Konfigurasi CP Rocket di Vhost CloudPanel untuk wordpress dengan system komentar bawaan wordpress, jika pengaturan bagian “Tampilkan kotak centang opt-in kuki komentar untuk mengaktifkan kuki penulis.” di centang. Jika tidak di centang, pakai konfigurasi “CP Rocket WP No Comments” sudah aman lancar.
Vhost CloudPanel
server {
listen 80;
listen [::]:80;
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 off;
{{ssl_certificate_key}}
{{ssl_certificate}}
server_name www.staging.scf.web.id;
return 301 https://staging.scf.web.id$request_uri;
}
server {
listen 80;
listen [::]:80;
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;
http2 on;
http3 off;
{{ssl_certificate_key}}
{{ssl_certificate}}
server_name staging.scf.web.id www1.staging.scf.web.id;
{{root}}
{{nginx_access_log}}
{{nginx_error_log}}
if ($scheme != "https") {
rewrite ^ https://$host$request_uri permanent;
}
location ~ /.well-known {
auth_basic off;
allow all;
}
{{settings}}
location ~/\.git {
deny all;
}
location = /xmlrpc.php {
deny all;
}
# Uncomment the following to exclude admin-ajax.php from basic auth if it breaks frontend functionality.
#location ~* ^/wp-admin/admin-ajax\.php$ {
# auth_basic off;
#}
location ~/(wp-admin/|wp-login.php) {
#auth_basic "Restricted Area";
#auth_basic_user_file /home/site-user/.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
proxy_max_temp_file_size 0;
proxy_connect_timeout 7200;
proxy_send_timeout 7200;
proxy_read_timeout 7200;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
location / {
{{varnish_proxy_pass}}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Varnish;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_connect_timeout 720;
proxy_send_timeout 720;
proxy_read_timeout 720;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
# WordPress Multisite Subdirectory
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 break;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 break;
add_header Access-Control-Allow-Origin "*";
add_header alt-svc 'h3=":443"; ma=86400';
expires max;
access_log off;
}
if (-f $request_filename) {
break;
}
}
server {
listen 8080;
listen [::]:8080;
server_name staging.scf.web.id www1.staging.scf.web.id;
{{root}}
include /etc/nginx/global_settings;
# ==========================================================
# Nginx 8080 > WP Rocket > PHP
# ==========================================================
# Path Cache WP Rocket
set $wpr_cache_file "/wp-content/cache/wp-rocket/$host$request_uri/index-https.html";
set $scf_bypass 0;
# Bypass Aturan Default
if ($request_method = POST) { set $scf_bypass 1; }
if ($args) { set $scf_bypass 1; }
# Bypass Cookies (Versi Komentar Bawaan WP Aktif)
# WAJIB ada comment_author agar nama/email tidak bocor ke pengunjung lain
if ($http_cookie ~* "(wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|comment_author)") {
set $scf_bypass 1;
}
# Eksekusi Bypass
if ($scf_bypass = 1) {
set $wpr_cache_file "/bypass-cache-scf";
}
# Debug Header
add_header X-Cache-Engine "CP-Rocket-With-Comments";
# Nginx 8080 > WP Rocket
location / {
try_files $wpr_cache_file $uri $uri/ /index.php?$args;
}
# ==========================================================
# Nginx 8080 > WP Rocket > PHP
# ==========================================================
# try_files $uri $uri/ /index.php?$args;
index index.php index.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS "on";
fastcgi_param SERVER_PORT 443;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}
# WordPress Multisite Subdirectory
if (!-e $request_filename) {
rewrite /wp-admin$ https://$host$uri permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
if (-f $request_filename) {
break;
}
}VCL Varnish
if (req.http.cookie ~ "wordpress_logged_in_|wp-postpass_|comment_author_") {
return (pass);
}MU-Plugins
<?php
/*
Plugin Name: SCF Cache & Comment Bypass
Description: Mencegah Cache Collision pada kolom komentar dan memastikan Header Cache-Control akurat.
*/
// 1. Paksa form komentar selalu kosong di HTML (Mencegah nama bocor ke pengunjung lain)
add_filter( 'comment_form_default_fields', function( $fields ) {
$fields['author'] = preg_replace( '/value="[^"]*"/', 'value=""', $fields['author'] );
$fields['email'] = preg_replace( '/value="[^"]*"/', 'value=""', $fields['email'] );
$fields['url'] = preg_replace( '/value="[^"]*"/', 'value=""', $fields['url'] );
return $fields;
});
// 2. Hilangkan kotak centang "Simpan nama & email" (Opsional, agar user pakai Autofill Browser saja)
add_filter( 'show_comment_cookies_notice', '__return_false' );
// 3. Pastikan Header PHP mengirim sinyal NO-CACHE ke Cloudflare jika ada cookie pribadi
add_action( 'send_headers', function() {
$has_personal_cookie = false;
foreach ( $_COOKIE as $key => $value ) {
if ( preg_match( '/(wordpress_logged_in_|comment_author_|wp-postpass_)/', $key ) ) {
$has_personal_cookie = true;
break;
}
}
if ( is_user_logged_in() || $has_personal_cookie || is_admin() ) {
header( 'Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private' );
header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
}
});Perbedaan Ada Di Opsi Cookie
Pengaturan arsitektur server untuk WP Blog Tanpa Komentar dan WP Blog Dengan Komentar (Opsi Cookie Dimatikan) adalah SAMA PERSIS.
