1日10万PVぐらいのWordpressを管理することになってどうがんばっても8秒を切れない。
そこでテスト環境に入れた nginx + リバースプロキシ + SSL でWordpressを動かした時のコンフィグを覚書として。

nginx.conf

user  nginx;
worker_processes  7;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
#worker_rlimit_nofile   150000;
events {
worker_connections  1024;
multi_accept        on;
use epoll;
}
http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;
server_names_hash_bucket_size   64;
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log  /var/log/nginx/access.log  main;
sendfile        on;
tcp_nopush      on;
#gzip  on;
proxy_buffering     on;
proxy_buffer_size   8k;
proxy_buffers       100 8k;
proxy_cache_path    /var/cache/nginx levels=1:2
keys_zone=czone:15m max_size=512m inactive=7d;
proxy_temp_path     /var/tmp/nginx;
proxy_cache_key     $scheme://$host$request_uri;
proxy_cache_valid   200 302 2h;
proxy_cache_valid   301     4h;
proxy_cache_valid   any     1m;
proxy_cache_use_stale  error timeout invalid_header updating
http_500 http_502 http_503 http_504;
# set header
proxy_set_header   Host                $host;
proxy_set_header   X-Real-IP           $remote_addr;
proxy_set_header   X-Remote-Addr       $remote_addr;
proxy_set_header   X-Forwarded-Proto   https;
proxy_set_header   X-Forwarded-Host    $host;
proxy_set_header   X-Forwarded-Server  $host;
proxy_set_header   X-Forwarded-For     $proxy_add_x_forwarded_for;
# backend
upstream backend {
ip_hash;
server 127.0.0.1:8080;
}
include /etc/nginx/conf.d/*.conf;
}
proxy_set_header X-Forwarded-Proto https;

SSLで動かす際に大事なのがこれで、この記述がないと

The page at 'https://domain.com/service1/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://domain.com/service1/': this content should also be submitted over HTTPS.

こんな感じにコンテンツがブロックされて、レイアウトが崩れた誰もが1度は見たことある状況になります。

ちなみに

proxy_redirect http:// https://;

この記述はなくても普通に動く。ヘッダーに設定すればこの記述は不要なのかなと思って

proxy_set_header X-Forwarded-Proto https;

これを消して

proxy_redirect http:// https://;

これだけの記述にしたけど同様に

The page at 'https://domain.com/service1/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://domain.com/service1/': this content should also be submitted over HTTPS.

と怒られた。

 

default.conf

server {
listen       80;
server_name  luispc.com;
return 301 https://luispc.com$request_uri;
}
server {
listen      443     ssl;
server_name luispc.com;
root        /home/rerar/www;
index       index.php;
access_log  /var/log/nginx/access443_log;
error_log   /var/log/nginx/error443_log;
client_max_body_size    2G;
ssl                 on;
ssl_certificate     /home/rerar/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /home/rerar/nginx/ssl/luispc_com.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers   on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header X-Cache $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
rewrite ^/archives/(.*)$ https://luispc.com/?p=$1 last;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ \.ico$ {
log_not_found off;
access_log off;
expires max;
}
location ~ \.(css|js)$ {
charset  UTF-8;
access_log off;
expires 1d;
}
location ~* \.(jpe?g|gif|png|ico|woff|svg|swf|inc)$ {
expires     7d;
access_log  off;
}
location /wp-content/uploads {
expires     max;
access_log  off;
}
location ~ /\. {
deny          all;
access_log    off;
log_not_found off;
}
location = /wp-config.php {
deny        all;
access_log  off;
}
location ~ .*\.php {
proxy_pass http://backend;
}
location / {
set $do_not_cache 0;
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_|wordpress_logged_in" ) {
set $do_not_cache 1;
}
if ($request_method != GET) {
set $do_not_cache 1;
}
# mobile setting
include /etc/nginx/mobile_cache_setting;
proxy_no_cache         $do_not_cache;
proxy_cache_bypass     $do_not_cache;
proxy_cache            czone;
proxy_cache_key        $scheme://$host$uri$is_args$args;
proxy_pass             http://backend;
}
}
server {
listen      8080;
server_name luispc.com;
root        /home/rerar/www;
index       index.php;
access_log  /home/rerar/log/access8080.log;
error_log   /home/rerar/log/error8080.log;
location / {
location ~ /wp-content  {
access_log  off;
include     /etc/nginx/php_exec;
}
location ~ /wp-includes {
access_log  off;
include     /etc/nginx/php_exec;
}
location ~ /wp-cron.php {
access_log  off;
include     /etc/nginx/php_exec;
}
location ~ /wp-comments {
access_log  off;
include     /etc/nginx/php_exec;
}
location ~ /wp-admin {
access_log  off;
include    /etc/nginx/php_exec;
}
location ~ /wp-login.php {
access_log  off;
include     /etc/nginx/php_exec;
}
include /etc/nginx/php_exec;
}
}

 

 

mobile_cache_setting

#  -- is wap device ?
if ($http_x_wap_profile ~ ^[a-z0-9\"]+) {
set $do_not_cache 1;
}
#  -- is cellular ?
if ($http_profile ~ ^[a-z0-9\"]+) {
set $do_not_cache 1;
}
#  -- is mobile browser ?
if ($http_user_agent ~ ^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).*) {
set $do_not_cache 1;
}
#  -- is mobile browser ?
if ($http_user_agent ~ ^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).*) {
set $do_not_cache 1;
}
#  -- is mobile browser ?
if ($http_user_agent ~ ^(DoCoMo/|J-PHONE/|J-EMULATOR/|Vodafone/|MOT(EMULATOR)?-|SoftBank/|[VS]emulator/|KDDI-|UP\.Browser/|emobile/|Huawei/|IAC/|Nokia|mixi-mobile-converter/)) {
set $do_not_cache 1;
}
#  -- is other cellular, game, pda ?
if ($http_user_agent ~ (DDIPOCKET\;|WILLCOM\;|Opera\ Mini|Opera\ Mobi|PalmOS|Windows\ CE\;|PDA\;\ SL-|PlayStation\ Portable\;|SONY/COM|Nitro|Nintendo)) {
set $do_not_cache 1;
}

 

 

php_exec

location ~\.php$ {
expires          off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass     127.0.0.1:9000;
fastcgi_index    index.php;
fastcgi_param    SCRIPT_FILENAME  $document_root$fastcgi_script_name;
include          fastcgi_params;
fastcgi_buffers              16 16k;
fastcgi_buffer_size          32k;
fastcgi_busy_buffers_size    32k;
fastcgi_temp_file_write_size 256k;
}

 

WordPressで記事更新時などのキャッシュ削除は Nginx Cache Controller を使うようにした。
もう1つ名のしれてるやつは、パッケージから入れた場合 ngn_cache_purge モジュールが入ってないために使えない”らしい”。

Nginx Cache Controller はキャッシュディレクトリと、レベルを指定することで同じことを実現してるのかな?
ngn_cache_purge モジュールを使ったことないので適当に言いました!

4件のコメント

ryo へ返信する コメントをキャンセル