listen 443 ssl;
server_name friendica.example.net;
- ssl on;
-
#Traditional SSL
ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
ssl_certificate_key /etc/nginx/ssl/example.net.key;
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
- try_files $uri /index.php?pagename=$uri&$args;
+ rewrite ^ /index.php?pagename=$uri;
}
include mime.types;
location ~ /\. {
deny all;
}
+
+ # deny access to the CLI scripts
+ location ^~ /bin {
+ deny all;
+ }
}