mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-28 20:29:15 +02:00
Merge pull request #7812 from oddnoc/configure-nginx-ss4
DOCS: Update nginx configuration for SilverStripe 4
This commit is contained in:
Daniel Hensby
GitHub
commit
09f88c76cf
@ -1,7 +1,7 @@
|
||||
# Nginx
|
||||
|
||||
These instructions are also covered on the
|
||||
[Nginx Wiki](http://wiki.nginx.org/SilverStripe).
|
||||
[Nginx Wiki](https://www.nginx.com/resources/wiki/start/topics/recipes/silverstripe/).
|
||||
|
||||
The prerequisite is that you have already installed Nginx and you are
|
||||
able to run PHP files via the FastCGI-wrapper from Nginx.
|
||||
@ -18,92 +18,78 @@ Especially be aware of [accidental php-execution](https://nealpoole.com/blog/201
|
||||
|
||||
But enough of the disclaimer, on to the actual configuration — typically in `nginx.conf`:
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
root /path/to/ss/folder;
|
||||
```nginx
|
||||
server {
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
client_max_body_size 0; # Manage this in php.ini
|
||||
listen 80;
|
||||
root /path/to/ss/folder;
|
||||
server_name example.com www.example.com;
|
||||
|
||||
server_name site.com www.site.com;
|
||||
# Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
|
||||
if ($http_x_forwarded_host) {
|
||||
return 400;
|
||||
}
|
||||
|
||||
# Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
|
||||
if ($http_x_forwarded_host) {
|
||||
return 400;
|
||||
}
|
||||
location / {
|
||||
try_files $uri /index.php?$query_string;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri /index.php?$query_string;
|
||||
}
|
||||
error_page 404 /assets/error-404.html;
|
||||
error_page 500 /assets/error-500.html;
|
||||
|
||||
error_page 404 /assets/error-404.html;
|
||||
error_page 500 /assets/error-500.html;
|
||||
location ^~ /assets/ {
|
||||
sendfile on;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ^~ /assets/ {
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
}
|
||||
sendfile on;
|
||||
try_files $uri /index.php?$query_string;
|
||||
}
|
||||
location /index.php {
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_busy_buffers_size 64k;
|
||||
fastcgi_buffers 4 32k;
|
||||
fastcgi_keep_conn on;
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
|
||||
fastcgi_keep_conn on;
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
# Denials
|
||||
location ~ /\.. {
|
||||
deny all;
|
||||
}
|
||||
location ~ \.ss$ {
|
||||
satisfy any;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
location ~ web\.config$ {
|
||||
deny all;
|
||||
}
|
||||
location ~ \.ya?ml$ {
|
||||
deny all;
|
||||
}
|
||||
location ~* README.*$ {
|
||||
deny all;
|
||||
}
|
||||
location ^~ /vendor/ {
|
||||
deny all;
|
||||
}
|
||||
location ~* /silverstripe-cache/ {
|
||||
deny all;
|
||||
}
|
||||
location ~* composer\.(json|lock)$ {
|
||||
deny all;
|
||||
}
|
||||
location ~* /(cms|framework)/silverstripe_version$ {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
location ~ /(mysite|framework|cms)/.*\.(php|php3|php4|php5|phtml|inc)$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /\.. {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ \.ss$ {
|
||||
satisfy any;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ web\.config$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ \.ya?ml$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ^~ /vendor/ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* /silverstripe-cache/ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* composer\.(json|lock)$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* /(cms|framework)/silverstripe_version$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_keep_conn on;
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_busy_buffers_size 64k;
|
||||
fastcgi_buffers 4 32k;
|
||||
}
|
||||
}
|
||||
|
||||
The above configuration sets up a virtual host `site.com` with
|
||||
rewrite rules suited for SilverStripe. The location block for php files
|
||||
passes all php scripts to the FastCGI-wrapper via a TCP socket.
|
||||
The above configuration sets up a virtual host `example.com` with
|
||||
rewrite rules suited for SilverStripe. The location block for index.php
|
||||
passes the php script to the FastCGI-wrapper via a TCP socket.
|
||||
|
||||
Now you can proceed with the SilverStripe installation normally.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user