WordPressの設定

Tags:

Nginx

全体の設定

/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 65535;
        multi_accept on;
        use epoll;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        ##
        # PHP-FPM
        ##

        upstream phpfpm {
                server unix:/run/php/php7.2-fpm.sock;
        }
        fastcgi_cache_path      /usr/local/nginx/cache levels=1:2 keys_zone=wpcache:10m max_size=50M inactive=30m;
}

/etc/nginx/conf.d/wp.conf

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com;
}



server {
    listen 443;
    server_name example.com;
    root /var/www/wordpress;
    index index.php;
    client_max_body_size 10M;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt { access_log off; log_not_found off; }
    location = /apple-touch-icon.png { access_log off; log_not_found off; }
    location = /apple-touch-icon-precomposed.png { access_log off; log_not_found off; }
    location ~ /\. { deny all; access_log off; log_not_found off; }
    location ^~ /wp-config.php { deny all; }

    location ~ \.php$ {
        set $do_not_cache 0;
        if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
            set $do_not_cache 1;
        }

        if ($request_method = POST) {
            set $do_not_cache 1;
        }

        if ($request_uri ~ "^/sslcontent/?$") {
            set $do_not_cache 1;
        }

        fastcgi_pass phpfpm;
        fastcgi_cache wpcache;
        fastcgi_cache_key "$scheme://$host$request_uri$request_method";
        fastcgi_cache_valid 200 5m;
        fastcgi_cache_valid 404 1m;
        # when $do_not_cache = 1, disable 'fastcgi cache'
        fastcgi_cache_bypass $do_not_cache;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~* /wp-(content|admin|includes) {
        index index.php index.html index.htm;

        if ($request_filename ~* .*\.(xml|gz)) {
            break;
            expires 1d;
        }

        if ($request_filename ~* .*\.(txt|html?|js|css|swf)) {
            break;
            expires 30d;
        }

        if ($request_filename ~* .*\.(ico|jpe?g|gif|png|wmv|flv|mpg|gz)) {
            break;
            expires 365d;
        }
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location /dev/ {
        proxy_pass http://192.168.200.5/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;
}

MariaDB

/etc/mysql/mariadb.conf.d/50-server.cnf


[server]



[mysqld]
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
bind-address            = 127.0.0.1
key_buffer_size         = 16M
max_allowed_packet      = 16M
thread_stack            = 192K
thread_cache_size       = 8
myisam_recover_options  = BACKUP
log_error = /var/log/mysql/error.log
expire_logs_days        = 10
max_binlog_size   = 100M
character-set-server  = utf8mb4
collation-server      = utf8mb4_general_ci

query_cache_type=0
query_cache_size=0
query_cache_limit=1M
tmp_table_size=32M
max_heap_table_size=32M
performance_schema=ON

[embedded]

[mariadb]

[mariadb-10.1]

PHP-FPM

/etc/php/7.2/fpm/pool.d/www.conf

[www]
user = www-data
group = www-data
listen = /run/php/php7.2-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.backlog = -1
pm = dynamic
pm.max_children = 7
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

; pm = static
; pm.max_children = 5
; pm.start_servers = 5
; pm.min_spare_servers = 5
; pm.max_spare_servers = 35
; slowlog = /var/log/php7.2-fpm-slow.log
; request_slowlog_timeout = 1s

ファイルディスクリプタ

/etc/security/limits.conf

* soft nofile 4096
* hard nofile 4096

SystemdのServiceファイルで編集したほうがよい.

systemdで管理しているserviceがopenできるfile descriptorの上限数を増やす - その手の平は尻もつかめるさ

LimitNOFILE=4096

カーネルパラメータ

/etc/sysctl.conf

net.core.somaxconn=1024

変更の反映には以下のコマンドを実行する.

sudo sysctl -p