2011-02-07 19:48:44 +13:00
|
|
|
# Nginx
|
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
These instructions are also covered in less detail on the
|
|
|
|
[Nginx Wiki](http://wiki.nginx.org/SilverStripe).
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
The prerequisite is that you have already installed Nginx and you are
|
|
|
|
able to run PHP files via the FastCGI-wrapper from Nginx.
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
Now you need to set up a virtual host in Nginx with the following
|
|
|
|
configuration settings:
|
2011-02-07 19:48:44 +13:00
|
|
|
|
|
|
|
server {
|
2012-12-14 14:26:13 -08:00
|
|
|
listen 80;
|
|
|
|
|
|
|
|
# SSL configuration (optional, but recommended for security)
|
|
|
|
include ssl
|
|
|
|
|
|
|
|
root /var/www/example.com;
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
|
|
|
|
server_name example.com;
|
2013-01-29 14:11:52 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
include silverstripe3;
|
|
|
|
include htaccess;
|
|
|
|
}
|
|
|
|
|
|
|
|
Here is the include file `silverstripe3`:
|
|
|
|
|
|
|
|
location / {
|
|
|
|
try_files $uri @silverstripe;
|
|
|
|
}
|
2013-01-29 14:11:52 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
location @silverstripe {
|
|
|
|
include fastcgi_params;
|
|
|
|
|
|
|
|
# Defend against arbitrary PHP code execution
|
|
|
|
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
|
|
|
# More info:
|
|
|
|
# https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root/framework/main.php;
|
|
|
|
fastcgi_param SCRIPT_NAME /framework/main.php;
|
|
|
|
fastcgi_param QUERY_STRING url=$uri&$args;
|
|
|
|
|
|
|
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
fastcgi_buffer_size 32k;
|
|
|
|
fastcgi_buffers 4 32k;
|
|
|
|
fastcgi_busy_buffers_size 64k;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
Here is the include file `htaccess`:
|
|
|
|
|
|
|
|
# Don't serve up any .htaccess files
|
|
|
|
location ~ /\.ht {
|
|
|
|
deny all;
|
|
|
|
}
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
# Deny access to silverstripe-cache
|
|
|
|
location ~ ^/silverstripe-cache {
|
|
|
|
deny all;
|
|
|
|
}
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
# Don't execute scripts in the assets
|
|
|
|
location ^~ /assets/ {
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
}
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2013-01-29 14:11:52 +13:00
|
|
|
# Block access to yaml files
|
|
|
|
location ~ \.yml$ {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
# cms & framework .htaccess rules
|
|
|
|
location ~ ^/(cms|framework|mysite)/.*\.(php|php[345]|phtml|inc)$ {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
location ~ ^/(cms|framework)/silverstripe_version$ {
|
|
|
|
deny all;
|
2011-02-07 19:48:44 +13:00
|
|
|
}
|
2012-12-14 14:26:13 -08:00
|
|
|
location ~ ^/framework/.*(main|static-main|rpc|tiny_mce_gzip)\.php$ {
|
|
|
|
allow all;
|
|
|
|
}
|
|
|
|
|
|
|
|
Here is the optional include file `ssl`:
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
listen 443 ssl;
|
|
|
|
ssl_certificate server.crt;
|
|
|
|
ssl_certificate_key server.key;
|
|
|
|
ssl_session_timeout 5m;
|
|
|
|
ssl_protocols SSLv3 TLSv1;
|
|
|
|
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
2011-02-07 19:48:44 +13:00
|
|
|
|
2012-12-14 14:26:13 -08:00
|
|
|
The above configuration sets up a virtual host `example.com` with
|
|
|
|
rewrite rules suited for SilverStripe. The location block named
|
|
|
|
`@silverstripe` passes all php scripts to the FastCGI-wrapper via a Unix
|
|
|
|
socket. This example is from a site running Ubuntu with the php5-fpm
|
|
|
|
package.
|
2011-02-07 19:48:44 +13:00
|
|
|
|
|
|
|
Now you can proceed with the SilverStripe installation normally.
|