When you setup W3 Total Cache (W3TC) on a WordPress site running on NGINX, you should be aware of the NGINX configuration file generated by W3TC. This may seem obvious, but forgetting about it is a mistake that I have made.

Properly implementing W3 Total Cache’s NGINX configuration in the NGINX configuration for your vhost is quite simple. While W3TC does allow you to specify the path on your server that its NGINX configuration file should be written to (under “General > Miscellaneous”), I prefer to leave it in the default location (the root directory of your WordPress install) and update the NGINX configuration for my vhost.

Proper implementation of W3TC’s NGINX configuration file consists of two steps:

  1. Include W3TC’s nginx.conf file in the NGINX configuration for your vhost.
  2. Prevent public access to W3TC’s nginx.conf file.

Include the W3TC NGINX Configuration File

By default, W3 Total Cache writes a file named nginx.conf to the root of your WordPress install. Each time W3TC settings are changed, that file is subject to update. So, rather than copying its contents and pasting them in the NGINX configuration for your vhost, a better approach is to include the file in the location / block for your vhost as shown below.

# Include W3TC nginx.conf file found in WordPress root
location / {
    include /path/to/wproot/nginx.conf;
}

The contents of the W3 Total Cache’s NGINX configuration file are wrapped in comments. An example of the W3T3 nginx.conf file is shown below.

# BEGIN W3TC Page Cache cache
location ~ /wp-content/cache/page_enhanced.*html$ {
    add_header Vary Cookie;
}
# END W3TC Page Cache cache
# BEGIN W3TC Page Cache core
set $w3tc_rewrite 1;
if ($request_method = POST) {
    set $w3tc_rewrite 0;
}
if ($query_string != "") {
    set $w3tc_rewrite 0;
}
if ($request_uri !~ \/$) {
    set $w3tc_rewrite 0;
}
if ($http_cookie ~* "(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in)") {
    set $w3tc_rewrite 0;
}
if ($http_cookie ~* "(w3tc_preview)") {
    set $w3tc_rewrite _preview;
}
set $w3tc_ref "";
if ($http_cookie ~* "w3tc_referrer=.*(ask\.com|bing\.com|google\.com|msn\.com|yahoo\.com)") {
    set $w3tc_ref _search_engines;
}
set $w3tc_ssl "";
if ($scheme = https) {
    set $w3tc_ssl _ssl;
}
set $w3tc_ext "";
if (-f "$document_root/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_ref$w3tc_ssl$w3tc_rewrite.html") {
    set $w3tc_ext .html;
}
if (-f "$document_root/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_ref$w3tc_ssl$w3tc_rewrite.xml") {
    set $w3tc_ext .xml;
}
if ($w3tc_ext = "") {
  set $w3tc_rewrite 0;
}
if ($w3tc_rewrite = 1) {
    rewrite .* "/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_ref$w3tc_ssl$w3tc_rewrite$w3tc_ext" last;
}
# END W3TC Page Cache core

Secure the W3TC NGINX Configuration File

By default, W3 Total Cache’s NGINX configuration file is is created with the proper file permissions. However, I prefer to implement an additional layer of security by preventing public access to the file altogether. Preventing access to a file is very straight forward in NGINX, you simply place a deny all rule on the file as show below.

# Deny access to the nginx.conf file generated by W3TC
location = /nginx.conf {
    deny all;
}

And that’s all there is to it! Hopefully this helps you out …and proves a friendly reminder to yours truly in the future.

Posted by: John Dugan

Comments