WordPress

WordPress-vhost

[[vhosts]]
name = "wordpress"
hosts = ["blog.example.com"]

[vhosts.web]
root = "/srv/wordpress"
index_files = ["index.php", "index.html"]
deny_dotfiles = true

[vhosts.php]
enabled = true
root = "/srv/wordpress"
index = "index.php"
preset = "wordpress"
try_files = "wordpress"
deny_path_prefixes = ["/wp-content/uploads/"]

[vhosts.php.fpm]
mode = "external"
socket = "/run/php-fpm/wordpress.sock"

WordPress cache route

[[vhosts.routes]]
name = "wp-assets"
path_prefix = "/wp-content/"
action = "proxy"

[vhosts.routes.proxy]
upstreams = ["127.0.0.1:9000"]

[vhosts.routes.cache]
enabled = true
preset = "wordpress"
status_ttls = { "200" = 3600, "404" = 60 }
extensions = ["css", "js", "png", "jpg", "webp", "svg"]
bypass_cookie_name_prefixes = ["wordpress_logged_in_", "wordpress_sec_"]

Veelvoorkomende checks

• Zorg dat de PHP-FPM-gebruiker WordPress-bestanden kan lezen.
• Houd uploads alleen schrijfbaar waar WordPress schrijfrechten nodig heeft.
• Put cache in front of public assets, not wp-admin.
• Keep login, preview, cron, XML-RPC, and admin paths out of shared cache.
• Gebruik de WordPress-preset als baseline en voeg daarna sitespecifieke bypasses toe.

Goede match

Deze setup is voor een normale WordPress front controller waar Fluxheim veilige statische bestanden serveert, PHP in uploadpaden blokkeert en dynamische requests doorstuurt naar PHP-FPM.