2 # Friendica Nginx configuration
5 # On Debian based distributions you can add this file to
6 # /etc/nginx/sites-available
8 # Then customize to your needs. To enable the configuration
9 # symlink it to /etc/nginx/sites-enabled and reload Nginx
10 # using /etc/init.d/nginx reload
14 # You should look at the following URL's in order to grasp a solid understanding
15 # of Nginx configuration files in order to fully unleash the power of Nginx.
17 # http://wiki.nginx.org/Pitfalls
18 # http://wiki.nginx.org/QuickStart
19 # http://wiki.nginx.org/Configuration
23 # This configuration assumes your domain is example.net
24 # You have a separate subdomain friendica.example.net
25 # You want all friendica traffic to be https
26 # You have an SSL certificate and key for your subdomain
27 # You have PHP FastCGI Process Manager (php5-fpm) running on localhost
28 # You have Friendica installed in /mnt/friendica/www
32 server_name friendica.example.net;
34 root /mnt/friendica/www;
35 rewrite ^ https://friendica.example.net$request_uri? permanent;
39 # Configure Friendica with SSL
41 # All requests are routed to the front controller
42 # except for certain known file types like images, css, etc.
43 # Those are served statically whenever possible with a
44 # fall back to the front controller (needed for avatars, for example)
49 server_name friendica.example.net;
52 root /mnt/friendica/www;
55 ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
56 ssl_certificate_key /etc/nginx/ssl/example.net.key;
57 ssl_session_timeout 5m;
58 ssl_protocols SSLv3 TLSv1;
59 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
60 ssl_prefer_server_ciphers on;
62 # allow uploads up to 20MB in size
63 client_max_body_size 20m;
64 client_body_buffer_size 128k;
66 # rewrite to front controller as default rule
68 rewrite ^/(.*) /index.php?q=$uri&$args last;
71 # make sure webfinger and other well known services aren't blocked
72 # by denying dot files and rewrite request to the front controller
73 location ^~ /.well-known/ {
75 rewrite ^/(.*) /index.php?q=$uri&$args last;
78 # statically serve these file types when possible
79 # otherwise fall back to front controller
80 # allow browser to cache them
81 # added .htm for advanced source code editor library
82 location ~* \.(jpg|jpeg|gif|png|css|js|htm|html)$ {
84 try_files $uri /index.php?q=$uri&$args;
87 # block these file types
88 location ~* \.(tpl|md|tgz|log|out)$ {
92 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
94 fastcgi_split_path_info ^(.+\.php)(/.+)$;
95 # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
97 # With php5-cgi alone:
98 # fastcgi_pass 127.0.0.1:9000;
101 fastcgi_pass unix:/var/run/php5-fpm.sock;
102 fastcgi_index index.php;
103 include fastcgi_params;
106 # deny access to all dot files