server { listen *:80; server_name matrix.net; return 301 https://$host$request_uri; } server { server_name matrix.net; access_log /n/matrixnet.log main; root /www/matrix.net; try_files $uri $uri/ /index.php$is_args$args; listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/matrix.net/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/matrix.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; index index.php; location ~ ^/wp-content/upload/(.*)\.php$ { return 444; } location ~ ^/wp-content/cache/(.*)\.php$ { return 444; } location = /xmlrpc.php { if ($request_method = POST) { return 444; } fastcgi_pass 127.0.0.1:19315; include fastcgi_params; } if ($query_string != "") { set $cache_uri 'null cache'; } location = /wp-login.php { set $dropconn Y; valid_referers server_names; if ($invalid_referer) { set $dropconn "${dropconn}E" ; } if ($request_method = POST) { set $dropconn "${dropconn}S" ; } if ( $dropconn = YES ) { return 444; } fastcgi_pass 127.0.0.1:19315; fastcgi_buffer_size 32k; fastcgi_buffers 16 16k; fastcgi_busy_buffers_size 32k; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ \.php$ { fastcgi_pass 127.0.0.1:19315; fastcgi_buffer_size 32k; fastcgi_buffers 16 16k; fastcgi_busy_buffers_size 32k; fastcgi_ignore_client_abort on; include fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # For Webrind to build call graph uncomment this: #fastcgi_read_timeout 300; } include static.conf; }