-From: Olaf Conradi
-Hey @Friendica Support,
-
-Just wanted to share my #nginx configuration for #friendica with you guys.
-
-I noticed most of the existing configurations that are floating on the web for #nginx do not deny access to local files. Most of them use the following construct.
-
-location / {
- try_files $uri $uri/ index.php?q=$request_uri
-}
-
-This serves files like images statically, but also gives everyone access to the source code of your ~friendica ~friendica installation (tpl templates, sql files, etc). One should deny all locations except for images, javascript and css files. Setting these deny rules is tedious and needs maintenance when new directories are added.
-
-It's easier to route everything through the front controller except those known file types.
-
-Below is my configuration. First I forward non-SSL traffic to SSL.
+##
+# Friendica Nginx configuration
+# by Olaf Conradi
+#
+# On Debian based distributions you can add this file to
+# /etc/nginx/sites-available
+#
+# Then customize to your needs. To enable the configuration
+# symlink it to /etc/nginx/sites-enabled and reload Nginx using
+#
+# service nginx reload
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes your domain is example.net
+# You have a separate subdomain friendica.example.net
+# You want all Friendica traffic to be https
+# You have an SSL certificate and key for your subdomain
+# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
+# You have Friendica installed in /var/www/friendica
+##