Configure an NGINX file (Enhanced Cloud Web Hosting)

Limits

To ensure the stability of the NGINX service, the Cloud Web Hosting console supports only the following instructions for NGINX files:

• location

• allow

• deny

• try_files

• rewrite

• return

• if

• set

The allow, deny, try_files, rewrite, return, if, and set instructions can be configured only within the location instruction.

Procedure

1. Log on to the Cloud Web Hosting management page.

2. Find the Enhanced Cloud Web Hosting instance for which you want to configure the NGINX file and click Manage in the Actions column.

3. In the navigation pane on the left, choose Advanced Environment Settings > NGINX Settings.

4. On the NGINX Settings page, enter your configuration file content in the text box.

   The following example for a WordPress website shows how to set access permissions for the website, files, or folders, and how to edit pseudo-static rules.

   • Set specific access permissions for the website

     • Scenario: A website running on a server may be attacked by malicious IP addresses. It may also experience illegal hotlinking or malicious scraping of its resources.

     • Solution: You can set specific access permissions for the website to allow access only from trusted IP addresses. For example, to allow access only from the 192.168.0.0/24 and 10.1.0.0/16 CIDR blocks, use the following configuration:

       location / {
           allow 192.168.0.0/24; 
           allow 10.1.0.0/16;
           deny all;
       }

       Note

       When you configure permissions for a CIDR block using a mask, specify the address in the smallest address/mask format. Otherwise, a configuration error is reported: Failed to update nginx settings: nginx: [warn] low address bits of **** are meaningless.

   • Set specific access permissions for a file or folder

     • Scenario: The XMLRPC endpoint in WordPress is a common attack vector. Attackers can perform unauthorized operations such as adding, creating, or deleting posts.

       Note

       The XMLRPC endpoint in WordPress (the xmlrpc.php file in the root directory) defines the rules for data interaction between the website and external applications. For example, it allows operations such as adding, creating, or deleting posts.

     • Solution: To improve your website security, you can allow XMLRPC requests only from trusted IP addresses. For example, to allow requests only from the IP address 192.168.2.34, use the following configuration:

       location ~*/xmlrpc.php$ {
           allow 192.168.2.34; 
           deny all;
       }

   • Edit pseudo-static rules

     • Scenario: You need to implement URL rewrites to transform dynamic URLs that contain parameters into a static format. This improves search engine friendliness, user experience, and website security.

     • Solution: You can configure the NGINX file to rewrite URL requests on your website. For example, if the WordPress program is installed in the /htdocs root directory, use the following configuration:

       location / {
                try_files $uri $uri/ /index.php?$args;
       }

5. After you enter the NGINX content, click Save Settings.

   If the settings are saved successfully, the NGINX settings are successful message is displayed. If an error page appears, modify the content as prompted on the page and save your changes again.

6. (Conditionally required) If the modified NGINX file configuration disrupts the normal operation of your website, you can restore the default configurations. To do this, enter the following content in the text box on the NGINX Settings page and click Save Settings.

   location / {
   } 

References

If you use a standard Cloud Web Hosting instance, see Block specified IP addresses for a Cloud Web Hosting instance to learn how to set specific access permissions for your website.