Tutorial Creating Nginx ServerBlock for New Site

AldrichPosted oninNginx
Nginx F5

**NOTE: Make sure to replace yourdomain.com with your actual domain name / site.
SSL or HTTPS is not enabled for this serverblock.
This ServerBlock iclude FastCGI-Cache config for WordPress-based site.

Simply follow this tutorial to create new serverblock for new site on the Nginx web server

1.) Create doc root directory along with its log dir for your new site:

$ mkdir -p /var/www/yourdomain.com/public/ /var/www/yourdomain.com/logs/

2.) Go to your site doc root folder:

$ cd /var/www/yourdomain.com/public/

3.) Data Migration

Download wordpress or you can run wget command to download your backup file from another server if you want to migrate your site from another server.

$ wget https://wordpress.org/latest.tar.gz
$ wget https://yourotherdomain.com/data_web.tar.gz

4.) Extract your archive data file

$ tar --strip-components=1 -xvf latest.tar.gz
$ tar --strip-components=1 -xvf data_web.tar.gz

5.) Set correct user and group for file and folder permissions

$ chown -R www-data:www-data /var/www/yourdomain.com/

6.) Create Nginx serverblock for yourdomain.com

$ nano /etc/nginx/sites-available/yourdomain.com
# Virtual Host Configuration by KuliVPS.com (Please don't alter these files manually)
server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6

root /var/www/yourdomain.com/public/;
index index.htm index.html index.php;

# Make site accessible from public
server_name yourdomain.com www.yourdomain.com;

##listen 443 ssl http2;
#listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
##ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # managed by Certbot
##ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # managed by Certbot
##include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_session_cache shared:SSL:30m;
#ssl_session_timeout 60m;
##ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
##ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

# Intermediate configuration.
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
#ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header FastCGI-Cache $upstream_cache_status;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";

# OCSP Stapling (Fetch OCSP records from URL in ssl_certificate and cache them)
##ssl_stapling on;
##ssl_stapling_verify on;

## Verify chain trust of OCSP response using Root CA and Intermediate certs
##ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;

#access_log /var/log/nginx/yourdomain.com.access.log;
#error_log /var/log/nginx/yourdomain.com.error.log;

location / {
try_files $uri $uri/ /index.php?$args ;
}

# Nginx Fastcgi Config
#fastcgi_cache start
set $no_cache 0;

# POST requests and urls with a query string should handled by PHP
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $no_cache 1;
}

# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}

# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}

# Fastcgi-Cache Config
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9005;
include fastcgi_params;
include fastcgi.conf;
fastcgi_param HTTP_PROXY "";
fastcgi_index index.php;
# fastcgi_intercept_errors on;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache fcgicache;
fastcgi_cache_valid 200 60m;
}

# Fastcgi-Purge Config
location ~ /purge(/.*) {
# Uncomment the following two lines to allow purge only from the webserver
#allow 127.0.0.1;
#deny all;
fastcgi_cache_purge fcgicache "$scheme$request_method$host$1";
}

location ~ /.well-known {
allow all;
}

# Static Cache Config
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|css|js|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires 360d;
add_header Access-Control-Allow-Origin "*";
}

location = /robots.txt { access_log off; log_not_found off; }
#location ~ /\. { deny all; access_log off; log_not_found off; } (disable # untuk aktivasi SSL di folder /.well-known/pki-validation/)

location ~ ^/\.user\.ini {
deny all;
}

# XML Sitemap
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;

# Block http user agent AhrefsBot
if ($http_user_agent ~* (AhrefsBot) ) {
return 403;
}

# Nginx HTTP2 Module (ngx_http_v2_module)
#http2_recv_buffer_size 512k;
http2_body_preread_size 128k;
http2_chunk_size 16k;
http2_idle_timeout 5m;
http2_max_concurrent_streams 256;
http2_max_field_size 8k;
http2_max_header_size 32k;
http2_max_requests 1000;
http2_recv_timeout 60s;

}

7.) Create Database and Database User

$ mysql -u root -p
$ CREATE DATABASE databasename;
$ CREATE USER databaseuser@localhost;
$ SET PASSWORD FOR databaseuser@localhost= PASSWORD("password");
$ GRANT ALL PRIVILEGES ON databasename.* TO databaseuser@localhost IDENTIFIED BY 'password';
$ FLUSH PRIVILEGES;
$ exit

8.) Import Database

$ mysql -u databaseuser -p databasename < yourdatabse.sql

Restart Serveral Importan Services:

$ service nginx restart
$ service php7.4-fpm restart
$ service php7.3-fpm restart
$ service php7.2-fpm restart
$ service php7.1-fpm restart
$ service php7.0-fpm restart
$ service php5.6-fpm restart

OK DONE…!!! Thank you… 🙂

See more:

×