如何用Nginx反向代理WordPress?
- By : Will
- Category : Reverse Proxy, WordPress

Reverse Proxy
1 前言
一个问题,一篇文章,一出故事。
笔者的WordPress安装Google的Site Kit插件,发现核心网页指标不达标,于是想到通过反向代理给网站加速,于是整理此文。
2 最佳实践
2.1 环境配置
如果你尚未部署或熟悉WordPress环境,请先参阅下文部署WordPress环境,
如果你对Nginx反向代理不熟悉,请先参阅以下章节,
另外,本章配置包含向后端传递真实IP的配置,如果你不熟悉建议先参阅以下章节,
2.2 配置WordPress反向代理
2.2.1 修改配置文件
vim /etc/nginx/conf.d/www.cmdschool.org_443.conf
加入如下配置,
proxy_cache_path /data/nginxCache/www_443_style levels=2:2:2 keys_zone=www_443_style:10m inactive=7d max_size=2g; proxy_cache_path /data/nginxCache/www_443_staice levels=2:2:2 keys_zone=www_443_staice:10m inactive=30d max_size=15g; server { listen 10.168.0.80:443; server_name www.cmdschool.org; ssl on; ssl_certificate 1_www.cmdschool.org_bundle.crt; ssl_certificate_key 2_www.cmdschool.org.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_prefer_server_ciphers on; location / { proxy_pass https://127.0.0.1; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache off; proxy_max_temp_file_size 0; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } location ~* \.(js|css)$ { proxy_pass https://127.0.0.1; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache www_443_style; proxy_cache_valid 200 7d; proxy_max_temp_file_size 0; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; expires 7d; } location ~* \.(ico|jpg|jpeg|gif|png|bmp|swf|flv)$ { proxy_pass https://127.0.0.1; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache www_443_staice; proxy_cache_valid 200 30d; proxy_max_temp_file_size 0; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; expires 30d; } } server { listen 127.0.0.1:443; server_name www.cmdschool.org; ssl on; ssl_certificate 1_www.cmdschool.org_bundle.crt; ssl_certificate_key 2_www.cmdschool.org.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_prefer_server_ciphers on; set_real_ip_from 127.0.0.1; real_ip_header X-Real-IP; location / { root /var/www/www.cmdschool.org; client_max_body_size 500m; index index.php; } #... }
以上需要注意的是,
– “#…”表示省略的配置
– 配置使用127.0.0.1作为WordPress站点倾听地址
– 配置使用网卡地址(网卡地址是私网地址与公网地址为NAT映射关系)作为Nginx反向代理的倾听地址
– 以上配置亦适用于非单机的Nginx反向代理与WordPress(上下游关系)的环境
根据以上配置的需要,我们应当手动创建以下缓存目录,
mkdir -p /data/nginxCache chown nginx:nginx -R /data/nginxCache
2.2.2 测试配置文件
nginx -t
2.2.3 重载使配置生效
systemctl reload nginx.service
systemctl reload nginx.service
参阅文档
======================
如何向后端传递反向代理的登录cookie
———————
https://www.shusite.com/server/2909.html
没有评论