nginx/sites/wordpress.conf

server {
	listen [::]:443;
	listen *:443 ssl http2;

	server_name wordpress.sample;

	root /usr/share/nginx/sites/wordpress/web/;
	index index.php;

	# SSL
	ssl_certificate /etc/letsencrypt/live/wordpress.sample/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/wordpress.sample/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/wordpress.sample/chain.pem;

	include /etc/nginx/snippets/ssl-params.conf;

	access_log /var/log/nginx/access.wordpress.sample.log nginx_amplify;
	error_log /var/log/nginx/error.wordpress.sample.log;

	# Uncomment one of the lines below for the appropriate caching plugin (if used).
	include /etc/nginx/snippets/wordpress/restrictions.conf;
	include /etc/nginx/snippets/wordpress/wordpress-seo.conf;
	include /etc/nginx/snippets/wordpress/wp-super-cache.conf;

	# Dynamic cache
	location ~* .(?:manifest|appcache|htm?|xml|json|map|html|htm|service-worker.js)$ {
		gzip on;
		gzip_static on;
		brotli on;
		brotli_static on;
		gzip_vary on;

		expires -1;
		log_not_found off;
		access_log off;
		if_modified_since off;
		include /etc/nginx/snippets/cors.conf;
	}

	# Feed
	location ~* \.(?:rss|atom)$ {
		expires 1h;
		log_not_found off;
		access_log off;
		more_set_headers 'Cache-Control: public';
		include /etc/nginx/snippets/cors.conf;
	}

	# Asset cache
	location ~* .(svg|svgz|eot|otf|woff|woff2|ttf|css|js|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar)$ {
		gzip on;
		gzip_static on;
		brotli on;
		brotli_static on;
		gzip_vary on;

		expires modified +1y;
		log_not_found off;
		access_log off;
		more_set_headers 'Cache-Control: public';
		include /etc/nginx/snippets/cors.conf;
	}

	# Compressed asset cache
	location ~* .(ogg|ogv|mp4|jpg|jpeg|gif|png|ico|mid|midi|wav|bmp)$ {
		gzip off;
		gzip_static off;
		brotli off;
		brotli_static off;
		gzip_vary off;

		expires modified +1y;
		log_not_found off;
		access_log off;
		more_set_headers 'Cache-Control: public';
		include /etc/nginx/snippets/cors.conf;
	}

	# PHP-FPM
	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/run/php/php7.4-fpm-wordpress.sock;
		fastcgi_index index.php;

		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include /etc/nginx/fastcgi.conf;
	}

	location ~ ^/.well-known {
		allow all;
	}
}

server {
	listen [::]:443;
	listen *:443 ssl http2;

	server_name www.wordpress.sample;

	# SSL
	ssl_certificate /etc/letsencrypt/live/www.wordpress.sample/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.wordpress.sample/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/www.wordpress.sample/chain.pem;

	return 301 https://wordpress.sample$request_uri;

	access_log /dev/null;
	error_log /dev/null crit;
}

server {
	listen *:80;

	server_name wordpress.sample;

	return 301 https://wordpress.sample$request_uri;

	access_log /dev/null;
	error_log /dev/null crit;
}

server {
	listen *:80;

	server_name www.wordpress.sample;

	return 301 https://www.wordpress.sample$request_uri;

	access_log /dev/null;
	error_log /dev/null crit;
}