How to Setup WordPress Nginx with FastCGI Caching in CentOS 7

Wordpress NginxIf you plan to run high traffic wordpress blog(wordpress nginx), i would suggest to run it in virtual private server (VPS) or dedicated server together with NGINX FastCGI Caching.

Besides the low memory consumption when using Nginx as a web server, it has a fast performance. When you combine Nginx and FastCGI Caching module, you will further enhance the performance of your web application, including a WordPress site.

This can be an alternative to NGINX + Varnish setup that uses caching technology to accelerate the performance of wordpress site.

Nginx FastCGI module has instructions for caching dynamic content that is served through a PHP backend.

When a web page is cached, repeated requests for the same page with quickly returned to a customer by the nginx web server because it comes from the cache location.

The following tutorial will guide you to setup WordPress Nginx in CentOS 7 VPS. This setup has been tested in linode 4GB and ramnode 2GB VPS.

Prerequisites :
a) Assume that the linux CentOS 7 VPS has been setup properly with Mariadb as a database and Nginx as a web server run together with PHP-FPM.
b) You have domain name for your wordpress site and dns record pointing to your VPS ip address.

www.ehowstuff.local -> 10.9.8.7

1. To install Nginx in CentOS run the following commands to create Nginx repository file in CentOS.

vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2. To install nginx, php, php-mysql MariaDB server, run the following command :

# yum install nginx php php-mysql php-fpm mariadb-server

3. Configure php-fpm :

Below are the configuration value for 4Gb ram VPS :

# vi /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000

listen.allowed_clients = 127.0.0.1

listen.mode = 0666

user = nginx
group = nginx

pm = dynamic

pm.max_children = 20

pm.start_servers = 15

pm.min_spare_servers = 15

pm.max_spare_servers = 15

pm.max_requests = 500

4. Configure NGINX with FastCGI Caching :

This is the main configuration file for Nginx.

# vi /etc/nginx/nginx.conf
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    log_format blocked '$time_local: Blocked request from $remote_addr $request';
    access_log  /var/log/nginx/access.log  main;

    include /etc/nginx/conf.d/common.conf;
    include /etc/nginx/conf.d/gzip.conf;

    #FastCGI Cache and other configuration options
    include /etc/nginx/conf.d/option.conf;

    #Nginx for WordPress and security
    include /etc/nginx/conf.d/wordpress.conf;
    
    #Configure Nginx Fast-CGI Cache Exceptions
    include /etc/nginx/conf.d/fastcgi_no_cache.conf;
    
    #Multiple wordpress sites container
    include /etc/nginx/sites-available/*.conf;
}

It is recommended to split a custom configuration of the original nginx.conf to make it easier to read and do modification.

# vi /etc/nginx/conf.d/common.conf
# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   #    expires max;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}
vi /etc/nginx/conf.d/gzip.conf
gzip  on;
gzip_comp_level 6;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";

gzip_types text/css text/x-component application/ecmascript application/json application/pdf application/javascript application/x-javascript text/javascript application/postscript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

gzip_http_version 1.1;
gzip_vary on;
vi /etc/nginx/conf.d/option.conf
## FAST-CGI Configurations
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=WPCACHE:1024m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
add_header X-Fastcgi-Cache $upstream_cache_status;

## Other server option
access_log      off;
sendfile        on;
tcp_nopush      on;
tcp_nodelay     on;
server_tokens   off;
keepalive_requests 100000;
reset_timedout_connection on;
port_in_redirect off;
client_body_timeout  1460;
client_header_timeout 1460;
client_max_body_size 10m;
send_timeout 1460;
keepalive_timeout 1300;
vi /etc/nginx/conf.d/wordpress.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}


# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
# SECURITY : Zero day Exploit Protection
try_files $uri =404;

# ENABLE : Enable PHP, listen fpm sock
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
##Added below for fastcgi_cache
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache WPCACHE;
fastcgi_cache_valid 200 60m;
fastcgi_cache_valid 404 60m;
fastcgi_max_temp_file_size 4m;
fastcgi_cache_use_stale updating;
fastcgi_cache_methods GET HEAD; # Only GET and HEAD methods apply
add_header X-Fastcgi-Cache $upstream_cache_status;
}

# Deny access to htaccess files
location ~ /\. {
        deny all;
}

# Deny access to .php files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*.(php|phps)$ {
        deny all;
}

## Block SQL injections
location ~* union.*select.*\( {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* union.*all.*select.* {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* concat.*\( {access_log /var/log/nginx/*.*.log blocked; deny all;}
#
### Block common exploits
location ~* (< |%3C).*script.*(>|%3E) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* base64_(en|de)code\(.*\) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* (%24&x) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* \.\.\/  {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* ~$ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* proc/self/environ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* /\.(htaccess|htpasswd|svn) {access_log /var/log/nginx/*.*.log blocked; deny all;}
#
### Block file injections
location ~* [a-zA-Z0-9_]=(\.\.//?)+ {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ {access_log /var/log/nginx/*.*.log blocked; deny all;}
#
### wordpress security
location ~* wp-config.php {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* wp-admin/includes {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* wp-admin/setup-config.php {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* wp-app\.log {access_log /var/log/nginx/*.*.log blocked; deny all;}
location ~* (licence|readme|license)\.(html|txt) {access_log /var/log/nginx/*.*.log blocked; deny all;}


# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;

Configure Cache Exceptions :

vi /etc/nginx/conf.d/fastcgi_no_cache.conf
set $no_cache 0;

    # POST requests and URLs with a query string should always go to PHP
    if ($request_method = POST) {
        set $no_cache 1;
    }

   if ($query_string != "") {
        set $no_cache 1;
    }

    # Don't cache URIs containing the following segments
    if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
                         |sitemap(_index)?.xml") {
        set $no_cache 1;
    }

    # Don't use the cache for logged-in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
        |wordpress_no_cache|wordpress_logged_in") {
        set $no_cache 1;
    }
# mkdir -p /etc/nginx/sites-available
vi /etc/nginx/sites-available/ehowstuff.local.conf

Add below information :

server {
    listen     80;
    server_name ehowstuff.local;
    rewrite ^/(.*)$ http://www.ehowstuff.local/$1 permanent;
}

server {
        server_name www.ehowstuff.local;
        root /var/www/html/ehowstuff;
        access_log /var/log/nginx/ehowstuff.local.access.log;
        error_log /var/log/nginx/ehowstuff.local.error.log;

3. Create a database for wordpress site with your prefered user and password :

MariaDB [wordpressdb]> CREATE DATABASE wordpressdb;
MariaDB [wordpressdb]> CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspassword';
MariaDB [wordpressdb]> GRANT ALL PRIVILEGES ON wordpressdb.* to wordpressuser@localhost;

Extract the wordpress file into web server root directory :

# cd /var/www/html/
# wget http://wordpress.org/latest.tar.gz
# tar xzvf latest.tar.gz
# mv wordpress /var/www/html/ehowstuff

You can follow this steps to install wordpress on CentOS.

READ  How to Install and Configure Nginx Web Server on CentOS 6.2

4. Start the services and make it auto start at boot :

# systemctl restart nginx && systemctl restart php-fpm && systemctl restart mariadb
# systemctl enable nginx && systemctl enable php-fpm && systemctl enable mariadb

Leave a Reply

Your email address will not be published. Required fields are marked *