146 lines
4.6 KiB
YAML
146 lines
4.6 KiB
YAML
apiVersion: v1
|
||
kind: ConfigMap
|
||
metadata:
|
||
name: {{ include "wordpress-nginx.fullname" . }}-nginx-config
|
||
labels:
|
||
{{- include "wordpress-nginx.labels" . | nindent 4 }}
|
||
data:
|
||
default.conf: |
|
||
upstream php {
|
||
server 127.0.0.1:9000;
|
||
}
|
||
|
||
# 実IPアドレスの抽出(X-Forwarded-Forから最初のIPを取得)
|
||
map $http_x_forwarded_for $real_ip {
|
||
~^(\d+\.\d+\.\d+\.\d+) $1;
|
||
default $remote_addr;
|
||
}
|
||
|
||
# HTTPSプロトコルの判定
|
||
map $http_x_forwarded_proto $fastcgi_https {
|
||
default '';
|
||
https on;
|
||
}
|
||
|
||
server {
|
||
listen 80;
|
||
server_name _;
|
||
|
||
root /var/www/html;
|
||
index index.php index.html;
|
||
|
||
access_log /var/log/nginx/access.log;
|
||
error_log /var/log/nginx/error.log;
|
||
|
||
client_max_body_size 64M;
|
||
|
||
# 信頼できるプロキシからのX-Forwarded-Forヘッダーを使用
|
||
real_ip_header X-Forwarded-For;
|
||
set_real_ip_from 10.0.0.0/8;
|
||
set_real_ip_from 172.16.0.0/12;
|
||
set_real_ip_from 192.168.0.0/16;
|
||
real_ip_recursive on;
|
||
|
||
location = /favicon.ico {
|
||
log_not_found off;
|
||
access_log off;
|
||
}
|
||
|
||
location = /robots.txt {
|
||
allow all;
|
||
log_not_found off;
|
||
access_log off;
|
||
}
|
||
|
||
# wp-adminディレクトリへのアクセス処理(重要)
|
||
location /wp-admin {
|
||
# wp-adminへのアクセスは必ず末尾スラッシュにリダイレクト
|
||
rewrite ^(/wp-admin)$ $1/ permanent;
|
||
|
||
# wp-admin内のファイルを処理
|
||
try_files $uri $uri/ /wp-admin/index.php?$args;
|
||
}
|
||
|
||
# wp-includesディレクトリ(静的ファイル優先)
|
||
location /wp-includes {
|
||
try_files $uri $uri/ =404;
|
||
}
|
||
|
||
# wp-contentディレクトリ(静的ファイル優先)
|
||
location /wp-content {
|
||
try_files $uri $uri/ =404;
|
||
}
|
||
|
||
# PHPファイルの処理(最も重要)
|
||
location ~ \.php$ {
|
||
# セキュリティ: cgi.fix_pathinfo=0 の代替
|
||
try_files $uri =404;
|
||
|
||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||
fastcgi_pass 127.0.0.1:9000;
|
||
fastcgi_index index.php;
|
||
|
||
# FastCGIパラメータの読み込み
|
||
include fastcgi_params;
|
||
|
||
# 基本的なFastCGIパラメータ
|
||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
||
|
||
# HTTPS対応(重要: WordPressのis_ssl()判定に必要)
|
||
fastcgi_param HTTPS $fastcgi_https if_not_empty;
|
||
|
||
# プロキシ経由のリクエスト情報をPHPに伝える
|
||
fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
|
||
fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for;
|
||
fastcgi_param HTTP_X_REAL_IP $real_ip;
|
||
fastcgi_param REMOTE_ADDR $real_ip;
|
||
|
||
# タイムアウト設定
|
||
fastcgi_read_timeout 300;
|
||
fastcgi_send_timeout 300;
|
||
fastcgi_connect_timeout 300;
|
||
|
||
# バッファ設定
|
||
fastcgi_buffers 16 16k;
|
||
fastcgi_buffer_size 32k;
|
||
}
|
||
|
||
# WordPressのパーマリンク対応(メインロケーション)
|
||
location / {
|
||
# 存在するファイル/ディレクトリ → そのまま配信
|
||
# 存在しない → index.phpで処理(WordPressルーティング)
|
||
try_files $uri $uri/ /index.php?$args;
|
||
}
|
||
|
||
# 静的ファイルのキャッシュ
|
||
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|otf)$ {
|
||
expires 1y;
|
||
add_header Cache-Control "public, immutable";
|
||
log_not_found off;
|
||
access_log off;
|
||
}
|
||
|
||
# wp-config.phpへの直接アクセス拒否
|
||
location ~* /wp-config\.php {
|
||
deny all;
|
||
}
|
||
|
||
# 隠しファイルへのアクセス拒否
|
||
location ~ /\. {
|
||
deny all;
|
||
access_log off;
|
||
log_not_found off;
|
||
}
|
||
|
||
# readme.html等の情報漏洩防止
|
||
location ~* ^/(readme|license)\.(html|txt)$ {
|
||
deny all;
|
||
}
|
||
|
||
# XML-RPC DDoS対策(必要に応じてコメント解除)
|
||
# location = /xmlrpc.php {
|
||
# deny all;
|
||
# }
|
||
} |