diff options
author | Silvino Silva <silvino@bk.ru> | 2020-04-20 01:01:22 +0100 |
---|---|---|
committer | Silvino Silva <silvino@bk.ru> | 2020-04-20 01:01:22 +0100 |
commit | fb54fa28e88afb7f9dcd7027b7c820ae8b43f802 (patch) | |
tree | 4987031dc2bc48a56484d611598b46f696a8889b /tools/conf/etc/nginx | |
parent | fd186246f96768b8398f0ffe32ef136cb895fa21 (diff) | |
parent | 4216ad7e3cc4d4733034a50c122e4efa4ae08108 (diff) | |
download | doc-fb54fa28e88afb7f9dcd7027b7c820ae8b43f802.tar.gz |
Merge branch 'master' into release
Diffstat (limited to 'tools/conf/etc/nginx')
-rw-r--r-- | tools/conf/etc/nginx/nginx.conf | 113 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/default.conf | 157 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/email.conf | 63 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/forum.conf | 39 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/frontpage.conf | 40 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/git.conf | 24 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/git.localhost.conf | 25 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/ports.conf | 55 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/shop.conf | 86 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/task.conf | 21 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/vexim.conf | 39 | ||||
-rw-r--r-- | tools/conf/etc/nginx/sites-enabled/wiki.conf | 39 |
12 files changed, 496 insertions, 205 deletions
diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf index 8fca293..e757df6 100644 --- a/tools/conf/etc/nginx/nginx.conf +++ b/tools/conf/etc/nginx/nginx.conf @@ -2,40 +2,39 @@ # /etc/nginx/nginx.conf - nginx server configuration # - user www; worker_processes auto; -error_log /var/log/nginx/error.log; +error_log syslog:server=unix:/dev/log,facility=daemon debug; pid /var/run/nginx.pid; - events { worker_connections 1024; } - http { include mime.types; default_type application/octet-stream; - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; #tcp_nopush on; - client_max_body_size 8M; - keepalive_timeout 65; - client_body_timeout 12; - client_header_timeout 12; - send_timeout 65; + # Allow attach iso to wiki + #client_max_body_size 8M; + client_max_body_size 30M; + #keepalive_timeout 65; + keepalive_timeout 120; + #client_body_timeout 12; + client_body_timeout 24; + #client_header_timeout 12; + client_header_timeout 24; + send_timeout 65; gzip on; gzip_vary on; @@ -45,88 +44,6 @@ http { # gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; - - #server { - # listen 80; - # server_name localhost; - # - # #charset koi8-r; - # - # location / { - # root html; - # index index.html index.htm; - # } - # - # error_page 404 /404.html; - # - # # redirect server error pages to the static page /50x.html - # # - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # root html; - # } - # - # # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # # - # #location ~ \.php$ { - # # proxy_pass http://127.0.0.1; - # #} - # - # # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # # - # #location ~ \.php$ { - # # root html; - # # fastcgi_pass 127.0.0.1:9000; - # # fastcgi_index index.php; - # # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # # include fastcgi_params; - # #} - # - # # deny access to .htaccess files, if Apache's document root - # # concurs with nginx's one - # # - # #location ~ /\.ht { - # # deny all; - # #} - #} - - - # another virtual host using mix of IP-, name-, and port-based configuration - # - #server { - # listen 8000; - # listen somename:8080; - # server_name somename alias another.alias; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - - - # HTTPS server - # - #server { - # listen 443 ssl; - # server_name localhost; - - # ssl_certificate cert.pem; - # ssl_certificate_key cert.key; - - # ssl_session_cache shared:SSL:1m; - # ssl_session_timeout 5m; - - # ssl_ciphers HIGH:!aNULL:!MD5; - # ssl_prefer_server_ciphers on; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - } +# End of file diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf index c35b0cd..f7a6928 100644 --- a/tools/conf/etc/nginx/sites-enabled/default.conf +++ b/tools/conf/etc/nginx/sites-enabled/default.conf @@ -1,15 +1,24 @@ server { +#if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) { +# return 410; +#} -#listen 443 ssl http2; - listen 443 ssl; +##listen 443 ssl http2; + server_name tribu.semdestino.org; -# listen 80; - server_name machine.example; + listen 80 default_server; + listen 443 ssl default_server; +# listen [::]:443 ssl http2; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug; + + root /etc/nginx/html/; + + ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem; -# listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/machine.example/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/machine.example/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/machine.example/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; @@ -20,84 +29,68 @@ server { ssl_stapling on; ssl_stapling_verify on; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; +#proxy_redirect off; +#proxy_set_header Host $http_host; +proxy_set_header X-Forwarded-Host $http_host; +#proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - root /srv/www; - location /ports/distfiles { - alias /usr/ports/distfiles; + location /doc { + alias /srv/www/doc; + index index.html; + autoindex on; } - location /ports/packages { - alias /usr/ports/distfiles; - } - - location /doc { - alias /srv/www/doc; - index index.html; - } - - location /git/static { -# static files (png/css) served from /usr/share/gitweb/static - alias /srv/www/gitweb/static; - expires 30d; - } - - location /git { - alias /srv/www/gitweb; - index gitweb.cgi; - fastcgi_split_path_info ^/git()(/?.+)$; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; - fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; - - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.sock; - } - - location /task { - index index.php; - alias /srv/www/flyspray; - try_files $uri $uri/ index.php$is_args$args; - } - - location ~ ^/task(.+\.php)$ { ### This location block was the solution - alias /srv/www/flyspray; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - try_files $uri /index.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; -# fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; - } - - location / { - alias /srv/www/pmwiki/; - index pmwiki.php; - try_files $uri $uri/ /pmwiki.php$is_args$args; - } - -# ACME challenge - location ^~ /.well-known { - allow all; - alias /srv/www/pmwiki/pub/cert/.well-known/; - default_type "text/plain"; - try_files $uri =404; - } - - - location ~ \.php$ { - alias /srv/www/pmwiki; - index pmwiki.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index pmwiki.php; - try_files $uri /pmwiki.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -# fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + location /mirror { + proxy_pass http://ports.ank; + } + + location /pub { + proxy_pass http://wiki.server.ank:8080; + } + location ^~ /.well-known { + # ACME challenge + proxy_pass http://wiki.server.ank; + } + location /wiki { + proxy_pass http://wiki.server.ank:8080; + } + + location /git { + proxy_pass http://git.server.ank:8080; + } + + location /forum/ { + proxy_pass http://forum.server.ank:8080/; + } + + location /task { + proxy_pass http://task.server.ank:8080; + } + + location /shop { + proxy_pass http://shop.server.ank:8080; + } + + location /vexim/ { + proxy_pass http://vexim.server.ank:8080/; + } + + location /email { + proxy_pass http://email.server.ank:8080; + } + + location /awstats { + proxy_pass http://awstats.server.ank:8080; + } + + location /stats { + proxy_pass http://stats.server.ank:8080; + } + + location / { + proxy_pass http://frontpage.server.ank:8080/; } } diff --git a/tools/conf/etc/nginx/sites-enabled/email.conf b/tools/conf/etc/nginx/sites-enabled/email.conf new file mode 100644 index 0000000..5b34d7c --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/email.conf @@ -0,0 +1,63 @@ +server { + listen 8080; + server_name email.server.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email_err,nohostname debug; + + location /email { + alias /srv/www/email; + index index.php; + autoindex off; + } + + # Favicon + location ~ ^/email/favicon.ico$ { + root /srv/www/email/skins/classic/images; + log_not_found off; + access_log off; + expires max; + } + + # Robots file + location ~ ^/email/robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny Protected directories + location ~ ^/email/(config|temp|logs)/ { + deny all; + } + + location ~ ^/email/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { + deny all; + } + + location ~ ^/email/(bin|SQL)/ { + deny all; + } + + # Hide .md files + location ~ ^/email/(.+\.md)$ { + deny all; + } + + # Hide all dot files + location ~ ^/email/\. { + deny all; + access_log off; + log_not_found off; + } + + location ~ /email/.*\.php { + alias /srv/www/email; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/forum.conf b/tools/conf/etc/nginx/sites-enabled/forum.conf new file mode 100644 index 0000000..14350e3 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/forum.conf @@ -0,0 +1,39 @@ +server { + listen 8080; + server_name forum.server.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum_err,nohostname debug; + + root /srv/www/forum; + + location / { + index index.php; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ [^/]\.php(/|$) { + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + + # include the fastcgi_param setting + include fastcgi_params; + + # SCRIPT_FILENAME parameter is used for PHP FPM determining + # the script name. If it is not set in fastcgi_params file, + # i.e. /etc/nginx/fastcgi_params or in the parent contexts, + # please comment off following line + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + +} diff --git a/tools/conf/etc/nginx/sites-enabled/frontpage.conf b/tools/conf/etc/nginx/sites-enabled/frontpage.conf new file mode 100644 index 0000000..7f7e66a --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/frontpage.conf @@ -0,0 +1,40 @@ +server { + listen 8080; + server_name frontpage.server.ank; + + #access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage_err,nohostname debug; + + root /srv/www/frontpage; + + index index.html index.php; + + location / { + index index.html; + try_files $uri $uri/ index.html index.php$is_args$args; + } + + location ~ [^/]\.php(/|$) { + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + + # include the fastcgi_param setting + include fastcgi_params; + + # SCRIPT_FILENAME parameter is used for PHP FPM determining + # the script name. If it is not set in fastcgi_params file, + # i.e. /etc/nginx/fastcgi_params or in the parent contexts, + # please comment off following line + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/git.conf b/tools/conf/etc/nginx/sites-enabled/git.conf new file mode 100644 index 0000000..f9d2d97 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/git.conf @@ -0,0 +1,24 @@ +server { + listen 8080; + server_name git.server.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git_err,nohostname debug; + + root /srv/www/gitweb; + + location /git/static { + # static files (png/css) served from /usr/share/gitweb/static + alias /srv/www/gitweb/static; + } + + location / { + index gitweb.cgi; + fastcgi_split_path_info ^/git()(/?.+)$; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; + fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.sock; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf deleted file mode 100644 index 910df66..0000000 --- a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 443 ssl; - - server_name git.localhost git.machine.example git.machine.example.org; - - root /srv/www/gitweb; - - location /static/ { - # static files (png/css) served from /usr/share/gitweb/static - root /usr/share/gitweb ; - expires 30d; - } - - location / { - index gitweb.cgi - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_param DOCUMENT_ROOT /srv/www/gitweb/; - fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; - fastcgi_split_path_info ^()(/?.+)$; - - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.sock; - } - -} diff --git a/tools/conf/etc/nginx/sites-enabled/ports.conf b/tools/conf/etc/nginx/sites-enabled/ports.conf new file mode 100644 index 0000000..829d710 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/ports.conf @@ -0,0 +1,55 @@ +server { + listen 80; + server_name localhost ports.ank default_host; + + access_log /var/log/nginx/ports_access.log; + error_log /var/log/nginx/ports_error.log; + + location /mirror/archive { + autoindex on; + alias /usr/ports/archive; + } + + location /mirror/packages { + autoindex on; + alias /usr/ports/packages; + } + + location /mirror/distfiles { + autoindex on; + alias /usr/ports/distfiles; + } + + location /mirror/bugs { + autoindex on; + alias /usr/ports/pkgbuild; + types { + text/plain log; + } + } + + location /mirror/installed { + autoindex on; + alias /usr/ports/installed; + default_type text/plain; + } + + location /mirror/releases { + autoindex on; + alias /usr/ports/releases; + } + + location /mirror/ { + return 301 https://tribu.semdestino.org/wiki/Main/Mirror; + } + + error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } +} + diff --git a/tools/conf/etc/nginx/sites-enabled/shop.conf b/tools/conf/etc/nginx/sites-enabled/shop.conf new file mode 100644 index 0000000..de34e40 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/shop.conf @@ -0,0 +1,86 @@ +server { + listen 8080; + server_name shop.server.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop_err,nohostname debug; + + location ~ ^/shop/admin { + alias /srv/www/shop/upload/admin; + index index.php; + + location ~ ^/shop/admin/config.php { + deny all; + } + + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename$1; + fastcgi_pass 127.0.0.1:9000; + } + } + + location ^~ /shop { + alias /srv/www/shop/upload; + index index.php; + #try_files $uri $uri/ index.php$is_args$args; + #try_files index.php @opencart; + + location ~ ^/shop/upload/image/data { + autoindex on; + } + + location ~ ^/shop/config.php { + deny all; + } + + + location ~ ^/shop/admin/config.php { + deny all; + } + +# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). +# + location ~ ^/shop/\. { + deny all; + access_log off; + log_not_found off; + } + location ~ ^/shop/\.(jpg|jpeg|png|gif|css|js|ico)$ { + expires max; + log_not_found off; + } + + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename$1; + fastcgi_pass 127.0.0.1:9000; + #fastcgi_split_path_info ^(.+\.php)(/.+)$; + #fastcgi_split_path_info ^(.+\.php)(.*)$; + #fastcgi_index index.php; + #try_files $uri /index.php =404; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + } + + } + + + location @tribushop { + rewrite ^/shop/(.+)$ /shop/index.php?_route_=$1 last; + } + + location /shop/engine { + deny all; + } + + location ~ ^/shop/library { + deny all; + } + + # Make sure files with the following extensions do not + # get loaded by nginx because nginx would display the + # source code, and these files can contain PASSWORDS! + location ~ ^/shop/\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|.*ini|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { + deny all; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/task.conf b/tools/conf/etc/nginx/sites-enabled/task.conf new file mode 100644 index 0000000..8b15ee5 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/task.conf @@ -0,0 +1,21 @@ +server { + listen 8080; + server_name task.server.ank; + + location /task { + index index.php; + alias /srv/www/task; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/task(.+\.php)$ { ### This location block was the solution + alias /srv/www/task; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; +# fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/vexim.conf b/tools/conf/etc/nginx/sites-enabled/vexim.conf new file mode 100644 index 0000000..d113cdc --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/vexim.conf @@ -0,0 +1,39 @@ +server { + listen 8080; + server_name vexim.server.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim_err,nohostname debug; + + root /srv/www/vexim; + + location / { + index index.php; + autoindex off; + } + + location ~ [^/]\.php(/|$) { + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + + # include the fastcgi_param setting + include fastcgi_params; + + # SCRIPT_FILENAME parameter is used for PHP FPM determining + # the script name. If it is not set in fastcgi_params file, + # i.e. /etc/nginx/fastcgi_params or in the parent contexts, + # please comment off following line + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + +} diff --git a/tools/conf/etc/nginx/sites-enabled/wiki.conf b/tools/conf/etc/nginx/sites-enabled/wiki.conf new file mode 100644 index 0000000..1e3b4d1 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/wiki.conf @@ -0,0 +1,39 @@ +server { + listen 8080; + server_name wiki.server.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu_err,nohostname debug; + + root /srv/www/; + + location /pub { + alias /srv/www/wiki/pub; + } + # ACME challenge + location ^~ /.well-known { + allow all; + alias /srv/www/wiki/pub/cert/.well-known/; + default_type "text/plain"; + try_files $uri =404; + } + + location @pmwiki { + rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1; + } + + location /wiki { + index pmwiki.php; + try_files $uri $uri/ @pmwiki; + } + + location ~ ^\/wiki(.+\.php)$ { + index pmwiki.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; + } +} |