limit_req_zone $binary_remote_addr zone=wp_limit:10m rate=20r/s; server { listen 80; server_name goodwalk.co.nz www.goodwalk.co.nz; location /.well-known/acme-challenge/ { root /var/www/certbot; try_files $uri =404; } location / { return 301 https://www.goodwalk.co.nz$request_uri; } } server { listen 443 ssl; server_name goodwalk.co.nz; ssl_certificate /etc/letsencrypt/live/goodwalk.co.nz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/goodwalk.co.nz/privkey.pem; return 301 https://www.goodwalk.co.nz$request_uri; } server { listen 443 ssl; server_name www.goodwalk.co.nz; ssl_certificate /etc/letsencrypt/live/goodwalk.co.nz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/goodwalk.co.nz/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_session_tickets off; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options SAMEORIGIN always; add_header X-Content-Type-Options nosniff always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss image/svg+xml; root /var/www/html; index index.php; location ~* /\.(git|env|htaccess) { deny all; } location = /xmlrpc.php { deny all; } location = /wp-login.php { limit_req zone=wp_limit burst=5 nodelay; fastcgi_pass wp_goodwalk_co_nz:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTP_HOST $host; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { fastcgi_pass wp_goodwalk_co_nz:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTP_HOST $host; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; add_header Access-Control-Allow-Origin "*"; log_not_found off; } }