From 92f47f8ecae754448431110110a20acf3a80120f Mon Sep 17 00:00:00 2001 From: Andreas Neustifter Date: Thu, 28 Jun 2018 04:35:28 +0000 Subject: [PATCH 1/5] [nginx] Fix indentation. --- mods/sample-nginx.config | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config index 829bfc70a..0b96f50ba 100644 --- a/mods/sample-nginx.config +++ b/mods/sample-nginx.config @@ -72,10 +72,12 @@ server { charset utf-8; root /var/www/friendica; access_log /var/log/nginx/friendica.log; - #Uncomment the following line to include a standard configuration file - #Note that the most specific rule wins and your standard configuration - #will therefore *add* to this file, but not override it. + + # Uncomment the following line to include a standard configuration file Note + # that the most specific rule wins and your standard configuration will + # therefore *add* to this file, but not override it. #include standard.conf + # allow uploads up to 20MB in size client_max_body_size 20m; client_body_buffer_size 128k; From cb600b5a5fead1ef30b36d493210e3e8ef5d6b90 Mon Sep 17 00:00:00 2001 From: Andreas Neustifter Date: Thu, 28 Jun 2018 04:41:27 +0000 Subject: [PATCH 2/5] [nginx] Readd option to statically server pictures. --- mods/sample-nginx.config | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config index 0b96f50ba..7bf8a1f10 100644 --- a/mods/sample-nginx.config +++ b/mods/sample-nginx.config @@ -105,6 +105,14 @@ server { deny all; } + # statically serve these file types when possible otherwise fall back to + # front controller allow browser to cache them added .htm for advanced source + # code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # or a unix socket location ~* \.php$ { From f44cb1ccce16ee76c2a47dc096f31058e78d59d8 Mon Sep 17 00:00:00 2001 From: Andreas Neustifter Date: Thu, 28 Jun 2018 04:41:59 +0000 Subject: [PATCH 3/5] [nginx] Move together deny blocks. --- mods/sample-nginx.config | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config index 7bf8a1f10..a3e461196 100644 --- a/mods/sample-nginx.config +++ b/mods/sample-nginx.config @@ -100,11 +100,6 @@ server { include mime.types; - # block these file types - location ~* \.(tpl|md|tgz|log|out)$ { - deny all; - } - # statically serve these file types when possible otherwise fall back to # front controller allow browser to cache them added .htm for advanced source # code editor library @@ -138,6 +133,11 @@ server { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + # deny access to all dot files location ~ /\. { deny all; From 79a8320fedd1e444b9acf11feaa3d160f5e4a5ff Mon Sep 17 00:00:00 2001 From: Andreas Neustifter Date: Thu, 28 Jun 2018 04:43:33 +0000 Subject: [PATCH 4/5] [nginx] Use try_files instead of if for /.well-known/. See https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ --- mods/sample-nginx.config | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config index a3e461196..0c5443828 100644 --- a/mods/sample-nginx.config +++ b/mods/sample-nginx.config @@ -93,9 +93,7 @@ server { # by denying dot files and rewrite request to the front controller location ^~ /.well-known/ { allow all; - if (!-e $request_filename) { - rewrite ^(.*)$ /index.php?pagename=$1; - } + try_files $uri /index.php?pagename=$uri&$args; } include mime.types; From 6a85b345041644c26b4632938bd3cdffbedcc1cb Mon Sep 17 00:00:00 2001 From: Andreas Neustifter Date: Thu, 28 Jun 2018 19:15:06 +0000 Subject: [PATCH 5/5] [nginx] Use try_file instead of if. See https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/?utm_source=tool.lu#check-if-file-exists. --- mods/sample-nginx.config | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config index 0c5443828..e4ce90251 100644 --- a/mods/sample-nginx.config +++ b/mods/sample-nginx.config @@ -84,9 +84,7 @@ server { # rewrite to front controller as default rule location / { - if (!-e $request_filename) { - rewrite ^(.*)$ /index.php?pagename=$1; - } + try_file $uri /index.php?pagename=$uri&$args; } # make sure webfinger and other well known services aren't blocked