Scripts - Part 1 - Nginx Configuration Files

openec2 Article Description

Scripts – Part 1 – Nginx Configuration Files

Optional .conf files for Nginx

inc.conf

cd /etc/nginx

[Replace XXX.XXX.XXX.XXX with your own PC’s broadband static IP address, or remove the stanza]

vi inc.conf

location ~ ^/(wp-admin|wp-login\.php)$ {
allow XXX.XXX.XXX.XXX;
deny all;
}

# Refer to https://gist.github.com/nfsarmento/57db5abba08b315b67f174cd178bea88
# Disable logging for favicon

location = /favicon.ico {
try_files /favicon.ico @empty;
access_log off;
log_not_found off;
expires max;
}

location @empty {
empty_gif;
}

# Enable Rewrite Rules for Yoast SEO SiteMap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

location ~* .(sh)$ {
return 444;
}
location ~* /(wp-config.php|readme.html|license.txt|nginx.conf) {
deny all;
}
# Disallow php in upload folder and add webp rewrite
location /wp-content/uploads/ {
location ~ \.php$ {
#Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}
# nginx block xmlrpc.php requests
location /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
return 444;
}

# block access to install.php and upgrade.php
location ^~ /wp-admin/install.php {
deny all;
allow 144.6.125.35;
error_page 403 =404 / ;
}

location ^~ /wp-admin/upgrade.php {
deny all;
allow 144.6.125.35;
error_page 403 =404 / ;
}

#Deny access to wp-content folders for suspicious files
location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)\$ {
deny all;
}

# Stop scann for the follow files on plugins folder
location ~* ^/wp-content/plugins/.+\.(txt|log|md)$ {
deny all;
error_page 403 =404 / ;
}

# Stop scann for the follow files on themes folder
location ~* ^/wp-content/themes/.+\.(txt|log|md)$ {
deny all;
error_page 403 =404 / ;
}
# Deny access to uploads that aren’t images, videos, music, etc. (js is still needed in Avada)
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|swf)$ {
deny all;
}

#This module will allow us to pattern match certain key files and inject random text in the files that
# is non-destructive / non-invasive and will most importantly alter the md5sum calculated on such files. All transparent to WPScan.
location ~* ^/(license.txt|wp-includes/(.*)/.+\.(js|css)|wp-admin/(.*)/.+\.(js|css))$ {
sub_filter_types text/css text/javascript text/plain;
sub_filter_once on;
sub_filter ‘;’ ‘; /* $msec */ ‘;
}

#Direct PHP File Access
#If somehow, a hacker successfully sneaks in a PHP file onto your site,
#they’ll be able to run this file by loading file which effectively becomes a backdoor to infiltrate your site.
location ~* /(?:uploads|wp-content|wp-includes)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
# Similar to PHP file, a dotfile like .htaccess, .user.ini, and .git may contain sensitive information.
# To be on the safer side, it’s better to disable direct access to these files.
location ~ /\.(svn|git)/* {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.user.ini {
deny all;
access_log off;
log_not_found off;
}

# Deny backup extensions & log files
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
deny all;
access_log off;
log_not_found off;
}

#WordFence
location ~ \.user\.ini$ {
deny all;
}
# WordPress: deny wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
deny all;
}

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
deny all;
}

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(curl|heic|swf|tiff|rss|atom|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires 30d;
}

# Web fonts send expires headers
location ~* \.(?:eot|otf|ttf|woff|woff2)$ {
expires 30d;
access_log off;
add_header Cache-Control “public”;
}

# SVGs & MP4 WEBM send expires headers – this rule is set specific to ns site
location ~* \.(?:svg|svgz|mp4|webm)$ {
expires 30d;
access_log off;
add_header Cache-Control “public”;
}
# Media: images, icons, video, audio send expires headers.
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|aac|m4a|mp3|ogg|ogv|webp)$ {
expires 30d;
access_log off;
add_header Cache-Control “public”;
}

# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
add_header “Access-Control-Allow-Origin” “*”;
access_log off;
log_not_found off;
expires 30d;
}

# CSS and Javascript send expires headers.
location ~* \.(?:css|js)$ {
expires 30d;
access_log off;
add_header Cache-Control “public”;
}

# HTML send expires headers.
location ~* \.(html)$ {
expires 7d;
access_log off;
add_header Cache-Control “public”;
}

# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* “/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)” {
deny all;
}

# Deny backup extensions & log files and return 403 forbidden
location ~* “\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$” {
deny all;
}

[save and exit]

db.conf

cd /etc/nginx

vi db.conf

# common nginx configuration to block sql injection and other attacks
# DISABLE THIS INCLUDES FILE FOR UPDATING PHPMYADMIN CONTENT
location ~* “(eval\()” {
deny all;
}
location ~* “(127\.0\.0\.1)” {
deny all;
}
location ~* “([a-z0-9]{2000})” {
deny all;
}
location ~* “(javascript\:)(.*)(\;)” {
deny all;
}

location ~* “(base64_encode)(.*)(\()” {
deny all;
}
location ~* “(GLOBALS|REQUEST)(=|\[|%)” {
deny all;
}
location ~* “(<|%3C).*script.*(>|%3)” {
deny all;
}
location ~ “(\\|\.\.\.|\.\./|~|`|<|>|\|)” {
deny all;
}
location ~* “(boot\.ini|etc/passwd|self/environ)” {
deny all;
}
location ~* “(thumbs?(_editor|open)?|tim(thumb)?)\.php” {
deny all;
}
location ~* “(\’|\”)(.*)(drop|insert|md5|select|union)” {
deny all;
}
location ~* “(https?|ftp|php):/” {
deny all;
}
location ~* “(=\\\’|=\\%27|/\\\’/?)\.” {
deny all;
}
location ~ “(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\”\\\”)” {
deny all;
}
location ~ “(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)” {
deny all;
}
location ~* “/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)” {
deny all;
}

location ~* “(&pws=0|_vti_|$null$|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)” {
deny all;
}
location ~* “/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|settings|configuration)\.php” {
deny all;
}

[save and exit]

w3tc.conf

cd /etc/nginx

vi w3tc.conf

# BEGIN W3TC Minify cache
location ~ /wp-content/cache/minify/.*js_gzip$ {
gzip off;
types {}
default_type application/x-javascript;
add_header Content-Encoding gzip;
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma “public”;
add_header Cache-Control “public”;
add_header X-Powered-By “W3 Total Cache/2.7.1”;
add_header Referrer-Policy “no-referrer-when-downgrade”;
add_header Vary “Accept-Encoding”;
}
location ~ /wp-content/cache/minify/.*css_gzip$ {
gzip off;
types {}
default_type text/css;
add_header Content-Encoding gzip;
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma “public”;
add_header Cache-Control “public”;
add_header X-Powered-By “W3 Total Cache/2.7.1”;
add_header Referrer-Policy “no-referrer-when-downgrade”;
add_header Vary “Accept-Encoding”;
}
# END W3TC Minify cache
# BEGIN W3TC Page Cache cache
location ~ /wp-content/cache/page_enhanced.*gzip$ {
gzip off;
types {}
default_type text/html;
add_header Content-Encoding gzip;
expires 3600s;
etag on;
if_modified_since exact;
add_header Pragma “public”;
add_header Cache-Control “public”;
add_header X-Powered-By “W3 Total Cache/2.7.1”;
add_header Referrer-Policy “no-referrer-when-downgrade”;
}
# END W3TC Page Cache cache
# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext text/plain text/xsd text/xsl text/xml image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon application/json application/vnd.ms-access video/webm application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint image/svg+xml application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel;
location ~ \.(css|htc|less|js|js2|js3|js4)$ {
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma “public”;
add_header Cache-Control “public”;
add_header X-Powered-By “W3 Total Cache/2.7.1”;
add_header Referrer-Policy “no-referrer-when-downgrade”;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$ {
expires 3600s;
etag on;
if_modified_since exact;
add_header Pragma “public”;
add_header Cache-Control “public”;
add_header X-Powered-By “W3 Total Cache/2.7.1”;
add_header Referrer-Policy “no-referrer-when-downgrade”;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|avif|avifs|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
etag on;
if_modified_since exact;
add_header Pragma “public”;
add_header Cache-Control “public”;
add_header X-Powered-By “W3 Total Cache/2.7.1”;
add_header Referrer-Policy “no-referrer-when-downgrade”;
try_files $uri $uri/ /index.php?$args;
}
add_header Referrer-Policy “no-referrer-when-downgrade”;
# END W3TC Browser Cache
# BEGIN W3TC Minify core
set $w3tc_enc “”;
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc _gzip;
}
if (-f $request_filename$w3tc_enc) {
rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/wp-content/cache/minify/ /index.php last;
# END W3TC Minify core
# BEGIN W3TC Page Cache core
set $w3tc_query_string $query_string;
if ($w3tc_query_string ~* “^(.*?&|)_branch_match_id(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)_bta_c(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)_bta_tid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)_ga(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)_gl(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)_ke(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)adgroupid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)adid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)age\-verified(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)ao_noptimize(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)campaignid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)campid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)cn\-reloaded(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)customid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)dm_i(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)ef_id(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)epik(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)fb_action_ids(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)fb_action_types(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)fb_source(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)fbclid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)gclid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)gclsrc(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)gdffi(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)gdfms(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)gdftrk(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_acc(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_ad(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_cam(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_grp(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_kw(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_mt(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_net(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_src(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_tgt(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)hsa_ver(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)igshid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_campaign(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_cid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_content(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_group(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_keyword(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_medium(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_placement(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)matomo_source(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mc_cid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mc_eid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mkcid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mkevt(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mkrid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mkwid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)msclkid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_campaign(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_cid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_content(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_group(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_keyword(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_medium(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_placement(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)mtm_source(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pcrid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)piwik_campaign(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)piwik_keyword(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)piwik_kwd(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_campaign(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_cid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_content(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_keyword(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_kwd(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_medium(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pk_source(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)pp(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)redirect_log_mongo_id(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)redirect_mongo_id(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)ref(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)s_kwcid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)sb_referer_host(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)si(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)sscid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)toolid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)trk_contact(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)trk_module(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)trk_msg(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)trk_sid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)usqp(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_campaign(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_content(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_expid(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_id(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_medium(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_source(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* “^(.*?&|)utm_term(=[^&]*)?(&.*|)$”) {
set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~ ^[?&]+$) {
set $w3tc_query_string “”;
}
set $w3tc_request_uri $request_uri;
if ($w3tc_request_uri ~* “^([^?]+)\?”) {
set $w3tc_request_uri $1;
}
set $w3tc_rewrite 1;
if ($request_method = POST) {
set $w3tc_rewrite 0;
}
if ($w3tc_query_string != “”) {
set $w3tc_rewrite 0;
}
set $w3tc_slash “”;
if ($w3tc_request_uri ~ \/$) {
set $w3tc_slash _slash;
}
if ($http_cookie ~* “(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle)”) {
set $w3tc_rewrite 0;
}
set $w3tc_preview “”;
if ($http_cookie ~* “(w3tc_preview)”) {
set $w3tc_preview _preview;
}
set $w3tc_ssl “”;
if ($scheme = https) {
set $w3tc_ssl _ssl;
}
if ($http_x_forwarded_proto = ‘https’) {
set $w3tc_ssl _ssl;
}
set $w3tc_enc “”;
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc _gzip;
}
if (!-f “$document_root/wp-content/cache/page_enhanced/$http_host/$w3tc_request_uri/_index$w3tc_slash$w3tc_ssl$w3tc_preview.html$w3tc_enc”) {
set $w3tc_rewrite 0;
}
if ($w3tc_rewrite = 1) {
rewrite .* “/wp-content/cache/page_enhanced/$http_host/$w3tc_request_uri/_index$w3tc_slash$w3tc_ssl$w3tc_preview.html$w3tc_enc” last;
}
# END W3TC Page Cache core

[save and exit]

wpsuper.conf

cd /etc/nginx

vi wpsuper.conf

# WP Super Cache rules.
# Designed to be included from a ‘wordpress-ms-…’ configuration file.

set $cache_uri $request_uri;

# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri ‘null cache’;
}

if ($query_string != “”) {
set $cache_uri ‘null cache’;
}

# Don’t cache uris containing the following segments
if ($request_uri ~* “(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)”) {
set $cache_uri ‘null cache’;
}

# Don’t use the cache for logged in users or recent commenters
if ($http_cookie ~* “comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in”) {
set $cache_uri ‘null cache’;
}

# START MOBILE
# Mobile browsers section to server them non-cached version. COMMENTED by default as most modern wordpress themes including twenty-eleven are responsive. Uncomment config lines in this section if you want to use a plugin like WP-Touch
# if ($http_x_wap_profile) {
# set $cache_uri ‘null cache’;
#}

#if ($http_profile) {
# set $cache_uri ‘null cache’;
#}

#if ($http_user_agent ~* (2.0\ MMP|240×320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800)) {
# set $cache_uri ‘null cache’;
#}

#if ($http_user_agent ~* (w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-)) {
# set $cache_uri ‘null cache’;
#}
#END MOBILE

# Use cached or actual file if they exists, otherwise pass request to WordPress
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args ;
}

[save and exit]

Additional Notes on SSL and DNS Records

Scripts – Part 1 – Nginx Configuration Files

openec2 Article Description