After having some issues with this new server build and Apache2, I decided to move over to Nginx for the web server. This meant I had to figure out how to get a Linux, (e)Nginx, MySQL, and PHP (LEMP) server going. Although I am not a DigitalOcean customer I used a great tutorial from them to determine what I needed on the Nginx and PHP5-FPM side of things and left off the other steps pertaining to Linux and MySQL. I also had to recreate my self-signed cert for SSL which I did using these instructions from DigitalOcean. These portions of the upgrade, I actually did from remote while DJ’ing for an 80’s gig, but I did need to finish up swapping the Apache2 and Nginx daemon start ups the next day. All in all, it was a pretty effortless job to make the Apache to Nginx switch until I started investigating what I needed to do to continue blocking web visitors by country.
So the next step was to enable the MaxMind GeoIP modules in Nginx and configure the web site profile to block countries other than the usual five. For this portion, I found another tutorial from how-to-forge that walked through the process step by step. Just like the previous effort to do this under Apache, there are methods to allow all countries and specify a few to block or block all countries and specify a few to allow. The latter is the method I chose. The one option that I really like with this setup is instead of giving a 403 – forbidden response to blocked visitors, I followed the tutorial’s recommendation to use a 444 – no response method which just keeps the browser at the other end hanging on and waiting for a response.
Between country blocking, using a self-signed SSL cert and a captcha requirement for administrative access, the number of attempted password guessing attacks against this site has gone from several an hour to zero.
In addition to WordPress, my site also includes Zenphoto 2.0 for the photo gallery. While it initially looked like wordpress and zenphoto were functioning correctly under nginx, if you went into any of the albums you would get a 404 error. Turns out that mod-rewrite and php needed some attention to get Zenphoto back to health. Here is a post I made to the Zenphoto 2.0 forum on the adjustments needed.
try_files $uri $uri/ /subfolder/index.php?$args;
try_files $uri $uri/ /zp/index.php?$args;