULTISITE--if (!-e $request_filename) {
- #--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent;
- #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last;
- #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last;
-#--MULTISITE--}
-
-#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
-location __PATH__/ {
-
- # Path to source
- alias __FINALPATH__/;
-
- index index.php;
- if (!-e $request_filename)
- {
- rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
- }
-
- # Force usage of https
- if ($scheme = http) {
- rewrite ^ https://$server_name$request_uri? permanent;
- }
-
- client_max_body_size 30m;
- location ~ [^/]\.php(/|$) {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param REMOTE_USER $remote_user;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- }
-
- # Include SSOWAT user panel.
- include conf.d/yunohost_panel.conf.inc;
-}
diff --git a/conf/sql/multisite.sql b/conf/sql/multisite.sql
index 075381a..75f37ca 100644
--- a/conf/sql/multisite.sql
+++ b/conf/sql/multisite.sql
@@ -1 +1 @@
-REPLACE INTO wp_sitemeta VALUES(NULL,1,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}');
+REPLACE INTO __DB_PREFIX__sitemeta VALUES(NULL,1,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}');
diff --git a/conf/sql/single.sql b/conf/sql/single.sql
index 9a3c8bd..2a8d81a 100644
--- a/conf/sql/single.sql
+++ b/conf/sql/single.sql
@@ -1 +1 @@
-REPLACE INTO wp_options VALUES(NULL,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}','yes');
+REPLACE INTO __DB_PREFIX__options VALUES(NULL,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}','yes');
diff --git a/config_panel.toml b/config_panel.toml
index 07f014d..48c10f7 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -40,11 +40,11 @@ name = "Wordpress configuration"
default = "low"
help = "low <= 20Mb per pool. medium between 20Mb and 40Mb per pool. high > 40Mb per pool.