{{tag>wordpress nginx}}

====== Wordpress on nginx ======

===== Install packages =====

  apt install nginx php-fpm php7.0-mysql

Config file example:
<code nginx>
upstream php {
    server unix:/var/run/php/php7.0-fpm.sock;
}

server {
	listen 80 ;
	listen [::]:80 ;
	server_name example.com;
	return 301 https://$host$request_uri;
}

server {
	# SSL configuration
	#
	listen 443 ssl ;
	listen [::]:443 ssl ;
	ssl                     on;
	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_cache       shared:SSL:10m;
	ssl_session_timeout     10m;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
	ssl_certificate /etc/nginx/ssl/example.com.crt;
	ssl_certificate_key /etc/nginx/ssl/example.com.key;

	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/example_site;

	# Add index.php to the list if you are using PHP
	index index.php;

	server_name example.com;

	location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

	location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

	location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;

                # test if this line below works like stuff ("RewriteRule . /index.php [L]") in .htaccess file for wordpress, used in apache server
                #try_files $uri $uri/ /index.php;
        }

	location ~ \.php$ {
	       #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	       include fastcgi.conf;
	       fastcgi_intercept_errors on;
	       fastcgi_pass php;
	       fastcgi_buffers 16 16k;
	       fastcgi_buffer_size 32k;
	}

	location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
	       expires max;
	       log_not_found off;
	}
	     

}


</code>

====== Tested on ======
  * Debian 9

====== See also ======
  * [[https://ssl-config.mozilla.org/|SSL config generator]]
  * [[wiki:wordpress_permissions|Wordpress permissions]]
  * [[wiki:wordpress_php_plugins|Wordpress php plugins]]
  * [[wiki:wordpress_troubleshooting|Wordpress troubleshooting]]
====== References ======