Nginx + WordPress + SSL

Configuration snippet for later reference:

http {  

    [...]

    client_max_body_size 10m;

    set_real_ip_from  10.10.10.3;
    real_ip_header    X-Real-IP;

    [...]
 
    server {
        listen       443;
        server_name  my.domain.eu;
        gzip on;
        ssl on;
        ssl_certificate /etc/priv/ssl/my.domain.eu.crt;
        ssl_certificate_key /etc/priv/ssl/my.domain.eu.key;
        ssl_ciphers HIGH:!ADH:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_protocols SSLv3 TLSv1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 5m;

        location / {
          root   /var/www/wp;
          index  index.php;
        }

        if (-f $request_filename) {
          break;
        }

        if (-d $request_filename) {
          break;
        }

        error_page  404  = /index.php?q=$uri;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }

        location ~ \.php$ {
            include fastcgi_params;
            fastcgi_pass  unix:/var/run/nginx/fcgi.socket;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /var/www/wp/$fastcgi_script_name;
            fastcgi_param REMOTE_ADDR $http_x_real_ip;
            }
        }
    }

    server {
        listen       80;
        server_name  my.domain.eu;
        gzip on;

        [...]
    }
}

WordPress variables defined in wp-includes.php file:

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system. He is also open for new opportunities and challenges.

Gdansk, Poland https://sleeplessbeastie.eu