Wordpress on subdirs

Janowski Marcin Marcin.Janowski at assecobs.pl
Thu Nov 12 10:32:05 UTC 2015 

Hello, I have few wordpress instalations on one vhost:

        location /pl {
                try_files $uri $uri/ /pl/index.php?$args;
        }

        # Add trailing slash to */wp-admin requests.
        rewrite /pl/wp-admin$ $scheme://$host$uri/index.php permanent;

        location /en {
                try_files $uri $uri/ /en/index.php?$args;
        }

        # Add trailing slash to */wp-admin requests.
        rewrite /en/wp-admin$ $scheme://$host$uri/index.php permanent;

        location /dev {
                try_files $uri $uri/ /en/index.php?$args;
        }

        # Add trailing slash to */wp-admin requests.
        rewrite /dev/wp-admin$ $scheme://$host$uri/index.php permanent;

        set $user_login wiki;
        include /etc/nginx/templates.d/wordpress-subdirectory.conf;

File /etc/nginx/templates.d/wordpress-subdirectory.conf has:

location = /favicon.ico {
        log_not_found off;
        access_log off;
}

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
        deny all;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
}

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log off; log_not_found off; expires max;
}

location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
                return 404;
        }
        if ( $wordpress_norun_subdir ) {
                return 403;
        }
        include /etc/nginx/fastcgi_params;
        fastcgi_index index.php;
        fastcgi_pass   unix:/var/run/$user_login.php-fpm.socket;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param REMOTE_USER $remote_user;
}

In location ~ [^/]\.php(/|$) I have:
        if ( $wordpress_norun_subdir ) {
                return 403;
        }
. $wordpress_norun_subdir is map:

map $uri $wordpress_norun {
        default                                 1;

        /index.php                              0;
        /wp-login.php                           0;
        /wp-blog-header.php                     0;
        /wp-cron.php                            0;
        /wp-includes/js/tinymce/wp-mce-help.php 0;
...
        /xmlrpc.php                             0;
        /wp-load.php                            0;
        /wp-settings.php                        0;
        /wp-admin/about.php                     0;
        /wp-admin/admin-ajax.php                0;
        /wp-admin/admin-footer.php              0;
        /wp-admin/admin-functions.php           0;
        /wp-admin/admin-header.php              0;
        /wp-admin/admin.php                     0;
        /wp-admin/admin-post.php                0;
...
}

This map works fine when I run wordpress on root directory, but if I have wordpress in subdir it doesn't. I can change paths in map to: ~/.*/index.php, but this can run files: /index.php, /wp-admin/index.php, /any_hacker_stuff/index.php. Of course, I don't want allow run this last file ;) I thinks I can change location /en to /en(.*) and set $wordpress_path $1; and change $uri to $wordpress_path, but on location /en(.*) wordpress friendly URL don't works.

--
Pozdrawiam,

Marcin Janowski
Specjalista ds. Systemów IT
Centrum Przetwarzania Danych - Lublin
Dział Rozwiązań Systemowych

T: + 48 81 535 30 00, w. 366
e-mail: marcin.janowski at assecobs.pl


________________________________

Powyższa korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do którego jest adresowana i może zawierać informacje o charakterze poufnym lub zastrzeżonym. Nieuprawnione wykorzystanie informacji zawartych w wiadomości e-mail przez osobę lub podmiot nie będący jej adresatem jest zabronione odpowiednimi przepisami prawa. Odbiorca korespondencji, który otrzymał ją omyłkowo, proszony jest o niezwłoczne zawiadomienie nadawcy drogą elektroniczną lub telefonicznie i usunięcie tej treści z poczty elektronicznej. Dziękujemy. Asseco Business Solutions S.A.

________________________________

Weź pod uwagę ochronę środowiska, zanim wydrukujesz ten e-mail.

________________________________

This information is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Unauthorized use of this information by person or entity other than the intended recipient is prohibited by law. If you received this by mistake, please immediately contact the sender by e-mail or by telephone and delete this information from any computer. Thank you. Asseco Business Solutions S.A.

________________________________

Please consider your environmental responsibility before printing this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151112/2298efba/attachment.html>

More information about the nginx mailing list