如何用Nginx反向代理WordPress?

Reverse Proxy

1 前言

一个问题,一篇文章,一出故事。
笔者的WordPress安装Google的Site Kit插件,发现核心网页指标不达标,于是想到通过反向代理给网站加速,于是整理此文。

2 最佳实践

2.1 环境配置

如果你尚未部署或熟悉WordPress环境,请先参阅下文部署WordPress环境,

如何基于PHP 7.4部署WordPress?


如果你对Nginx反向代理不熟悉,请先参阅以下章节,

如何部署反向代理服务器Nginx?


另外,本章配置包含向后端传递真实IP的配置,如果你不熟悉建议先参阅以下章节,

如何传递真实IP到Apache后端?

2.2 配置WordPress反向代理

2.2.1 修改配置文件

vim /etc/nginx/conf.d/www.cmdschool.org_443.conf

加入如下配置,

proxy_cache_path /data/nginxCache/www_443_style levels=2:2:2  keys_zone=www_443_style:10m inactive=7d  max_size=2g;
proxy_cache_path /data/nginxCache/www_443_staice levels=2:2:2  keys_zone=www_443_staice:10m inactive=30d  max_size=15g;

server {
    listen 10.168.0.80:443;
    server_name www.cmdschool.org;
    ssl on;
    ssl_certificate 1_www.cmdschool.org_bundle.crt;
    ssl_certificate_key 2_www.cmdschool.org.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass               https://127.0.0.1;
        proxy_redirect           off;
        proxy_http_version       1.1;
        proxy_set_header         Host $http_host;
        proxy_set_header         Upgrade $http_upgrade;
        proxy_set_header         Connection "upgrade";
        proxy_set_header         X-NginX-Proxy true;
        proxy_set_header         X-Real-IP $remote_addr;
        proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache              off;
        proxy_max_temp_file_size 0;
        proxy_cache_use_stale    error timeout invalid_header updating
                                 http_500 http_502 http_503 http_504;
    }

    location ~* \.(js|css)$ {
        proxy_pass               https://127.0.0.1;
        proxy_redirect           off;
        proxy_http_version       1.1;
        proxy_set_header         Host $http_host;
        proxy_set_header         Upgrade $http_upgrade;
        proxy_set_header         Connection "upgrade";
        proxy_set_header         X-NginX-Proxy true;
        proxy_set_header         X-Real-IP $remote_addr;
        proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache              www_443_style;
        proxy_cache_valid        200 7d;
        proxy_max_temp_file_size 0;
        proxy_cache_use_stale    error timeout invalid_header updating
                                 http_500 http_502 http_503 http_504;
        expires 7d;
    }

    location ~* \.(ico|jpg|jpeg|gif|png|bmp|swf|flv)$ {
        proxy_pass               https://127.0.0.1;
        proxy_redirect           off;
        proxy_http_version       1.1;
        proxy_set_header         Host $http_host;
        proxy_set_header         Upgrade $http_upgrade;
        proxy_set_header         Connection "upgrade";
        proxy_set_header         X-NginX-Proxy true;
        proxy_set_header         X-Real-IP $remote_addr;
        proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache              www_443_staice;
        proxy_cache_valid        200 30d;
        proxy_max_temp_file_size 0;
        proxy_cache_use_stale    error timeout invalid_header updating
                                 http_500 http_502 http_503 http_504;
	expires 30d;
    }

}

server {
    listen 127.0.0.1:443;
    server_name www.cmdschool.org;

    ssl on;
    ssl_certificate 1_www.cmdschool.org_bundle.crt;
    ssl_certificate_key 2_www.cmdschool.org.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    set_real_ip_from 127.0.0.1;
    real_ip_header X-Real-IP;

    location / {
        root   /var/www/www.cmdschool.org;
        client_max_body_size 500m;
        index  index.php;
    }

    #...
}

以上需要注意的是,
– “#…”表示省略的配置
– 配置使用127.0.0.1作为WordPress站点倾听地址
– 配置使用网卡地址(网卡地址是私网地址与公网地址为NAT映射关系)作为Nginx反向代理的倾听地址
– 以上配置亦适用于非单机的Nginx反向代理与WordPress(上下游关系)的环境
根据以上配置的需要,我们应当手动创建以下缓存目录,

mkdir -p /data/nginxCache
chown nginx:nginx -R /data/nginxCache

2.2.2 测试配置文件

nginx -t

2.2.3 重载使配置生效

systemctl reload nginx.service

参阅文档
======================

如何向后端传递反向代理的登录cookie
———————
https://www.shusite.com/server/2909.html

没有评论

发表评论

Reverse Proxy
如何解决病毒网关不能上传问题?

1 前言 一个问题,一篇文章,一出故事。 笔者生产环境的病毒网关遇到上传文件过大报500错误,关于病 …

WordPress
如何安装WordPress的百度统计?

1 前言 一个问题,一篇文章,一出故事。 笔者的WordPress想要安装Baidu统计,于是整理此 …

Nginx
如何实现Nginx的TCP反向代理?

1 前言 笔者最近需要代理内网一台TCP协议的服务,于是想到用Nginx实现。 2 最佳实践 2.1 …