File: //etc/nginx/nginx.conf.BAK.2025-12-12-1330
# Ploi Webserver Configuration, do not remove!
include /etc/nginx/ploi/publicedu.co.kr/before/*;
server {
#listen 80;
#listen [::]:80;
root /home/publiced-147/publicedu.co.kr/public;
server_name publicedu.co.kr;
include /etc/nginx/ssl/publicedu.co.kr;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
index index.php index.html;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
# Ploi Configuration, do not remove!
include /etc/nginx/ploi/publicedu.co.kr/server/*;
#############################################
# WordPress Normal Routing
#############################################
location / {
try_files $uri $uri/ /index.php?$query_string;
}
#############################################
# 🔒 Security Rules (No limit_req)
#############################################
# xmlrpc 공격 완전 차단
location = /xmlrpc.php {
deny all;
}
# 업로드폴더 PHP 실행 금지 (가장 핵심적인 해킹 방지)
location ~* /wp-content/uploads/.*\.php$ {
deny all;
}
# wp-includes 내 직접 PHP 호출 차단
location ~* /wp-includes/.*\.php$ {
deny all;
}
# 일부 악성 URL 스캔 차단
location ~* "(autoload_classmap|wp-good|pwnd|bk)/.*\.php$" {
deny all;
}
#############################################
# Static exceptions
#############################################
access_log off;
error_log /var/log/nginx/publicedu.co.kr-error.log error;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
#############################################
# PHP-FPM Handler
#############################################
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.3-fpm-publiced-147.sock;
# FastCGI buffer tuning
fastcgi_buffers 16 32k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
}
# 숨김 파일 차단
location ~ /\.(?!well-known).* {
deny all;
}
}
# Ploi Webserver Configuration, do not remove!
include /etc/nginx/ploi/publicedu.co.kr/after/*;