WordPress Nginx proxy cache integrator

WordPress Nginx proxy cache integrator

Sample nginx configuration

# The main config file, probably /etc/nginx/nginx.conf
user nginx;
worker_processes  4;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
events {
    #A maximum of 1024 concurrent connections.
    worker_connections  1024;
}
http {
    server_tokens off;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    access_log  /var/log/nginx/access.log;
    client_body_temp_path /var/lib/nginx/body 1 2;
    gzip_buffers 32 8k;
    sendfile        on;
    keepalive_timeout  65;
    tcp_nodelay        on;
    #gzipping lets you serve more requests quicker. 
    gzip  on;
    gzip_types text/html application/javascript text/javascript text/css text/xml application/atom+xml application/xml;
    include /etc/nginx/sites-enabled/*;
}


# And then in the file /etc/nginx/sites-enabled/default
# This file shows you a few ways you can tweak your caching policies by inspecting URLs.
# The most important rule is to leave admin-looking URLs uncached, otherwise you won't be able to log in.
# From there, please feel free to set longer or shorter cache times based on your particular traffic.

# set some parameters: two levels deep for the filesystem
# set the name of the cache to "staticfilecache", giving it a maximum cache time of 3 hours and 500meg in size.
proxy_cache_path  /var/lib/nginx/cache  levels=1:2   keys_zone=staticfilecache:180m  max_size=500m;
proxy_temp_path /var/lib/nginx/proxy;
proxy_connect_timeout 30;
proxy_read_timeout 120;
proxy_send_timeout 120;

#IMPORTANT - this sets the basic cache key that's used in the static file cache.
proxy_cache_key "$scheme://$host$request_uri";

upstream wordpressapache {
        #The upstream apache server. You can have many of these and weight them accordingly,
        #allowing nginx to function as a caching load balancer (oh my. Awesomeness abounds.)
        server 127.0.0.1:8200 weight=1 fail_timeout=120s;
}

server {
        #Only cache 200 responses, and for a default of 20 minutes.
        proxy_cache_valid 200 20m;

        #Listen to your public IP
        listen 111.11.111.111:80;

        #Probably not needed, as the proxy will pass back the host in "proxy_set_header"
        server_name blog.example.org;

        # "combined" matches apache's concept of "combined". Neat.
        access_log  /var/log/apache2/nginx-access.log combined;
        # Set the real IP.
        proxy_set_header X-Real-IP  $remote_addr;

        # Set the hostname
        proxy_set_header Host $host;

        #Set the forwarded-for header.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        location / {
                        # If logged in, don't cache.
                        if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
                                set $do_not_cache 1;
                        }
                        proxy_cache_key "$scheme://$host$request_uri $do_not_cache";
                        proxy_cache staticfilecache;
                        proxy_pass http://wordpressapache;
        }

        location ~* wp\-.*\.php|wp\-admin {
                        # Don't static file cache admin-looking things.
                        proxy_pass http://wordpressapache;
        }

        location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
                        # Cache static-looking files for 120 minutes, setting a 10 day expiry time in the HTTP header,
                        # whether logged in or not (may be too heavy-handed).
                        proxy_cache_valid 200 120m;
                        expires 864000;
                        proxy_pass http://wordpressapache;
                        proxy_cache staticfilecache;
        }

        location ~* \/[^\/]+\/(feed|\.xml)\/? {
                        # Cache RSS looking feeds for 45 minutes unless logged in.
                        if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
                                set $do_not_cache 1;
                        }
                        proxy_cache_key "$scheme://$host$request_uri $do_not_cache";
                        proxy_cache_valid 200 45m;
                        proxy_cache staticfilecache;
                        proxy_pass http://wordpressapache;
        }

        location = /50x.html {
                root   /var/www/nginx-default;
        }

        # No access to .htaccess files.
        location ~ /\.ht {
                deny  all;
        }
}

And a sample apache configuration

########## Backend Apache
# This apache only listens on localhost to port 8200.
# It also has php and mod_rpaf installed. It does not gzip/deflate or access.log. It *Does* error log.
# Basically, your backend apache is fairly normal. You should disable keepalive too by setting
# Keepalive Off
# in your main config.
# mod_rpaf allows your backend apache to see the real IP address of the request, instead of the address of 
# your frontend proxy.

<VirtualHost 127.0.0.1:8200>
        ServerName blog.example.org
        RewriteEngine on
        DocumentRoot /home/wp/wordpress/
        ServerAdmin you@example.com

    #block POSTS without referrers. 
        RewriteCond %{REQUEST_METHOD} POST
        RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
        RewriteCond %{HTTP_REFERER} !.*blog.example.org.* [OR]
        RewriteCond %{HTTP_USER_AGENT} ^$
        RewriteRule (.*) - [R=403,L]
</VirtualHost>

It's less intimidating than it looks.