# rewrite to front controller as default rule
location / {
- if (!-e $request_filename) {
- rewrite ^(.*)$ /index.php?pagename=$1;
- }
+ try_files $uri /index.php?pagename=$uri&$args;
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
- try_files $uri /index.php?pagename=$uri&$args;
+ rewrite ^ /index.php?pagename=$uri;
}
include mime.types;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+ fastcgi_buffers 16 16k;
+ fastcgi_buffer_size 32k;
}
# block these file types
location ~ /\. {
deny all;
}
+
+ # deny access to the CLI scripts
+ location ^~ /bin {
+ deny all;
+ }
}