如何用Nginx反向代理WordPress?
- By : Will
- Category : Reverse Proxy, WordPress
Reverse Proxy
1 前言
一个问题,一篇文章,一出故事。
笔者的WordPress安装Google的Site Kit插件,发现核心网页指标不达标,于是想到通过反向代理给网站加速,于是整理此文。
2 最佳实践
2.1 环境配置
如果你尚未部署或熟悉WordPress环境,请先参阅下文部署WordPress环境,
如果你对Nginx反向代理不熟悉,请先参阅以下章节,
另外,本章配置包含向后端传递真实IP的配置,如果你不熟悉建议先参阅以下章节,
2.2 配置WordPress反向代理
2.2.1 修改配置文件
vim /etc/nginx/conf.d/www.cmdschool.org_443.conf
加入如下配置,
proxy_cache_path /data/nginxCache/www_443_style levels=2:2:2 keys_zone=www_443_style:10m inactive=7d max_size=2g;
proxy_cache_path /data/nginxCache/www_443_staice levels=2:2:2 keys_zone=www_443_staice:10m inactive=30d max_size=15g;
server {
listen 10.168.0.80:443;
server_name www.cmdschool.org;
ssl on;
ssl_certificate 1_www.cmdschool.org_bundle.crt;
ssl_certificate_key 2_www.cmdschool.org.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://127.0.0.1;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache off;
proxy_max_temp_file_size 0;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
}
location ~* \.(js|css)$ {
proxy_pass https://127.0.0.1;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache www_443_style;
proxy_cache_valid 200 7d;
proxy_max_temp_file_size 0;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
expires 7d;
}
location ~* \.(ico|jpg|jpeg|gif|png|bmp|swf|flv)$ {
proxy_pass https://127.0.0.1;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache www_443_staice;
proxy_cache_valid 200 30d;
proxy_max_temp_file_size 0;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
expires 30d;
}
}
server {
listen 127.0.0.1:443;
server_name www.cmdschool.org;
ssl on;
ssl_certificate 1_www.cmdschool.org_bundle.crt;
ssl_certificate_key 2_www.cmdschool.org.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
set_real_ip_from 127.0.0.1;
real_ip_header X-Real-IP;
location / {
root /var/www/www.cmdschool.org;
client_max_body_size 500m;
index index.php;
}
#...
}
以上需要注意的是,
– “#…”表示省略的配置
– 配置使用127.0.0.1作为WordPress站点倾听地址
– 配置使用网卡地址(网卡地址是私网地址与公网地址为NAT映射关系)作为Nginx反向代理的倾听地址
– 以上配置亦适用于非单机的Nginx反向代理与WordPress(上下游关系)的环境
根据以上配置的需要,我们应当手动创建以下缓存目录,
mkdir -p /data/nginxCache chown nginx:nginx -R /data/nginxCache
2.2.2 测试配置文件
nginx -t
2.2.3 重载使配置生效
systemctl reload nginx.service
systemctl reload nginx.service
参阅文档
======================
如何向后端传递反向代理的登录cookie
———————
https://www.shusite.com/server/2909.html
没有评论