mediawiki-ssl.conf 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980
  1. server {
  2. listen 80;
  3. listen [::]:80;
  4. server_name localhost;
  5. # Redirect HTTP to HTTPS
  6. return 301 https://$host$request_uri;
  7. }
  8. server {
  9. # SSL configuration
  10. #
  11. listen 443 ssl;
  12. listen [::]:443;
  13. ssl_certificate /etc/nginx/ssl/localhost.crt;
  14. ssl_certificate_key /etc/nginx/ssl/localhost.key;
  15. #
  16. # Note: You should disable gzip for SSL traffic.
  17. # See: https://bugs.debian.org/773332
  18. gzip off;
  19. #
  20. # Read up on ssl_ciphers to ensure a secure configuration.
  21. # See: https://bugs.debian.org/765782
  22. root /var/www/wiki;
  23. # Add index.php to the list if you are using PHP
  24. index index.php index.html index.htm;
  25. server_name localhost;
  26. access_log /var/log/nginx/wiki-access.log;
  27. error_log /var/log/nginx/wiki-error.log;
  28. # Activate HSTS (HTTP Strict Transport Security)
  29. # Note: reinclude if in a location a header is set
  30. include snippets/hsts.conf;
  31. # Allow favicon.ico, robots.txt, .well-known/
  32. # Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht
  33. include snippets/allowed.conf;
  34. include snippets/denied.conf;
  35. location / {
  36. # First attempt to serve request as file, then
  37. # as directory, then fall back to displaying a 404.
  38. try_files $uri $uri/ =404;
  39. error_page 404 = @mediawiki;
  40. }
  41. # Rewrite for Short-URL
  42. location @mediawiki {
  43. rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
  44. }
  45. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  46. #
  47. location ~ \.php$ {
  48. include snippets/fastcgi-php.conf;
  49. # # With php7.2-fpm:
  50. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  51. }
  52. # Disable php in /images/ (security)
  53. location ^~ /images/ {
  54. #Served like static files
  55. }
  56. # Deny access to deleted images folder
  57. location ^~ /images/deleted/ {
  58. deny all;
  59. }
  60. # Deny access to MediaWiki dirs
  61. location ^~ /cache/ { deny all; }
  62. location ^~ /languages/ { deny all; }
  63. location ^~ /maintenance/ { deny all; }
  64. location ^~ /serialized/ { deny all; }
  65. location ^~ /mw-config/ { deny all; }
  66. # Deny .svn and .git
  67. location ~ /.(svn|git)(/|$) { deny all; }
  68. }