Hi! I’m loving the EasyEngine installation, really. I found it so easy to set up, and the security settings so much better than my previous configuration, that I’ve set up my entire blog with it.
However, I did find a strange conflict between my standard Nginx settings and the EasyEngine default settings. I got around them, but I wanted to know if there were any implications or a better way to deal with it.
Here’s the problem:
I’ve set up my Nginx config for my site to force SSL on the wp-admin and wp-login.php pages. I was able to do this pretty easily with the following code in my /etc/nginx/sites-available/avivroth.com file:
location ~ /wp-(admin|login) {
return 301 https://$host$request_uri;
}
The problem is that the SSL redirect was not working on wp-login.php, just wp-admin. After playing around, I realized that the problem was that it was being overridden in the /etc/nginx/common/wpcommon.conf that is installed by EasyEngine, specifically the following code to protect agains brute force attacks:
location = /wp-login.php {
limit_req zone=one burst=1 nodelay;
include fastcgi_params;
fastcgi_pass php;
}
This override happens because = has precedence over any ~ declarations. So my redirect code is ignored for wp-login.php.
To get around this, I created a second wpcommon.conf file, which I called wpcommon-fixed.conf, which was identical except that the brute force attack protection on wp-login.php is commented out. Then in my “server” section for port 80, wpcommon-fixed.conf is included, while in the section for port 443, the standard wpcommon.conf is included (I want the actual login page served over SSL to be protected from brute force attacks after all).
Is this the right approach? I’m asking because there is a big fat warning at the top of wpcommon.conf that reads # DO NOT MODIFIED ALL CHNAGES LOST AFTER UPDATE EasyEngine
. So I’m wondering if there is something that is going to be a problem after any future updates to EasyEngine. Is there? Or am I safe?
You can see my original Nginx config file here, and my modified Nginx config file here, so that you can compare. Let me know if you need any more information.
Thanks!