initial commit

files/conf.d/custom/acme.conf

@@ -0,0 +1,4 @@
+	location ~ /.well-known {
+		try_files $uri $uri/ =404;
+		root /var/www;
+	}

files/conf.d/custom/hidden_files.conf

@@ -0,0 +1,6 @@
+	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+	location ~ /\. {
+		deny all;
+		access_log off;
+		log_not_found off;
+	}

files/conf.d/custom/robots.conf

@@ -0,0 +1,6 @@
+	location = /robots.txt {
+		auth_basic off;
+		allow all;
+		log_not_found off;
+		access_log off;
+	}

files/conf.d/custom/wordpress.conf

@@ -0,0 +1,68 @@
+	# rate limiting : defined in /etc/nginx/conf.d/limits.conf
+	#limit_req zone=flood burst=30 nodelay;
+	#limit_req_status 444;
+
+	client_body_buffer_size 128M;
+	client_max_body_size 128M; # set max upload size
+	fastcgi_buffers 512 32K;
+	#fastcgi_buffers 64 4K;
+
+	location / {
+		try_files $uri $uri/ /index.php?q=$uri&$args;
+	}
+
+#	location ~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+#		access_log off; log_not_found off; expires 1m;
+#	}
+
+	# SECURITY : Deny all attempts to access PHP Files in the uploads directory
+	location ~* /(?:uploads|files)/.*\.php$ {
+		deny all;
+	}
+
+	location /favicon.ico {
+		log_not_found off; access_log off;
+	}
+
+	location /robots.txt {
+		allow all; log_not_found off; access_log off;
+	}
+
+	# SECURITY : Deny all attempts to access hidden files .abcde
+	location ~ /\. {
+		deny all;
+	}
+
+	# BEGIN W3TC Browser Cache
+	gzip on;
+	gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon image/webp application/json application/vnd.ms-access application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel;
+	location ~ \.(css|htc|less|js|js2|js3|js4)$ {
+		expires 31536000s;
+		etag on;
+		if_modified_since exact;
+		try_files $uri $uri/ $uri.html /index.php?$args;
+	}
+
+	location ~ \.(html|htm|rtf|rtx|svg|txt|xsd|xsl|xml)$ {
+		etag on;
+		if_modified_since exact;
+		try_files $uri $uri/ $uri.html /index.php?$args;
+	}
+
+	location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|_ttf|wav|wma|wri|woff|woff2|xla|xls|xlsx|xlt|xlw|zip)$ {
+		expires 31536000s;
+		etag on;
+		if_modified_since exact;
+		try_files $uri $uri/ $uri.html /index.php?$args;
+	}
+
+	location ~ \.(bmp|class|doc|docx|eot|exe|ico|webp|json|mdb|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|pot|pps|ppt|pptx|svg|svgz|swf|tif|tiff|ttf|ttc|_ttf|wav|wri|woff|woff2|xla|xls|xlsx|xlt|xlw)$ {
+		etag off;
+		if_modified_since off;
+		try_files $uri $uri/ $uri.html /index.php?$args;
+	}
+	# END W3TC Browser Cache
+
+	# BEGIN W3TC Minify core
+	rewrite ^/wp-content/cache/minify/ /index.php last;
+	# END W3TC Minify core

files/conf.d/gzip.conf

@@ -0,0 +1,7 @@
+        gzip_disable "msie6";                                             # Do people still use Internet Explorer 6? In that case, disable gzip and hope for the best!
+        gzip_vary on;                                                     # Also compress content with other MIME types than "text/html"
+        gzip_types application/json text/css application/javascript;      # We only want to compress json, css and js. Compressing images and such isn't worth it
+        gzip_proxied any;
+        gzip_comp_level 6;                                                # Set desired compression ratio, higher is better compression, but slower
+        gzip_buffers 16 8k;                                               # Gzip buffer size
+        gzip_http_version 1.0;                                            # Compress every type of HTTP request

files/conf.d/log_format.conf

@@ -0,0 +1 @@
+log_format custom '$remote_addr;$time_local;"$request";$status;$bytes_sent;"$http_referer";"$http_user_agent";"$gzip_ratio";$request_time';

files/conf.d/proxy.conf

@@ -0,0 +1,4 @@
+	proxy_connect_timeout       600;
+	proxy_send_timeout          600;
+	proxy_read_timeout          600;
+	send_timeout                600;

files/conf.d/real_ip.conf

@@ -0,0 +1,2 @@
+    set_real_ip_from 127.0.0.1; # Load Balancer Internal IP
+    real_ip_header X-Forwarded-For;

files/conf.d/server_name.conf

@@ -0,0 +1 @@
+    server_names_hash_bucket_size 128;

files/status.conf

@@ -0,0 +1,32 @@
+server {
+    listen 127.0.0.1:80;
+    server_name _;
+
+    access_log /var/log/nginx/localhost.access.log;
+    error_log /var/log/nginx/localhost.error.log;
+
+    location ~ /.well-known/acme-challenge/ {
+        alias /var/www/challenges/;
+        try_files $uri =404;
+        allow 127.0.0.1;
+        deny all;
+    }
+
+    location /stub_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        deny all;
+    }
+
+#    location /php_status {
+#        access_log off;
+#        include /etc/nginx/fastcgi_params;
+#        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+#        fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
+#    }
+
+    location / {
+        deny all;
+    }
+}