Nginxconf: Difference between revisions
From GaryH Tech's Wiki
No edit summary |
Clean up formatting |
||
| Line 2: | Line 2: | ||
server { | server { | ||
listen 80; | listen 80; | ||
server_name wiki.garyhtech.uk; | server_name wiki.garyhtech.uk; | ||
return 301 <nowiki>https://$server_name$request_uri</nowiki>; | return 301 <nowiki>https://$server_name$request_uri</nowiki>; | ||
} | } | ||
server { | server { | ||
listen 443 ssl; | listen 443 ssl; | ||
#listen [::]:80; | #listen [::]:80; | ||
http2 on; | http2 on; | ||
server_name wiki.garyhtech.uk; | server_name wiki.garyhtech.uk; | ||
ssl_certificate /usr/local/etc/letsencrypt/live/garyhtech.uk/fullchain.pem; | ssl_certificate /usr/local/etc/letsencrypt/live/garyhtech.uk/fullchain.pem; | ||
ssl_certificate_key /usr/local/etc/letsencrypt/live/garyhtech.uk/privkey.pem; | ssl_certificate_key /usr/local/etc/letsencrypt/live/garyhtech.uk/privkey.pem; | ||
access_log /usr/local/etc/nginx/logs/wiki.garyhtech.uk.log; | access_log /usr/local/etc/nginx/logs/wiki.garyhtech.uk.log; | ||
error_log /usr/local/etc/nginx/logs/wiki.garyhtech.uk-error.log; | error_log /usr/local/etc/nginx/logs/wiki.garyhtech.uk-error.log; | ||
root /usr/local/www/mediawiki; | |||
index index.php; | |||
add_header X-Content-Type-Options "nosniff"; | |||
# allow larger file uploads and longer script runtimes | |||
client_max_body_size 100m; | |||
client_body_timeout 60; | |||
<nowiki/># Images | <nowiki/># Images | ||
location /w/images { | |||
# Separate location for images/ so .php execution won't apply | |||
add_header X-Content-Type-Options "nosniff"; | |||
} | } | ||
location /w/images/deleted { | |||
location /w/images/deleted { | # Deny access to deleted images folder | ||
deny all; | |||
} | |||
# MediaWiki assets (usually images) | |||
location ~ ^/w/resources/(assets|lib|src) { | |||
try_files $uri 404; | |||
add_header Cache-Control "public"; | |||
expires 7d; | |||
# MediaWiki assets (usually images) | |||
location ~ ^/w/resources/(assets|lib|src) { | |||
} | } | ||
# Assets, scripts and styles from skins and extensions | |||
# Assets, scripts and styles from skins and extensions | location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ { | ||
try_files $uri 404; | |||
location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ { | add_header Cache-Control "public"; | ||
expires 7d; | |||
} | } | ||
# License and credits files | |||
# License and credits files | location ~ ^/w/(COPYING|CREDITS) { | ||
default_type text/plain; | |||
location ~ ^/w/(COPYING|CREDITS) { | |||
} | } | ||
location ~ \.php$ { | |||
try_files $uri =404; | |||
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |||
fastcgi_pass unix:/var/run/php81-fpm.sock; | |||
fastcgi_index index.php; | |||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |||
include fastcgi_params; | |||
} | |||
location / { | |||
try_files $uri $uri/ /index.php?$args; | |||
} | |||
} | } | ||
</code> | </code> | ||
Revision as of 13:31, 15 December 2025
# Redirect for wiki.garyhtech.uk
server {
listen 80;
server_name wiki.garyhtech.uk;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
#listen [::]:80;
http2 on;
server_name wiki.garyhtech.uk;
ssl_certificate /usr/local/etc/letsencrypt/live/garyhtech.uk/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/garyhtech.uk/privkey.pem;
access_log /usr/local/etc/nginx/logs/wiki.garyhtech.uk.log;
error_log /usr/local/etc/nginx/logs/wiki.garyhtech.uk-error.log;
root /usr/local/www/mediawiki;
index index.php;
add_header X-Content-Type-Options "nosniff";
# allow larger file uploads and longer script runtimes
client_max_body_size 100m;
client_body_timeout 60;
# Images
location /w/images {
# Separate location for images/ so .php execution won't apply
add_header X-Content-Type-Options "nosniff";
}
location /w/images/deleted {
# Deny access to deleted images folder
deny all;
}
# MediaWiki assets (usually images)
location ~ ^/w/resources/(assets|lib|src) {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Assets, scripts and styles from skins and extensions
location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# License and credits files
location ~ ^/w/(COPYING|CREDITS) {
default_type text/plain;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php81-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}
