1日10万PVぐらいのWordpressを管理することになってどうがんばっても8秒を切れない。
そこでテスト環境に入れた nginx + リバースプロキシ + SSL でWordpressを動かした時のコンフィグを覚書として。
nginx.conf
user nginx; worker_processes 7; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; #worker_rlimit_nofile 150000; events { worker_connections 1024; multi_accept on; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; #gzip on; proxy_buffering on; proxy_buffer_size 8k; proxy_buffers 100 8k; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=czone:15m max_size=512m inactive=7d; proxy_temp_path /var/tmp/nginx; proxy_cache_key $scheme://$host$request_uri; proxy_cache_valid 200 302 2h; proxy_cache_valid 301 4h; proxy_cache_valid any 1m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; # set header proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Remote-Addr $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # backend upstream backend { ip_hash; server 127.0.0.1:8080; } include /etc/nginx/conf.d/*.conf; }
proxy_set_header X-Forwarded-Proto https;
SSLで動かす際に大事なのがこれで、この記述がないと
The page at 'https://domain.com/service1/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://domain.com/service1/': this content should also be submitted over HTTPS.
こんな感じにコンテンツがブロックされて、レイアウトが崩れた誰もが1度は見たことある状況になります。
ちなみに
proxy_redirect http:// https://;
この記述はなくても普通に動く。ヘッダーに設定すればこの記述は不要なのかなと思って
proxy_set_header X-Forwarded-Proto https;
これを消して
proxy_redirect http:// https://;
これだけの記述にしたけど同様に
The page at 'https://domain.com/service1/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://domain.com/service1/': this content should also be submitted over HTTPS.
と怒られた。
default.conf
server { listen 80; server_name luispc.com; return 301 https://luispc.com$request_uri; } server { listen 443 ssl; server_name luispc.com; root /home/rerar/www; index index.php; access_log /var/log/nginx/access443_log; error_log /var/log/nginx/error443_log; client_max_body_size 2G; ssl on; ssl_certificate /home/rerar/nginx/ssl/ssl-bundle.crt; ssl_certificate_key /home/rerar/nginx/ssl/luispc_com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header X-Cache $upstream_cache_status; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; rewrite ^/archives/(.*)$ https://luispc.com/?p=$1 last; location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } location ~ \.ico$ { log_not_found off; access_log off; expires max; } location ~ \.(css|js)$ { charset UTF-8; access_log off; expires 1d; } location ~* \.(jpe?g|gif|png|ico|woff|svg|swf|inc)$ { expires 7d; access_log off; } location /wp-content/uploads { expires max; access_log off; } location ~ /\. { deny all; access_log off; log_not_found off; } location = /wp-config.php { deny all; access_log off; } location ~ .*\.php { proxy_pass http://backend; } location / { set $do_not_cache 0; if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_|wordpress_logged_in" ) { set $do_not_cache 1; } if ($request_method != GET) { set $do_not_cache 1; } # mobile setting include /etc/nginx/mobile_cache_setting; proxy_no_cache $do_not_cache; proxy_cache_bypass $do_not_cache; proxy_cache czone; proxy_cache_key $scheme://$host$uri$is_args$args; proxy_pass http://backend; } } server { listen 8080; server_name luispc.com; root /home/rerar/www; index index.php; access_log /home/rerar/log/access8080.log; error_log /home/rerar/log/error8080.log; location / { location ~ /wp-content { access_log off; include /etc/nginx/php_exec; } location ~ /wp-includes { access_log off; include /etc/nginx/php_exec; } location ~ /wp-cron.php { access_log off; include /etc/nginx/php_exec; } location ~ /wp-comments { access_log off; include /etc/nginx/php_exec; } location ~ /wp-admin { access_log off; include /etc/nginx/php_exec; } location ~ /wp-login.php { access_log off; include /etc/nginx/php_exec; } include /etc/nginx/php_exec; } }
mobile_cache_setting
# -- is wap device ? if ($http_x_wap_profile ~ ^[a-z0-9\"]+) { set $do_not_cache 1; } # -- is cellular ? if ($http_profile ~ ^[a-z0-9\"]+) { set $do_not_cache 1; } # -- is mobile browser ? if ($http_user_agent ~ ^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).*) { set $do_not_cache 1; } # -- is mobile browser ? if ($http_user_agent ~ ^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).*) { set $do_not_cache 1; } # -- is mobile browser ? if ($http_user_agent ~ ^(DoCoMo/|J-PHONE/|J-EMULATOR/|Vodafone/|MOT(EMULATOR)?-|SoftBank/|[VS]emulator/|KDDI-|UP\.Browser/|emobile/|Huawei/|IAC/|Nokia|mixi-mobile-converter/)) { set $do_not_cache 1; } # -- is other cellular, game, pda ? if ($http_user_agent ~ (DDIPOCKET\;|WILLCOM\;|Opera\ Mini|Opera\ Mobi|PalmOS|Windows\ CE\;|PDA\;\ SL-|PlayStation\ Portable\;|SONY/COM|Nitro|Nintendo)) { set $do_not_cache 1; }
php_exec
location ~\.php$ { expires off; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_busy_buffers_size 32k; fastcgi_temp_file_write_size 256k; }
WordPressで記事更新時などのキャッシュ削除は Nginx Cache Controller を使うようにした。
もう1つ名のしれてるやつは、パッケージから入れた場合 ngn_cache_purge モジュールが入ってないために使えない”らしい”。
Nginx Cache Controller はキャッシュディレクトリと、レベルを指定することで同じことを実現してるのかな?
ngn_cache_purge モジュールを使ったことないので適当に言いました!
502 Bad Gatewayになってしまいました涙
エラーログにはなんて表示されていますか?
fpmの設定でsocketを見ていることが原因でした。
非常に参考になり、無事nginx+ssl+wp動かすことが出来ました。
ありがとうございます!
お役に立てれたようで何よりです。