1
1
Fork 0

Merge pull request #5344 from astifter/improve_nginx_sample

Improve nginx Configuration Sample
This commit is contained in:
Tobias Diekershoff 2018-07-09 13:59:38 +02:00 committed by GitHub
commit 0f10a2ab74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -72,36 +72,37 @@ server {
charset utf-8; charset utf-8;
root /var/www/friendica; root /var/www/friendica;
access_log /var/log/nginx/friendica.log; access_log /var/log/nginx/friendica.log;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration # Uncomment the following line to include a standard configuration file Note
#will therefore *add* to this file, but not override it. # that the most specific rule wins and your standard configuration will
# therefore *add* to this file, but not override it.
#include standard.conf #include standard.conf
# allow uploads up to 20MB in size # allow uploads up to 20MB in size
client_max_body_size 20m; client_max_body_size 20m;
client_body_buffer_size 128k; client_body_buffer_size 128k;
# rewrite to front controller as default rule # rewrite to front controller as default rule
location / { location / {
if (!-e $request_filename) { try_file $uri /index.php?pagename=$uri&$args;
rewrite ^(.*)$ /index.php?pagename=$1;
}
} }
# make sure webfinger and other well known services aren't blocked # make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller # by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ { location ^~ /.well-known/ {
allow all; allow all;
if (!-e $request_filename) { try_files $uri /index.php?pagename=$uri&$args;
rewrite ^(.*)$ /index.php?pagename=$1;
}
} }
include mime.types; include mime.types;
# block these file types # statically serve these file types when possible otherwise fall back to
location ~* \.(tpl|md|tgz|log|out)$ { # front controller allow browser to cache them added .htm for advanced source
deny all; # code editor library
} #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket # or a unix socket
@ -128,6 +129,11 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
} }
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# deny access to all dot files # deny access to all dot files
location ~ /\. { location ~ /\. {
deny all; deny all;