2 # Friendica Nginx configuration
5 # On debian based distributions you can add this file to
6 # /etc/nginx/sites-available
8 # Then customize to your needs. To enable the configuration
9 # symlink it to /etc/nginx/sites-enabled and reload Nginx
10 # using /etc/init.d/nginx reload
14 # You should look at the following URL's in order to grasp a solid understanding
15 # of Nginx configuration files in order to fully unleash the power of Nginx.
17 # http://wiki.nginx.org/Pitfalls
18 # http://wiki.nginx.org/QuickStart
19 # http://wiki.nginx.org/Configuration
23 # This configuration assumes your domain is example.net
24 # You have a seperate subdomain friendica.example.net
25 # You want all friendica traffic to be https
26 # You have an SSL certificate and key for your subdomain
27 # You have PHP FastCGI Process Manager (php5-fpm) running on localhost
31 server_name friendica.example.net;
33 root /mnt/friendica/www;
34 rewrite ^ https://friendica.example.net$request_uri? permanent;
38 # Configure Friendica with SSL
40 # All requests are routed to the front controller
41 # except for certain known file types like images, css, etc.
42 # Those are served statically whenever possible with a
43 # fall back to the front controller (needed for avatars, for example)
48 server_name friendica.example.net;
51 root /mnt/friendica/www;
54 ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
55 ssl_certificate_key /etc/nginx/ssl/example.net.key;
56 ssl_session_timeout 5m;
57 ssl_protocols SSLv3 TLSv1;
58 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
59 ssl_prefer_server_ciphers on;
61 # allow uploads up to 20MB in size
62 client_max_body_size 20m;
63 client_body_buffer_size 128k;
65 # rewrite to front controller as default rule
67 rewrite ^/(.*) /index.php?q=$1 last;
70 # make sure webfinger isn't blocked by denying dot files
71 # and rewrite to front controller
72 location = /.well-known/host-meta {
74 rewrite ^/(.*) /index.php?q=$1 last;
77 # statically serve these file types when possible
78 # otherwise fall back to front controller
79 # allow browser to cache them
80 # added .htm for advanced source code editor library
81 location ~* \.(jpg|jpeg|gif|png|css|js|ico|htm|html)$ {
83 try_files $uri /index.php?q=$uri&$args;
87 # block these file types
88 location ~* \.(tpl|md|git|tgz|log|out) {
92 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
94 fastcgi_split_path_info ^(.+\.php)(/.+)$;
95 # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
96 # # With php5-cgi alone:
97 # fastcgi_pass 127.0.0.1:9000;
99 fastcgi_pass unix:/var/run/php5-fpm.sock;
100 fastcgi_index index.php;
101 include fastcgi_params;
104 # deny access to all dot files (including .htaccess)