Configuring nginx for hosting this wordpress site

So after buying a domain and finding a purpose for having that domain I had to reconfigure my web server. Since this system has been reachable through for a long while, I had to rewrite the virtual hosts file. Previously I had never put much thought to really understanding this file and the way it works as I had no visitors anyway (who says that I do now? 😉 ) Nevertheless, it was time to clean the file, get it more coherent and really understand what it is doing. Also because I wanted to have any served login and admin pages on this site served over SSL.

First thing to understand is that nginx works in blocks. More specifically in the virtual hosts file you use server blocks and location blocks. You can choose to either have one server block for the entire server or have separate blocks for http and https, I chose the latter.

server {
    listen 80;
server { 
    listen 443;

Now as both the regular and the https server will be hosting php files, a location directive is needed to ensure the appropriate processing of these files. For nginx, use of fpm is recommended and therefore I decided to go with that setup. Also for sake of speed, the recommendation is to use unix sockets.

location ~ .php$ {
            try_files $uri =404;
            include "fastcgi_params";
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_pass unix:/var/run/php5-fpm.sock;

Last thing to ensure for the normal server is that any pages that require a login are redirected to the https-server, therefore a ‘ 301 error’  is returned in case such specific pages (in this case wordpress login/admin pages) are requested.

location ~ /wp-(admin|login) {            
    return 301 https://$host$request_uri;       

Then came the part of configuring the ssl connection, certificate and processing of the https requests. First we need to create a certificate, as mentioned in my other post I decided to stay with a self-signed certificate for now. Using the following command I created the certificates

openssl req -new -x509 -days 365 -nodes -out <certificate filename> 
-keyout <keyfile filename>


Then all that needed to be done was add the SSL configuration to the virtual hosts file.

    ssl_certificate <REMOVED>;
    ssl_certificate_key <REMOVED>;
    ssl_session_cache <REMOVED>;
    ssl_session_timeout <REMOVED>;
    ssl_dhparam <REMOVED>;
    ssl_prefer_server_ciphers on;
    ssl_protocols <REMOVED>;
    ssl_ciphers <REMOVED>;

and restart the server to enable all. Now both the wordpress login page and admin pages are served over a secure connection while the rest of the blog can be read over a normal connection.

Curious what the full configuration looks like? download it here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.