mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Update nginx example to support assets better
- Enable viewing of draft assets - Disable viewing of .htaccess and .method - Enforce File.allowed_extensions (manually for now)
This commit is contained in:
parent
df4d2bd838
commit
22ae0e4387
@ -20,6 +20,7 @@ Especially be aware of [accidental php-execution](https://nealpoole.com/blog/201
|
||||
|
||||
* It does not cover serving securely over HTTPS.
|
||||
* It uses the new filesystem layout (with `public` directory) introduced in version 4.1.0. If your installation has been upgraded to 4.1+ from an older version and you have not [upgraded to the public folder](/changelogs/4.1.0.md), see the version of this documentation for version 4.0.
|
||||
* The regular expression for allowed file types must be manually updated if the File.allowed_extensions list is updated.
|
||||
* The error pages for 502 (Bad Gateway) and 503 (Service Unavailable) need to be manually created and published in the CMS (assuming use of the silverstripe/errorpage module).
|
||||
|
||||
```nginx
|
||||
@ -47,11 +48,33 @@ server {
|
||||
error_page 502 /assets/error-500.html;
|
||||
error_page 503 /assets/error-500.html;
|
||||
|
||||
location ^~ /assets/ {
|
||||
sendfile on;
|
||||
try_files $uri =404;
|
||||
# Support assets & resources #
|
||||
|
||||
# Never serve .gitignore, .htaccess, or .method
|
||||
location ~ /\.(gitignore|htaccess|method)$ {
|
||||
return 403;
|
||||
}
|
||||
|
||||
# Handle allowed file types (see caveats)
|
||||
# Pass unfound files to SilverStripe to check draft images
|
||||
location ~ ^/assets/.*\.(?i:css|js|ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|csv|dmg|doc|docx|dotx|flv|gif|gpx|gz|hqx|ico|jpeg|jpg|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|zip|zipx)$ {
|
||||
sendfile on;
|
||||
try_files $uri /index.php?$query_string;
|
||||
}
|
||||
|
||||
# Allow the error pages. Fail with 404 Not found.
|
||||
location ~ ^/assets/error-\d\d\d\.html$ {
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
# Fail all other assets requests as 404 Not found
|
||||
# Could also use 403 Forbidden or 444 (nginx drops the connection)
|
||||
location ~ ^/assets/ {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# End of assets & resources support #
|
||||
|
||||
location /index.php {
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_busy_buffers_size 64k;
|
||||
|
Loading…
Reference in New Issue
Block a user