# FEMP + Wordpress webpages broken



## stratacast1 (Aug 28, 2017)

Today I gave a FEMP server a whirl for the first time, with medium success. I have used FEMP on Linux before but I'm still pretty much a FreeBSD n00b. So, here's where I'm at: I have nginx installed with my config file:


```
user  www;
worker_processes  1;

error_log  /var/log/nginx/error.log;



events {
    worker_connections  1024;
}


http {
        server_tokens   off;
        access_log      /var/log/nginx/access.log;

        include mime.types;
        default_type application/octet-stream;
        sendfile on;
        keepalive_timeout 65;


        server {
                listen 80;
                root /usr/local/www/nginx/wordpress;

                server_name domain.com;
                return 301 https://$server_name$request_uri;
        }



        server {
                listen 443 ssl;
                root /usr/local/www/nginx/wordpress;
                index index.php index.html index.htm;

                server_name domain.com;

                ssl on;
                ssl_certificate /usr/local/etc/letsencrypt/live/domain.com/fullchain.pem;
                ssl_certificate_key /usr/local/etc/letsencrypt/live/domain.com/privkey.pem;


                ssl_session_timeout 1d;
                ssl_session_cache shared:SSL:50m;
                ssl_session_tickets off;

                ssl_protocols TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_dhparam /usr/local/etc/ssl/dhparam.pem;
                ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';



                # OCSP Stapling ---
                # fetch OCSP records from URL in ssl_certificate and cache them
                ssl_stapling on;
                ssl_stapling_verify on;

                # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
                add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";


                location ~ /.well-known {
                        allow all;
                }

                location '/.well-known/acme-challenge' {
                        default_type "text/plain";
                }

                location / {
                        #try_files $uri $uri/ =404;
                        try_files $uri $uri/ /index.php?q=$uri&$args;
                }

                error_page      500 502 503 504 /50x.html;
                location = /50x.html {
                        root /usr/local/www/nginx-dist;
                }

                location ~ \.php$ {
                        #include /usr/local/etc/nginx/fastcgi_params;
                        try_files $uri =404;
                        fastcgi_split_path_info ^(.+\.php)(/.+)$;
                        fastcgi_pass unix:/var/run/php-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $request_filename;
                        include fastcgi_params;
                }

                location ~ /\. {
                        deny all;
                }

                location ~* /(?:uploads|files)/.*\.php$ {
                        deny all;
                }

        }
}
```

I also made changes to the www.conf file for php-fpm to listen on a UNIX socket, allow my www user, set perms, etc. and created my database with MariaDB as per usual and then followed the setup of Wordpress to completion. It works, but pages are a halfway rendered mess.

Other things to note: all of this is going down in a jail which is sitting behind an HAProxy which allows me to have a Nextcloud server, another Wordpress page (same brokeness), and this server on the same port and I'm using Let's Encrypt for secure connections


----------

