tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-03 18:09:53 +02:00
Code Issues Projects Releases Wiki Activity
53128c5d2f
silverstripe-framework/docs/en/installation/nginx.md
Hamish Friedlander acfc0be471 Document that yaml files shouldnt be served directly
2013-01-29 14:11:52 +13:00

2.5 KiB
Raw Blame History

Nginx

These instructions are also covered in less detail on the Nginx Wiki.

The prerequisite is that you have already installed Nginx and you are able to run PHP files via the FastCGI-wrapper from Nginx.

Now you need to set up a virtual host in Nginx with the following configuration settings:

server {
	listen 80;
	
	# SSL configuration (optional, but recommended for security)
	include ssl
	
	root /var/www/example.com;
	index index.php index.html index.htm;
	
	server_name example.com;
	
	include silverstripe3;
	include htaccess;
}

Here is the include file silverstripe3:

location / {
	try_files $uri @silverstripe;
}
 
location @silverstripe {
	include fastcgi_params;
	
	# Defend against arbitrary PHP code execution
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	# More info:
	# https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	
	fastcgi_param SCRIPT_FILENAME $document_root/framework/main.php;
	fastcgi_param SCRIPT_NAME /framework/main.php;
	fastcgi_param QUERY_STRING url=$uri&$args;
	
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	fastcgi_buffer_size 32k;
	fastcgi_buffers 4 32k;
	fastcgi_busy_buffers_size 64k;
}

Here is the include file htaccess:

# Don't serve up any .htaccess files
location ~ /\.ht {
	deny all;
}

# Deny access to silverstripe-cache
location ~ ^/silverstripe-cache {
	deny all;
}

# Don't execute scripts in the assets
location ^~ /assets/ {
	try_files $uri $uri/ =404;
}

# Block access to yaml files
location ~ \.yml$ {
	deny all;
}

# cms & framework .htaccess rules
location ~ ^/(cms|framework|mysite)/.*\.(php|php[345]|phtml|inc)$ {
	deny all;
}
location ~ ^/(cms|framework)/silverstripe_version$ {
	deny all;
}
location ~ ^/framework/.*(main|static-main|rpc|tiny_mce_gzip)\.php$ {
	allow all;
}

Here is the optional include file ssl:

listen 443 ssl;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;

The above configuration sets up a virtual host example.com with rewrite rules suited for SilverStripe. The location block named @silverstripe passes all php scripts to the FastCGI-wrapper via a Unix socket. This example is from a site running Ubuntu with the php5-fpm package.

Now you can proceed with the SilverStripe installation normally.