The Nginx configuration to better handle wp and larvel as backend setup. Here are the key changes and improvements:
- Main Changes:
- Improved the Laravel backend location block using
^~modifier to ensure priority - Changed the Laravel root to use
aliasinstead ofrootdirective - Updated the try_files directive for Laravel to use
$query_string - Properly separated WordPress and Laravel paths
- Key Features:
- SSL/HTTPS enforcement
- HTTP/2 enabled, HTTP/3 disabled as specified
- Static file caching and CORS headers
- Security measures (blocking sensitive files)
- Separate handling for WordPress and Laravel applications
- Structure:
- First server block (ports 80/443): Handles main traffic, SSL, and routing
- Second server block (port 8080): Handles WordPress backend processing
- Paths:
- WordPress site: served at root (/)
- Laravel admin: served at /backend
- Both applications are completely separate as requested
Important considerations:
- Make sure your directory structure matches:
/home/your-user/htdocs/yourdomain.com/
├── wordpress_files (for main site)
└── backend/
└── public/ (Laravel public directory)
- Verify that the following placeholders are properly set in your server configuration:
- {{root}}
- {{php_fpm_port}}
- {{php_settings}}
- {{ssl_certificate}}
- {{ssl_certificate_key}}
- {{varnish_proxy_pass}}
- The configuration assumes Varnish is being used for the WordPress site (due to the varnish_proxy_pass directive).
server {
listen 80;
listen [::]:80;
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 off;
{{ssl_certificate_key}}
{{ssl_certificate}}
server_name test-wp.hhf.technology;
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
# Force HTTPS
if ($scheme != "https") {
rewrite ^ https://$host$request_uri permanent;
}
# Let's Encrypt verification
location ~ /.well-known {
auth_basic off;
allow all;
}
{{settings}}
# Deny access to .git directories
location ~/\.git {
deny all;
}
location /backoffice {
alias /home/hhf-test-wp/htdocs/test-wp.hhf.technology/backoffice/public;
index index.php index.html;
try_files $uri $uri/ @laravel;
# PHP handling for Laravel
location ~ \.php$ {
if (!-f $request_filename) {
return 404;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 448;
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
fastcgi_index index.php;
}
# Deny access to sensitive files
location ~ /\. {
deny all;
}
}
# Laravel URL Rewriting
location @laravel {
rewrite ^/backoffice/(.*)$ /backoffice/index.php?/$1 last;
}
# WordPress Admin
location ~/(wp-admin/|wp-login.php) {
#auth_basic "Restricted Area";
#auth_basic_user_file /home/site-user/.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
proxy_max_temp_file_size 0;
proxy_connect_timeout 7200;
proxy_send_timeout 7200;
proxy_read_timeout 7200;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
# Main WordPress Site
location / {
{{varnish_proxy_pass}}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Varnish;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_connect_timeout 720;
proxy_send_timeout 720;
proxy_read_timeout 720;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
# Static Files
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
# WordPress Multisite Subdirectory
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 break;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 break;
add_header Access-Control-Allow-Origin "*";
add_header alt-svc 'h3=":443"; ma=86400';
expires max;
access_log off;
}
if (-f $request_filename) {
break;
}
}
# WordPress PHP Processing Server
server {
listen 8080;
listen [::]:8080;
server_name test-wp.hhf.technology;
{{root}}
include /etc/nginx/global_settings;
try_files $uri $uri/ /index.php?$args;
index index.php index.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
# WordPress Multisite Subdirectory
if (!-e $request_filename) {
rewrite /wp-admin$ https://$host$uri permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
if (-f $request_filename) {
break;
}
}