DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

Wordpress error: Cannot write style-custom.css file
Question
How to set up postfix on nginx server to allow WP send emails through outlook.com aka (mail.live.com) via SMTP with TLS auth?
Question

Question

NGINX | Ubuntu | IP:PORT | WordPress | Multiple VHost | How to Add new Site in this setup?

Ok, I dont know specificly which info to share so I am sharing it all. I followed this guide by DO to setup a wordpress multisite network. Here is the config of my multisite,

server {
	listen 443 ssl;
    server_name siteA.com *.siteA.com  siteB.com www.siteB.com siteC.org www.siteC.org siteD.com www.siteD.com;
    root /var/www;
    index index.php index.html index.htm;
	include /var/www/nginx.conf;
	ssl_certificate /etc/letsencrypt/live/siteA.com-0001/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/siteA.com-0001/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_ciphers 'some texts here';
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security max-age=15768000;
	location ~* .(woff|eot|ttf|svg|mp4|webm|jpg|jpeg|png|gif|ico|css|js|mp3)$ {
    expires 365d;
	}
	location ~ /.well-known {
		allow all;
	}
    location ~*  \.(pdf)$ {
        expires 30d;
    }
    location / {
        try_files $uri $uri/ /index.php?$args ;
    }

    location ~ /favicon.ico {
        access_log off;
        log_not_found off;
    }

    location ~ \.php$ {
        try_files $uri /index.php;
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
    }
	 ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

    ## Block user agents
    set $block_user_agents 0;

    # Don't disable wget if you need it to run cron jobs!
    #if ($http_user_agent ~ "Wget") {
    #    set $block_user_agents 1;
    #}

    # Disable Akeeba Remote Control 2.5 and earlier
    if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
    }

    # Common bandwidth hoggers and hacking tools.
    if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
    }

    if ($block_user_agents = 1) {
        return 403;
    }

    access_log  /var/log/nginx/$host-access.log;
    error_log   /var/log/nginx/wpms-error.log;
}
server {
    listen 80;
    server_name siteA.com *.siteA.com  siteB.com www.siteB.com siteC.org www.siteC.org siteD.com www.siteD.com;
    return 301 https://$host$request_uri;
}

All is good. it is working perfectly. But I want to add another seperated server block and add a site siteE.com to that server block seperately. I made a directory /var/pm and added index.php there. Below is the nginx setting for this new block.

server {
	listen xx.xx.xx.xx:8080;
    server_name siteE.com www.siteE.com;
    root /var/pm;
    index index.php index.html index.htm;
	location ~* .(woff|eot|ttf|svg|mp4|webm|jpg|jpeg|png|gif|ico|css|js|mp3)$ {
    expires 365d;
	}
    location ~*  \.(pdf)$ {
        expires 30d;
    }
    location / {
        try_files $uri $uri/ /index.php?$args ;
    }

    location ~ /favicon.ico {
        access_log off;
        log_not_found off;
    }

    location ~ \.php$ {
        try_files $uri /index.php;
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
    }

    access_log  /var/log/nginx/$host-access.log;
    error_log   /var/log/nginx/pm-error.log;
}

Now I can access this new site by typing IP:port but I cant access it by typing siteE.com it redirects to https://siteE.com which it should not. This domain was added through cloudflare. there is only an A record in cloudflare siteE points to xx.xx.xx.xx (no port here), and the digitalocean>networking>domain has below settings an A record: siteE.com to xx.xx.xx.xx 2 Cname record: *.siteE.com, www.siteE.com are alias of siteE.com 3 of Digitalocean NS added by default.

Subscribe
Share
SykatMay 15, 2017

How I installed let’s encrypt in multisite: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Flamber HansenMay 15, 2017
Accepted Answer

Hi @Sykat

Modify your siteE top configuration to this:

server {
    listen 80;
    server_name siteE.com www.siteE.com;

And restart Nginx with this command sudo service nginx restart.

Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

Wordpress error: Cannot write style-custom.css file
Question
How to set up postfix on nginx server to allow WP send emails through outlook.com aka (mail.live.com) via SMTP with TLS auth?
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up