# ispconfig + nginx direktiven + wordpress



## nowayback (22. Feb. 2014)

hi,

hat es von euch mal jemand geschafft die für wordpress nötigen nginx direktiven in ispconfig einzufügen?

Wenn ich die von hand in die vhost schreibe funktioniert alles problemlos, aber da ich da etwas ausdokumentieren bzw. löschen will/muss bringt das nix wenn ich es in das entsprechende feld im ispconfig eingebe. 

Ich hänge es mal in den nächsten 2 Posts an, da ich sonst über 10000 Zeichen komme und damit die maximale Länge überschritten ist.

wäre schön wenn da jemand nen tipp für mich hätte.

Grüße
nwb


----------



## nowayback (22. Feb. 2014)

so sollte es aussehen:

```
server {
        listen i.p.v.4:80;

        listen i.p.v.4:443 ssl;
        ssl_certificate /var/www/clients/client1/web12/ssl/example.com.crt;
        ssl_certificate_key /var/www/clients/client1/web12/ssl/example.com.key;
	server_tokens off;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA;

        server_name example.com www.example.com;

        root   /var/www/example.com/web;



        index index.html index.htm index.php index.cgi index.pl index.xhtml;



        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
        error_page 502 /error/502.html;
        error_page 503 /error/503.html;
        recursive_error_pages on;
        location = /error/400.html {

            internal;
        }
        location = /error/401.html {

            internal;
        }
        location = /error/403.html {

            internal;
        }
        location = /error/404.html {

            internal;
        }
        location = /error/405.html {

            internal;
        }
        location = /error/500.html {

            internal;
        }
        location = /error/502.html {

            internal;
        }
        location = /error/503.html {

            internal;
        }

        error_log /var/log/ispconfig/httpd/example.com/error.log;
        access_log /var/log/ispconfig/httpd/example.com/access.log combined;

        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location /stats {

            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file /var/www/clients/client1/web12/web/stats/.htpasswd_stats;
        }

        location ^~ /awstats-icon {
            alias /usr/share/awstats/icon;
        }

[B]    location ~ /\.ht { deny all; }
    location ~ wp-config.php { deny all; }
    location ~ readme.html { deny all; }
    location ~ readme.txt { deny all; }
    location ~ /install.php { deny all; }
    set $susquery 0;
    set $rule_2 0;
    set $rule_3 0;
    rewrite ^wp-includes/(.*).php /not_found last;
    rewrite ^/wp-admin/includes(.*)$ /not_found last;
    if ($args ~* ".(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; }
    if ($args ~* "etc/passwd") { set $susquery 1; }
    if ($args ~* "boot.ini") { set $susquery 1; }
    if ($args ~* "ftp:") { set $susquery 1; }
    if ($args ~* "http:") { set $susquery 1; }
    if ($args ~* "https:") { set $susquery 1; }
    if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; }
    if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; }
    if ($args ~* "base64_encode") { set $susquery 1; }
    if ($args ~* "(%24&x)") { set $susquery 1; }
    if ($args ~* "(\[|\]|\(|\)|<|>|ê|\"|;|\?|\*|=$)"){ set $susquery 1; }
    if ($args ~* "("|'|<|>|\|{|||%24&x)"){ set $susquery 1; }
    if ($args ~* "(127.0)") { set $susquery 1; }
    if ($args ~* "(%0|%A|%B|%C|%D|%E|%F)") { set $susquery 1; }
    if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; }
    if ($args ~* "(request|select|insert|concat|union|declare)") { set $susquery 1; }
    if ($http_cookie !~* "wordpress_logged_in_" ) {
        set $susquery 2$susquery;
        set $rule_2 1;
        set $rule_3 1;
    }
    if ($args !~ "^loggedout=true") { set $susquery 3$susquery; }
    if ($susquery = 4321) { return 403; }

location / {
	try_files $uri $uri/ /index.php?$args;
}

rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
}

	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		root /var/www/example.com/web;
		include /etc/nginx/fastcgi_params;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_intercept_errors off;
		fastcgi_pass unix:/var/lib/php5-fpm/web12.sock;[/B]

	}

}
```


----------



## nowayback (22. Feb. 2014)

so sieht es aus:

```
server {
        listen i.p.v.4:80;

        listen i.p.v.4:443 ssl;
        ssl_certificate /var/www/clients/client1/web12/ssl/example.com.crt;
        ssl_certificate_key /var/www/clients/client1/web12/ssl/example.com.key;

        server_name example.com www.example.com;

        root   /var/www/example.com/web;



        index index.html index.htm index.php index.cgi index.pl index.xhtml;



        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
        error_page 502 /error/502.html;
        error_page 503 /error/503.html;
        recursive_error_pages on;
        location = /error/400.html {

            internal;
        }
        location = /error/401.html {

            internal;
        }
        location = /error/403.html {

            internal;
        }
        location = /error/404.html {

            internal;
        }
        location = /error/405.html {

            internal;
        }
        location = /error/500.html {

            internal;
        }
        location = /error/502.html {

            internal;
        }
        location = /error/503.html {

            internal;
        }

        error_log /var/log/ispconfig/httpd/example.com/error.log;
        access_log /var/log/ispconfig/httpd/example.com/access.log combined;

        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location /stats {

            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file /var/www/clients/client1/web12/web/stats/.htpasswd_stats;
        }

        location ^~ /awstats-icon {
            alias /usr/share/awstats/icon;
        }

[B]        location ~ \.php$ {
        		try_files $uri =404;

        		fastcgi_split_path_info ^(.+\.php)(/.+)$;

        		root /var/www/example.com/web;
        		include /etc/nginx/fastcgi_params;
        		fastcgi_index index.php;
        		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        		fastcgi_intercept_errors off;
        		fastcgi_pass unix:/var/lib/php5-fpm/web12.sock;

        }

        location @php {
            try_files $uri =404;
            include /etc/nginx/fastcgi_params;
            fastcgi_pass unix:/var/lib/php5-fpm/web12.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_intercept_errors on;
        }




        location ~ /\.ht {
deny all; 
        }
        location ~ wp-config.php {
deny all; 
        }
        location ~ readme.html {
deny all; 
        }
        location ~ readme.txt {
deny all; 
        }
        location ~ /install.php {
deny all; 
        }
            set $susquery 0;
            set $rule_2 0;
            set $rule_3 0;
            rewrite ^wp-includes/(.*).php /not_found last;
            rewrite ^/wp-admin/includes(.*)$ /not_found last;
            if ($args ~* ".(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; }
            if ($args ~* "etc/passwd") { set $susquery 1; }
            if ($args ~* "boot.ini") { set $susquery 1; }
            if ($args ~* "ftp:") { set $susquery 1; }
            if ($args ~* "http:") { set $susquery 1; }
            if ($args ~* "https:") { set $susquery 1; }
            if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; }
            if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; }
            if ($args ~* "base64_encode") { set $susquery 1; }
            if ($args ~* "(%24&x)") { set $susquery 1; }
            if ($args ~* "(\[|\]|\(|\)|<|>|Ãª|\"|;|\?|\*|=$)"){ set $susquery 1; }
            if ($args ~* "("|'|<|>|\|{|||%24&x)"){ set $susquery 1; }
            if ($args ~* "(127.0)") { set $susquery 1; }
            if ($args ~* "(%0|%A|%B|%C|%D|%E|%F)") { set $susquery 1; }
            if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; }
            if ($args ~* "(request|select|insert|concat|union|declare)") { set $susquery 1; }
            if ($http_cookie !~* "wordpress_logged_in_" ) {
                set $susquery 2$susquery;
                set $rule_2 1;
                set $rule_3 1;
            }
            if ($args !~ "^loggedout=true") { set $susquery 3$susquery; }
            if ($susquery = 4321) { return 403; }



        location / {
        	try_files $uri $uri/ /index.php?$args;
        }

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
[/B]
        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
               access_log off; log_not_found off; expires max;
        }

}
```


----------



## Till (23. Feb. 2014)

Ja, einfach folgendes in das nginx Direktiven Feld von ispconfig kopieren:


```
location / {
                try_files $uri $uri/ /index.php?$args;
       }
       # Add trailing slash to */wp-admin requests.
       rewrite /wp-admin$ $scheme://$host$uri/ permanent;
       location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
                expires max;
                log_not_found off;
       }
       location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       }
```
und auf speichern klicken.


----------



## nowayback (24. Feb. 2014)

hi,

vielen dank. manchmal sieht man den wald vor bäumen nicht. ich hab verzweifelt versucht die named location @php rauszubekommen, dabei wird sie ja ignoriert wenn man sie in location ~ \.php$ einfach nicht mehr angibt. somit muss ie ja gar nicht gelöscht werden...

schön wäre noch wenn man ispconfig irgendwie beeinflussen könnte in welcher reihenfolge die einträge gemacht werden denn ssl settings hätte ich schon gerne in der nähe der zertifikate, aber das ist nur optik.

danke für deine hilfe.

grüße
nwb


----------



## Till (24. Feb. 2014)

Wen Du mal nginx Reegeln für ein CMS suchst, dann schau mal bei Timmehosting vorbei, das ist die Firma von Falko, der das nginx Modul von ISPConfig betreut. Er hat dort snippets für alle verbeiteten CMS veröffentlicht:

https://timmehosting.de/cms-shop-kompatibilitaet-mit-nginx


----------

