server { listen *:80; server_name matrix.net www.matrix.net; access_log /n/matrix.log main; root /www/matrix.net; index index.php index.html; if ($host = 'matrix.net' ) { return 301 http://www.matrix.net$request_uri; } #CloudFlare set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 199.27.128.0/21; real_ip_header CF-Connecting-IP; # Simple anti-DDoS protection, part 2.2a, maximum 8 connections per source IP: limit_conn connsperip 8; # !---- W3C TotalCache block begin ---- set $cache_uri $request_uri; # POST requests and urls with a query string should always go to PHP if ($request_method = POST) { set $cache_uri 'null cache'; } if ($query_string != "") { set $cache_uri 'null cache'; } # Don't cache uris containing the following segments if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { set $cache_uri 'null cache'; } # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") { set $cache_uri 'null cache'; } # Use cached or actual file if they exists, otherwise pass request to WordPress location / { try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args ; } location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ { try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1; } # !---- W3C TotalCache block end ---- location ~ ^/wp-content/upload/(.*)\.php$ { return 444; } location ~ ^/wp-content/cache/(.*)\.php$ { return 444; } location = /xmlrpc.php { if ($request_method = POST) { return 444; } fastcgi_pass 127.0.0.1:29399; # Simple anti-DDoS protection, part 2.2b, maximum 2 requests to PHP scripts per source IP: limit_req zone=reqsperip nodelay; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location = /wp-login.php { set $dropconn Y; valid_referers server_names; if ($invalid_referer) { set $dropconn "${dropconn}E" ; } if ($request_method = POST) { set $dropconn "${dropconn}S" ; } if ( $dropconn = YES ) { return 444; } fastcgi_pass 127.0.0.1:29399; # Simple anti-DDoS protection, part 2.2b, maximum 4 requests to PHP scripts per source IP: limit_req zone=reqsperip burst=4 nodelay; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ \.php$ { fastcgi_pass 127.0.0.1:29399; # Simple anti-DDoS protection, part 2.2b, maximum 12 requests to PHP scripts per source IP: limit_req zone=reqsperip burst=12 nodelay; include fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } include static.conf; }