server { listen 80; listen [::]:80; root /var/www/wiki; # Add index.php to the list if you are using PHP index index.php index.html index.htm; server_name localhost; access_log /var/log/nginx/wiki-access.log; error_log /var/log/nginx/wiki-error.log; # Allow favicon.ico, robots.txt, .well-known/ # Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht include snippets/allowed.conf; include snippets/denied.conf; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; error_page 404 = @mediawiki; } # Rewrite for Short-URL location @mediawiki { rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { include snippets/fastcgi-php.conf; # # With php7.2-fpm: fastcgi_pass unix:/run/php/php7.2-fpm.sock; } # Disable php in /images/ (security) location ^~ /images/ { #Served like static files } # Deny access to deleted images folder location ^~ /images/deleted/ { deny all; } # Deny access to MediaWiki dirs location ^~ /cache/ { deny all; } location ^~ /languages/ { deny all; } location ^~ /maintenance/ { deny all; } location ^~ /serialized/ { deny all; } location ^~ /mw-config/ { deny all; } # Deny .svn and .git location ~ /.(svn|git)(/|$) { deny all; } }