NGINX Server Configuration Guide

Complete reference for your jazila-traders.com server setup

Server: nginx/1.24.0 (Ubuntu) | jazila-traders.com | PHP 8.4

📋 Server Overview

This document details the NGINX configuration for your WordPress site at jazila-traders.com. Your current setup includes:

Current Status: Your server configuration is correctly handling WordPress URLs and REST API endpoints. The main issues have been with CDN (QUIC.cloud/Cloudflare) communication, not NGINX configuration.

⚙️ Current NGINX Configuration

Your working NGINX configuration file located at /etc/nginx/sites-available/jazila-traders.com:

HTTP to HTTPS Redirect

server {
    listen 80;
    listen [::]:80;
    server_name jazila-traders.com www.jazila-traders.com;
    
    # Redirect all HTTP to HTTPS
    return 301 https://$server_name$request_uri;
}

Main HTTPS Server Block

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name jazila-traders.com www.jazila-traders.com;
    
    # Document root
    root /home/jazila-traders/public_html;
    index index.php index.html index.htm;
    
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/jazila-traders.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jazila-traders.com/privkey.pem;
    
    # SSL Security Settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    
    # Security Headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    
    # WordPress REST API Headers
    add_header Access-Control-Allow-Origin "*" always;
    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
    
    # Gzip Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_comp_level 6;
    gzip_types application/javascript application/json text/css text/html text/plain text/xml;
    
    # CORS preflight handling
    if ($request_method = OPTIONS) {
        return 204;
    }
    
    # Security: Block sensitive files
    location ~* ^/(wp-config\.php|readme\.html|license\.txt|\.git/) {
        deny all;
        return 404;
    }
    
    # Main WordPress rewrite rule (CRITICAL)
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    
    # WordPress REST API optimization
    location ~* ^/wp-json/ {
        fastcgi_read_timeout 60;
        default_type application/json;
        try_files $uri $uri/ /index.php?$args;
    }
    
    # Static files caching
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 365d;
        add_header Cache-Control "public, immutable";
        add_header X-Cache-Enabled "TRUE";
        try_files $uri $uri/ =404;
    }
    
    # PHP handler
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
        fastcgi_connect_timeout 30s;
        fastcgi_send_timeout 30s;
        fastcgi_read_timeout 30s;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param HTTP_X_FORWARDED_PROTO https;
    }
    
    # Block hidden files
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}
✓ Configuration Status: This configuration has been tested and is working correctly for your WordPress site. The REST API endpoint at https://jazila-traders.com/wp-json/ returns HTTP 200.

🔑 Key Configuration Directives Explained

Directive Purpose Why It's Important
try_files $uri $uri/ /index.php?$args; WordPress URL rewriting Makes pretty permalinks and REST API work. Without this, you get 404 errors.
fastcgi_pass unix:/var/run/php/php8.4-fpm.sock; PHP processing Connects NGINX to PHP-FPM for executing PHP files.
ssl_protocols TLSv1.2 TLSv1.3; SSL/TLS protocols Ensures modern, secure encryption for HTTPS connections.
add_header X-Frame-Options "SAMEORIGIN"; Security header Prevents clickjacking attacks by restricting iframe embedding.
expires 365d; Browser caching Tells browsers to cache static files for 1 year, improving load times.

🐛 Troubleshooting Guide

Common Commands

# Test NGINX configuration syntax
sudo nginx -t

# Reload NGINX (apply changes without downtime)
sudo systemctl reload nginx

# Restart NGINX (full restart)
sudo systemctl restart nginx

# Check NGINX error logs
sudo tail -f /var/log/nginx/error.log

# Check access logs
sudo tail -f /var/log/nginx/access.log

# Check if NGINX is running
sudo systemctl status nginx

Common Issues & Solutions

Issue Check Solution
502 Bad Gateway PHP-FPM not running sudo systemctl restart php8.4-fpm
404 for WordPress pages try_files directive missing Ensure location / block has try_files $uri $uri/ /index.php?$args;
SSL not working Certificate path incorrect Verify ssl_certificate and ssl_certificate_key paths
Static files not loading File permissions Check root directory permissions: sudo chown -R www-data:www-data /home/jazila-traders/public_html

⚡ Performance Optimization

Recommended Additions for Better Performance

1. Enhanced Caching Headers

# Add to your server block
map $sent_http_content_type $expires {
    default                    off;
    text/html                  1h;
    text/css                   max;
    application/javascript     max;
    ~image/                    max;
}

expires $expires;

2. Rate Limiting (Prevent Abuse)

# Add to http context in nginx.conf
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

# Add to your server block
limit_req zone=one burst=20 nodelay;

3. Security Headers for WordPress

# Add to your server block
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
⚠️ Important: After making any changes to NGINX configuration, always run sudo nginx -t to test syntax before reloading with sudo systemctl reload nginx.

🔧 WordPress-Specific Configuration

Complete WordPress NGINX Configuration

For reference, here's a complete optimized WordPress NGINX configuration:

# WordPress NGINX Configuration
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com www.example.com;
    
    root /var/www/wordpress;
    index index.php index.html index.htm;
    
    # SSL Configuration (Let's Encrypt)
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    
    # Security Headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    
    # WordPress Security
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
    
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }
    
    # WordPress Rewrite Rule
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    
    # PHP Handling
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }
    
    # Static Files Caching
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
        expires 365d;
        add_header Cache-Control "public, immutable";
    }
    
    # Deny access to wp-config.php
    location ~* wp-config\.php {
        deny all;
    }
}

📁 NGINX File Structure

Standard Ubuntu/Debian NGINX Structure

/etc/nginx/
├── nginx.conf              # Main configuration file
├── sites-available/        # Available site configurations
│   └── jazila-traders.com  # Your site config
├── sites-enabled/          # Symlinks to enabled sites
│   └── jazila-traders.com -> ../sites-available/jazila-traders.com
├── snippets/               # Reusable configuration snippets
│   └── fastcgi-php.conf   # PHP-FPM configuration
├── conf.d/                 # Additional configuration files
├── modules-available/      # Available modules
└── modules-enabled/        # Enabled modules

Important File Locations