From 46994eb9f328e835e1a0a2ae491d3532ce9e299b Mon Sep 17 00:00:00 2001 From: Ashley Rich Date: Mon, 23 Nov 2015 12:08:41 +0000 Subject: [PATCH] Inline documentation improvements --- global/limits.conf | 2 ++ global/server/defaults.conf | 3 +++ global/server/multisite-subdirectory.conf | 2 +- global/server/security.conf | 3 +++ global/server/ssl.conf | 3 +++ nginx.conf | 5 +++-- sites-available/default | 2 ++ sites-available/fastcgi-cache.com | 4 ++-- sites-available/multisite-subdirectory.com | 2 +- sites-available/multisite-subdomain.com | 2 +- sites-available/singlesite.com | 2 +- sites-available/ssl.com | 2 +- 12 files changed, 23 insertions(+), 9 deletions(-) diff --git a/global/limits.conf b/global/limits.conf index 6284df7..bb302cd 100644 --- a/global/limits.conf +++ b/global/limits.conf @@ -12,4 +12,6 @@ send_timeout 30; # Set the maximum allowed size of client request body. This should be set # to the value of files sizes you wish to upload to the WordPress Media Library. +# You may also need to change the values `upload_max_filesize` and `post_max_size` within +# your php.ini for the changes to apply. client_max_body_size 64m; \ No newline at end of file diff --git a/global/server/defaults.conf b/global/server/defaults.conf index 2cc5d19..2cad123 100644 --- a/global/server/defaults.conf +++ b/global/server/defaults.conf @@ -1,3 +1,6 @@ +# Should be included for most sites, as contains sensible defaults +# for file exclusions, security and static file caching. + # Exclusions include global/server/exclusions.conf; diff --git a/global/server/multisite-subdirectory.conf b/global/server/multisite-subdirectory.conf index 783d658..3d960f3 100644 --- a/global/server/multisite-subdirectory.conf +++ b/global/server/multisite-subdirectory.conf @@ -1,4 +1,4 @@ -# Rewrite multisite '.../wp-.*' and '.../*.php'. +# Rewrite requests to `/wp-.*` on subdirectory installs. if (!-e $request_filename) { rewrite /wp-admin$ $scheme://$host$uri/ permanent; rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last; diff --git a/global/server/security.conf b/global/server/security.conf index f05d178..9b7d487 100644 --- a/global/server/security.conf +++ b/global/server/security.conf @@ -1,3 +1,6 @@ +# Generic security enhancements. Use https://securityheaders.io to test +# and recommend further improvements. + # Hide Nginx version in error messages and reponse headers. server_tokens off; diff --git a/global/server/ssl.conf b/global/server/ssl.conf index 341ed45..db7cb2b 100644 --- a/global/server/ssl.conf +++ b/global/server/ssl.conf @@ -1,3 +1,6 @@ +# Generic SSL enhancements. Use https://www.ssllabs.com/ssltest/ to test +# and recommend further improvements. + # Don't use outdated SSLv3 protocol. Protects against BEAST and POODLE attacks. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; diff --git a/nginx.conf b/nginx.conf index b10a170..0d45556 100644 --- a/nginx.conf +++ b/nginx.conf @@ -13,10 +13,11 @@ worker_rlimit_nofile 8192; pid /run/nginx.pid; events { - # Set the maximum number of connection each worker process can open + # Set the maximum number of connection each worker process can open. Anything higher than this + # will require Unix optimisations. worker_connections 8000; - # Accept all new connections at a time + # Accept all new connections as they're opened. multi_accept on; } diff --git a/sites-available/default b/sites-available/default index cac06be..61a91eb 100644 --- a/sites-available/default +++ b/sites-available/default @@ -1,3 +1,5 @@ +# Catch-all server block, resulting in a 444 response for unknown domains. + server { listen 80 default_server; server_name _; diff --git a/sites-available/fastcgi-cache.com b/sites-available/fastcgi-cache.com index 7c710b1..4974a0e 100644 --- a/sites-available/fastcgi-cache.com +++ b/sites-available/fastcgi-cache.com @@ -1,4 +1,4 @@ -# Define path to cache and memory zone. +# Define path to cache and memory zone. The memory zone should be unique. # keys_zone=fastcgi-cache.com:100m creates the memory zone and sets the maximum size in MBs. # inactive=60m will remove cached items that haven't been accessed for 60 minutes or more. fastcgi_cache_path /sites/fastcgi-cache.com/cache levels=1:2 keys_zone=fastcgi-cache.com:100m inactive=60m; @@ -16,7 +16,7 @@ server { # File to be used as index index index.php; - # Overrides logs defined in global/logs.conf, allows per site logs. + # Overrides logs defined in nginx.conf, allows per site logs. access_log /sites/fastcgi-cache.com/logs/access.log; error_log /sites/fastcgi-cache.com/logs/error.log; diff --git a/sites-available/multisite-subdirectory.com b/sites-available/multisite-subdirectory.com index faeee48..f5eb241 100644 --- a/sites-available/multisite-subdirectory.com +++ b/sites-available/multisite-subdirectory.com @@ -11,7 +11,7 @@ server { # File to be used as index index index.php; - # Overrides logs defined in global/logs.conf, allows per site logs. + # Overrides logs defined in nginx.conf, allows per site logs. access_log /sites/multisite-subdirectory.com/logs/access.log; error_log /sites/multisite-subdirectory.com/logs/error.log; diff --git a/sites-available/multisite-subdomain.com b/sites-available/multisite-subdomain.com index d121459..ef66fbc 100644 --- a/sites-available/multisite-subdomain.com +++ b/sites-available/multisite-subdomain.com @@ -11,7 +11,7 @@ server { # File to be used as index index index.php; - # Overrides logs defined in global/logs.conf, allows per site logs. + # Overrides logs defined in nginx.conf, allows per site logs. access_log /sites/multisite-subdomain.com/logs/access.log; error_log /sites/multisite-subdomain.com/logs/error.log; diff --git a/sites-available/singlesite.com b/sites-available/singlesite.com index 7dfb538..3617655 100644 --- a/sites-available/singlesite.com +++ b/sites-available/singlesite.com @@ -11,7 +11,7 @@ server { # File to be used as index index index.php; - # Overrides logs defined in global/logs.conf, allows per site logs. + # Overrides logs defined in nginx.conf, allows per site logs. access_log /sites/singlesite.com/logs/access.log; error_log /sites/singlesite.com/logs/error.log; diff --git a/sites-available/ssl.com b/sites-available/ssl.com index 21a8a15..43b132e 100644 --- a/sites-available/ssl.com +++ b/sites-available/ssl.com @@ -16,7 +16,7 @@ server { # File to be used as index index index.php; - # Overrides logs defined in global/logs.conf, allows per site logs. + # Overrides logs defined in nginx.conf, allows per site logs. access_log /sites/ssl.com/logs/access.log; error_log /sites/ssl.com/logs/error.log;