1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- server {
- listen 80;
- listen [::]:80;
- server_name localhost;
- # Redirect HTTP to HTTPS
- return 301 https://$host$request_uri;
- }
- server {
- # SSL configuration
- #
- listen 443 ssl;
- listen [::]:443;
- ssl_certificate /etc/nginx/ssl/localhost.crt;
- ssl_certificate_key /etc/nginx/ssl/localhost.key;
- #
- # Note: You should disable gzip for SSL traffic.
- # See: https://bugs.debian.org/773332
- gzip off;
- #
- # Read up on ssl_ciphers to ensure a secure configuration.
- # See: https://bugs.debian.org/765782
- root /var/www/wiki;
- # Add index.php to the list if you are using PHP
- index index.php index.html index.htm;
- server_name localhost;
- access_log /var/log/nginx/wiki-access.log;
- error_log /var/log/nginx/wiki-error.log;
- # Activate HSTS (HTTP Strict Transport Security)
- # Note: reinclude if in a location a header is set
- include snippets/hsts.conf;
- # Allow favicon.ico, robots.txt, .well-known/
- # Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht
- include snippets/allowed.conf;
- include snippets/denied.conf;
- location / {
- # First attempt to serve request as file, then
- # as directory, then fall back to displaying a 404.
- try_files $uri $uri/ =404;
- error_page 404 = @mediawiki;
- }
- # Rewrite for Short-URL
- location @mediawiki {
- rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
- }
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- location ~ \.php$ {
- include snippets/fastcgi-php.conf;
- # # With php7.2-fpm:
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- }
-
- # Disable php in /images/ (security)
- location ^~ /images/ {
- #Served like static files
- }
- # Deny access to deleted images folder
- location ^~ /images/deleted/ {
- deny all;
- }
- # Deny access to MediaWiki dirs
- location ^~ /cache/ { deny all; }
- location ^~ /languages/ { deny all; }
- location ^~ /maintenance/ { deny all; }
- location ^~ /serialized/ { deny all; }
- location ^~ /mw-config/ { deny all; }
- # Deny .svn and .git
- location ~ /.(svn|git)(/|$) { deny all; }
- }
|