123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 |
- ##
- # Friendica Nginx configuration
- # by Pawlik
- #
- # On Debian based distributions you can add this file to
- # /etc/nginx/sites-available
- #
- # Then customize to your needs. To enable the configuration
- # symlink it to /etc/nginx/sites-enabled and reload Nginx
- # using /etc/init.d/nginx reload
- ##
-
- ##
- # You should look at the following URL's in order to grasp a solid understanding
- # of Nginx configuration files in order to fully unleash the power of Nginx.
- #
- # http://wiki.nginx.org/Pitfalls
- # http://wiki.nginx.org/QuickStart
- # http://wiki.nginx.org/Configuration
- ##
-
- ##
- # This configuration assumes your domain is example.net
- # You have a separate subdomain friendica.example.net
- # You want all friendica traffic to be https
- # You have an SSL certificate and key for your subdomain
- # You have PHP FastCGI Process Manager (php7-fpm) running on localhost
- # You have Friendica installed in /mnt/friendica/www
- ##
-
- server {
- server_name ixyz.com;
- index index.php;
- root /home/root/friendica;
- rewrite ^ https://xyz.com$request_uri? permanent;
-
- }
-
- ##
- # Configure Friendica with SSL
- #
- # All requests are routed to the front controller
- # except for certain known file types like images, css, etc.
- # Those are served statically whenever possible with a
- # fall back to the front controller (needed for avatars, for example)
- ##
-
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name xyz.com
-
- index index.php;
- root /home/root/friendica;
-
- ssl on;
- ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
- ssl_certificate_key /etc/nginx/ssl/example.net.key;
- ssl_session_timeout 5m;
- ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
- ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
- ssl_prefer_server_ciphers on;
- fastcgi_param HTTPS on;
- # allow uploads up to 20MB in size
- client_max_body_size 20m;
- client_body_buffer_size 128k;
-
- # rewrite to front controller as default rule
- location / {
- rewrite ^/(.*) /index.php?q=$uri&$args last;
- }
-
- # make sure webfinger and other well known services aren't blocked
- # by denying dot files and rewrite request to the front controller
- location ^~ /.well-known/ {
- allow all;
- rewrite ^/(.*) /index.php?q=$uri&$args last;
- }
- include mime.types;
- # statically serve these file types when possible
- # otherwise fall back to front controller
- # allow browser to cache them
- # added .htm for advanced source code editor library
- location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|svg)$ {
- expires 30d;
- try_files $uri /index.php?q=$uri&$args;
- }
- # block these file types
- location ~* \.(tpl|md|tgz|log|out)$ {
- deny all;
- }
-
- location ~ [^/]\.php(/|$) {
-
- try_files $uri =404;
-
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
- fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
- include fastcgi_params;
- fastcgi_index index.php;
- # fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-
- fastcgi_buffers 16 16k;
- fastcgi_buffer_size 32k;
- }
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- # location ~* \.php$ {
- # fastcgi_split_path_info ^(.+\.php)(/.+)$;
- # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-
- # With php5-cgi alone:
- # fastcgi_pass 127.0.0.1:9000;
-
- # With php5-fpm:
- # fastcgi_pass unix:/var/run/php5-fpm.sock;
- # fastcgi_index index.php;
- # include fastcgi_params;
- # }
-
- # deny access to all dot files
- location ~ /\. {
- deny all;
- }
- }
|