silverstripe-framework/docs/en/installation/nginx.md

# Nginx

These instructions are also covered on the
[Nginx Wiki](http://wiki.nginx.org/SilverStripe).

The prerequisite is that you have already installed Nginx and you are
able to run PHP files via the FastCGI-wrapper from Nginx.

Now you need to set up a virtual host in Nginx with configuration settings
that are similar to those shown below.
<div class="notice" markdown='1'>
If you don't fully understand the configuration presented here, consult the
[nginx documentation](http://nginx.org/en/docs/).

Especially be aware of [accidental php-execution](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ "Don't trust the tutorials") when extending the configuration.
</div>
But enough of the disclaimer, on to the actual configuration — typically in `nginx.conf`:

	server {
		listen 80;
		root /path/to/ss/folder;
	
		server_name site.com www.site.com;
	
		location / {
			try_files $uri /framework/main.php?url=$uri&$query_string;
		}
	
		error_page 404 /assets/error-404.html;
		error_page 500 /assets/error-500.html;
	
		location ^~ /assets/ {
			sendfile on;
			try_files $uri =404;
		}
	
		location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
			fastcgi_keep_conn on;
			fastcgi_pass   127.0.0.1:9000;
			fastcgi_index  index.php;
			fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
			include        fastcgi_params;
		}
	
		location ~ /(mysite|framework|cms)/.*\.(php|php3|php4|php5|phtml|inc)$ {
			deny all;
		}
	
		location ~ /\.. {
			deny all;
		}
	
		location ~ \.ss$ {
			satisfy any;
			allow 127.0.0.1;
			deny all;
		}
	
		location ~ web\.config$ {
			deny all;
		}
	
		location ~ \.ya?ml$ {
			deny all;
		}
	
		location ^~ /vendor/ {
			deny all;
		}
	
		location ~* /silverstripe-cache/ {
			deny all;
		}
	
		location ~* composer\.(json|lock)$ {
			deny all;
		}
	
		location ~* /(cms|framework)/silverstripe_version$ {
			deny all;
		}
	
		location ~ \.php$ {
			fastcgi_keep_conn on;
			fastcgi_pass   127.0.0.1:9000;
			fastcgi_index  index.php;
			fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
			include        fastcgi_params;
			fastcgi_buffer_size 32k;
			fastcgi_busy_buffers_size 64k;
			fastcgi_buffers 4 32k;
		}
	}

The above configuration sets up a virtual host `site.com` with
rewrite rules suited for SilverStripe. The location block for php files
passes all php scripts to the FastCGI-wrapper via a TCP socket.

Now you can proceed with the SilverStripe installation normally.
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00			`# Nginx`

Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`These instructions are also covered on the`
Update documentation of nginx configuration - Avoid using "if" to check for file existence (use try_files instead) - Replicate the behavior of the .htaccess files - TODO: get static error pages to work 2012-12-14 23:26:13 +01:00			`[Nginx Wiki](http://wiki.nginx.org/SilverStripe).`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update documentation of nginx configuration - Avoid using "if" to check for file existence (use try_files instead) - Replicate the behavior of the .htaccess files - TODO: get static error pages to work 2012-12-14 23:26:13 +01:00			`The prerequisite is that you have already installed Nginx and you are`
			`able to run PHP files via the FastCGI-wrapper from Nginx.`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
fix nginx documentation to one that actually works :-) example configuration wuldn't allow to install silverstripe, as install.php does exist as a regular file (and that was ignored in the old version of the documentation) Similarily, the last rule in the htaccess snippet that should allow the access to the tinymce php files were never applied, as a previously listed regex did match and denied access. Even if it would have taken effect: as those files do exist on disk, they would have been handed out as-is and not been interpreted by php. Also the statement regarding accidental/exploitable execution of arbitrary php was misleading (and to some degree even wrong) in the old context. squashed commit as per pr#1791 2013-04-22 01:51:00 +02:00			`Now you need to set up a virtual host in Nginx with configuration settings`
			`that are similar to those shown below.`
			`<div class="notice" markdown='1'>`
			`If you don't fully understand the configuration presented here, consult the`
			`[nginx documentation](http://nginx.org/en/docs/).`

			`Especially be aware of [accidental php-execution](https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ "Don't trust the tutorials") when extending the configuration.`
			`</div>`
			But enough of the disclaimer, on to the actual configuration — typically in `nginx.conf`:
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
			`server {`
Update documentation of nginx configuration - Avoid using "if" to check for file existence (use try_files instead) - Replicate the behavior of the .htaccess files - TODO: get static error pages to work 2012-12-14 23:26:13 +01:00			`listen 80;`
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`root /path/to/ss/folder;`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`server_name site.com www.site.com;`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location / {`
			`try_files $uri /framework/main.php?url=$uri&$query_string;`
fix nginx documentation to one that actually works :-) example configuration wuldn't allow to install silverstripe, as install.php does exist as a regular file (and that was ignored in the old version of the documentation) Similarily, the last rule in the htaccess snippet that should allow the access to the tinymce php files were never applied, as a previously listed regex did match and denied access. Even if it would have taken effect: as those files do exist on disk, they would have been handed out as-is and not been interpreted by php. Also the statement regarding accidental/exploitable execution of arbitrary php was misleading (and to some degree even wrong) in the old context. squashed commit as per pr#1791 2013-04-22 01:51:00 +02:00			`}`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`error_page 404 /assets/error-404.html;`
fix nginx documentation to one that actually works :-) example configuration wuldn't allow to install silverstripe, as install.php does exist as a regular file (and that was ignored in the old version of the documentation) Similarily, the last rule in the htaccess snippet that should allow the access to the tinymce php files were never applied, as a previously listed regex did match and denied access. Even if it would have taken effect: as those files do exist on disk, they would have been handed out as-is and not been interpreted by php. Also the statement regarding accidental/exploitable execution of arbitrary php was misleading (and to some degree even wrong) in the old context. squashed commit as per pr#1791 2013-04-22 01:51:00 +02:00			`error_page 500 /assets/error-500.html;`

Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ^~ /assets/ {`
			`sendfile on;`
			`try_files $uri =404;`
			`}`
fix nginx documentation to one that actually works :-) example configuration wuldn't allow to install silverstripe, as install.php does exist as a regular file (and that was ignored in the old version of the documentation) Similarily, the last rule in the htaccess snippet that should allow the access to the tinymce php files were never applied, as a previously listed regex did match and denied access. Even if it would have taken effect: as those files do exist on disk, they would have been handed out as-is and not been interpreted by php. Also the statement regarding accidental/exploitable execution of arbitrary php was misleading (and to some degree even wrong) in the old context. squashed commit as per pr#1791 2013-04-22 01:51:00 +02:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ~ /framework/.*(main\|rpc\|tiny_mce_gzip)\.php$ {`
			`fastcgi_keep_conn on;`
			`fastcgi_pass 127.0.0.1:9000;`
			`fastcgi_index index.php;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`include fastcgi_params;`
			`}`
fix nginx documentation to one that actually works :-) example configuration wuldn't allow to install silverstripe, as install.php does exist as a regular file (and that was ignored in the old version of the documentation) Similarily, the last rule in the htaccess snippet that should allow the access to the tinymce php files were never applied, as a previously listed regex did match and denied access. Even if it would have taken effect: as those files do exist on disk, they would have been handed out as-is and not been interpreted by php. Also the statement regarding accidental/exploitable execution of arbitrary php was misleading (and to some degree even wrong) in the old context. squashed commit as per pr#1791 2013-04-22 01:51:00 +02:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ~ /(mysite\|framework\|cms)/.*\.(php\|php3\|php4\|php5\|phtml\|inc)$ {`
			`deny all;`
			`}`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ~ /\.. {`
			`deny all;`
			`}`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ~ \.ss$ {`
			`satisfy any;`
			`allow 127.0.0.1;`
			`deny all;`
			`}`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ~ web\.config$ {`
			`deny all;`
			`}`
Document that yaml files shouldnt be served directly 2013-01-29 02:11:52 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`location ~ \.ya?ml$ {`
			`deny all;`
			`}`

			`location ^~ /vendor/ {`
			`deny all;`
			`}`

			`location ~* /silverstripe-cache/ {`
			`deny all;`
			`}`

			`location ~* composer\.(json\|lock)$ {`
			`deny all;`
			`}`

			`location ~* /(cms\|framework)/silverstripe_version$ {`
			`deny all;`
			`}`

			`location ~ \.php$ {`
Adding appropriate nginx fastcgi buffer config required for admin 2014-11-18 21:56:40 +01:00			`fastcgi_keep_conn on;`
			`fastcgi_pass 127.0.0.1:9000;`
			`fastcgi_index index.php;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`include fastcgi_params;`
			`fastcgi_buffer_size 32k;`
			`fastcgi_busy_buffers_size 64k;`
			`fastcgi_buffers 4 32k;`
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			`}`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00			`}`
Update documentation of nginx configuration - Avoid using "if" to check for file existence (use try_files instead) - Replicate the behavior of the .htaccess files - TODO: get static error pages to work 2012-12-14 23:26:13 +01:00
Update nginx.md Provides a nginx.conf that follows nginx good practices and duplicates the functionality of the .htaccess files in framework, cms and installer. 2014-03-10 10:48:22 +01:00			The above configuration sets up a virtual host `site.com` with
			`rewrite rules suited for SilverStripe. The location block for php files`
			`passes all php scripts to the FastCGI-wrapper via a TCP socket.`
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) 2011-02-07 07:48:44 +01:00
			`Now you can proceed with the SilverStripe installation normally.`