Nginx with web server + WordPress

maisondasilva · October 29, 2023, 11:28pm

If I just use Nginx as a web server with WordPress, can I use friendly URLs even with the default Nginx template or do I need to choose the WordPress template in the settings?

Thanks Maison

eris · October 30, 2023, 6:30am

Als ways pick Wordpress template…

Steveorevo · October 30, 2023, 8:24am

How did I miss this for Nginx; I see the template at /usr/local/hestia/data/templates/web/nginx/php-fpm/wordpress.tpl

But is there a place in the HestiaCP UI to select this?

sahsanu · October 30, 2023, 8:29am

Edit Web Domain -> Advanced Options -> Web Template NGINX

Steveorevo · October 30, 2023, 8:37am

I’ve only seen:

This lists:
templates/web/php-fpm

But not:
templates/web/nginx/php-fpm

This server is configured with Apache + Nginx

sahsanu · October 30, 2023, 8:38am

That template is for Nginx standalone.

Steveorevo · October 30, 2023, 8:43am

Proxy Template only lists the contents of templates/web/php-fpm; so the drop down combo box looks like:

That’s only five options (NodeApp is one I created). But in all my Hestia installations that I have seen, the contents of templates/web/nginx/php-fpm does not appear in the HestiaCP UI.

Should it? Or are we just to use templates/web/nginx/php-fpm as reference, and copy them over manually when needed?

sahsanu · October 30, 2023, 8:45am

Templates in that dir are for NGINX standalone + PHP-FPM not for NGINX as Proxy + PHP-FPM + Apache2

Steveorevo · October 30, 2023, 9:46pm

Would it be possible to use those templates in the Nginx Proxy + Apache “non-standalone” version? It appears to work with the “hosting” option; but I believe there are other permalink/WordPress MU features that might need those other directives.

eris · October 30, 2023, 9:51pm

Change

github.com

hestiacp/hestiacp/blob/79b8442f1f9fdb267c7490ed0876d63cf7012aa2/install/deb/templates/web/nginx/php-fpm/wordpress.tpl#L8


      
          #=========================================================================#
          # Default Web Domain Template                                             #
          # DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
          # https://hestiacp.com/docs/server-administration/web-templates.html      #
          #=========================================================================#
          
          server {
          	listen      %ip%:%web_port%;
          	server_name %domain_idn% %alias_idn%;
          	root        %docroot%;
          	index       index.php index.html index.htm;
          	access_log  /var/log/nginx/domains/%domain%.log combined;
          	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
          	error_log   /var/log/nginx/domains/%domain%.error.log error;
          
          	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
          
          	location = /favicon.ico {

%web_port% to %proxy_port$

And the same for ssl …

And it should work.

But default should work fine with Wordpress MU

maisondasilva · October 31, 2023, 1:47pm

@eris Look, I was noticing that most people who use Wordpress normally use Wordfence, but for those who use Ngnix there is a file that needs to be hidden via the Ngnix configuration, can you include this in the model?

I think that just inserting the first rule is enough for common people

Hiding .user.ini if your server runs NGINX

The “.user.ini” file that Wordfence creates can contain sensitive information, and public access to it should be restricted. If your server runs NGINX you have to do this manually. Append the following directives to the server context of your “nginx.conf” file:

location ~ ^/\.user\.ini {
deny all;
}

If your WordPress installation resides in a subdirectory, you should add the path portion of the URL to the pattern:

location ~ ^/wordpress/\.user\.ini {
deny all;
}

Thanks
Maison

sahsanu · October 31, 2023, 2:58pm

There is no need to include that, wordpress template includes this already :

location ~ /\.(?!well-known\/) {
    deny all;
    return 404;
}

And that means that if any file/dir starts with a dot and is not followed by well-known, the access will be denied and return code 404 (not found) send to the client.

You can try it yourself