Merge pull request #5344 from astifter/improve_nginx_sample

Improve nginx Configuration Sample
This commit is contained in:
Tobias Diekershoff 2018-07-09 13:59:38 +02:00 committed by GitHub
commit 0f10a2ab74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -72,36 +72,37 @@ server {
charset utf-8;
root /var/www/friendica;
access_log /var/log/nginx/friendica.log;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
# Uncomment the following line to include a standard configuration file Note
# that the most specific rule wins and your standard configuration will
# therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# rewrite to front controller as default rule
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
try_file $uri /index.php?pagename=$uri&$args;
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
try_files $uri /index.php?pagename=$uri&$args;
}
include mime.types;
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# statically serve these file types when possible otherwise fall back to
# front controller allow browser to cache them added .htm for advanced source
# code editor library
#location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
@ -128,6 +129,11 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# deny access to all dot files
location ~ /\. {
deny all;