diff --git a/config/nginx/wprocket-nginx.conf b/config/nginx/wprocket-nginx.conf new file mode 100644 index 0000000..1007967 --- /dev/null +++ b/config/nginx/wprocket-nginx.conf @@ -0,0 +1,190 @@ +################################################################################################### +# Rocket-Nginx +# +# Rocket-Nginx is a NGINX configuration to speedup your WordPress +# website with the cache plugin WP-Rocket (http://wp-rocket.me) +# +# Author: Maxime Jobin +# URL: https://github.com/maximejobin/rocket-nginx +# +# Tested with WP-Rocket version: 3.0.5.1 +# Tested with NGINX: 1.15 (mainline) +# +# Version 2.1.1 +# +################################################################################################### + +# Add debug information into header +set $rocket_debug 0; + + +################################################################################################### +# Do not alter theses values +# +set $rocket_bypass 1; # Should NGINX bypass WordPress and call cache file directly ? +set $rocket_encryption ""; # Is GZIP accepted by client ? +set $rocket_file ""; # Filename to use +set $rocket_is_bypassed "No"; # Header text added to check if the bypass worked or not. Header: X-Rocket-Nginx-Serving-Static +set $rocket_reason ""; # Reason why cache file was not used. If cache file is used, what file was used +set $rocket_https_prefix ""; # HTTPS prefix to use when cached files are using HTTPS +set $rocket_hsts 0; # Is HSTS is off (0) by default. Will be turned on (1) if request is HTTPS + +# HSTS value +set $rocket_hsts_value "max-age=31536000; includeSubDomains"; + +################################################################################################### +# PAGE CACHE +# + +# Is GZIP accepted by client ? +if ($http_accept_encoding ~ gzip) { + set $rocket_encryption "_gzip"; +} + +# Is Brotli accepted by client ? +if ($http_accept_encoding ~ br) { + set $rocket_encryption ""; +} + +# Is SSL request ? +if ($https = "on") { + set $rocket_https_prefix "-https"; + set $rocket_hsts 1; +} + +# If HSTS is disabled, unset HSTS set for Rocket-Nginx configuration +if ($rocket_hsts = "0") { + set $rocket_hsts_value ""; +} + +# File/URL to return IF we must bypass WordPress +# Desktop: index.html or index-https.html +# Mobile: index-mobile.html or index-mobile-https.html +set $rocket_end "/cache/wp-rocket/$http_host/$request_uri/index$rocket_https_prefix.html$rocket_encryption"; +set $rocket_url "/wp-content$rocket_end"; +set $rocket_file "$document_root/wp-content$rocket_end"; +set $rocket_mobile_detection "$document_root/wp-content/cache/wp-rocket/$http_host/$request_uri/.mobile-active"; + + +# Do not bypass if it's a POST request +if ($request_method = POST) { + set $rocket_bypass 0; + set $rocket_reason "POST request"; +} + +# Do not bypass if arguments are found (e.g. ?page=2) +if ($is_args) { + set $rocket_bypass 0; + set $rocket_reason "Arguments found"; +} + +# Do not bypass if the site is in maintenance mode +if (-f "$document_root/.maintenance") { + set $rocket_bypass 0; + set $rocket_reason "Maintenance mode"; +} + +# Do not bypass if one of those cookie if found +# wordpress_logged_in_[hash] : When a user is logged in, this cookie is created (we'd rather let WP-Rocket handle that) +# wp-postpass_[hash] : When a protected post requires a password, this cookie is created. +if ($http_cookie ~* "(wordpress_logged_in_|wp\-postpass_|woocommerce_items_in_cart|woocommerce_cart_hash|wptouch_switch_toogle|comment_author_|comment_author_email_)") { + set $rocket_bypass 0; + set $rocket_reason "Cookie"; +} + +if (-f "$rocket_mobile_detection") { + set $rocket_bypass 0; + set $rocket_reason "Specific mobile cache activated"; +} + +# Do not bypass if the cached file does not exist +if (!-f "$rocket_file") { + set $rocket_bypass 0; + set $rocket_reason "File not cached"; +} + +# If the bypass token is still on, let's bypass WordPress with the cached URL +if ($rocket_bypass = 1) { + set $rocket_is_bypassed "Yes"; + set $rocket_reason "$rocket_url"; +} + +# Clear variables if debug is not needed +if ($rocket_debug = 0) { + set $rocket_reason ""; + set $rocket_file ""; +} + +# If the bypass token is still on, rewrite according to the file linked to the request +if ($rocket_bypass = 1) { + rewrite .* "$rocket_url" last; +} + +# Add header to HTML cached files +location ~ /wp-content/cache/wp-rocket/.*html$ { + etag on; + add_header Vary "Accept-Encoding, Cookie"; + add_header Cache-Control "no-cache, no-store, must-revalidate"; + add_header X-Rocket-Nginx-Serving-Static $rocket_is_bypassed; + add_header X-Rocket-Nginx-Reason $rocket_reason; + add_header X-Rocket-Nginx-File $rocket_file; + add_header Strict-Transport-Security "$rocket_hsts_value"; + + +} + +# Do not gzip cached files that are already gzipped +location ~ /wp-content/cache/wp-rocket/.*_gzip$ { + etag on; + gzip off; + types {} + default_type text/html; + add_header Content-Encoding gzip; + add_header Vary "Accept-Encoding, Cookie"; + add_header Cache-Control "no-cache, no-store, must-revalidate"; + add_header X-Rocket-Nginx-Serving-Static $rocket_is_bypassed; + add_header X-Rocket-Nginx-Reason $rocket_reason; + add_header X-Rocket-Nginx-File $rocket_file; + add_header Strict-Transport-Security "$rocket_hsts_value"; + + +} + +# Debug header (when file is not cached) +add_header X-Rocket-Nginx-Serving-Static $rocket_is_bypassed; +add_header X-Rocket-Nginx-Reason $rocket_reason; +add_header X-Rocket-Nginx-File $rocket_file; + +# No HSTS header added here. We suppose it's correctly added in the site configuration + + +################################################################################################### +# BROWSER CSS CACHE +# +location ~* \.css$ { + etag on; + gzip_vary on; + expires 30d; + +} + + +################################################################################################### +# BROWSER JS CACHE +# +location ~* \.js$ { + etag on; + gzip_vary on; + expires 30d; + +} + + +################################################################################################### +# BROWSER MEDIA CACHE +# +location ~* \.(ico|gif|jpe?g|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { + etag on; + expires 30d; + +}