X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mods%2Fsample-nginx.config;h=88edf1916234b97ed1778a0a5ed5a82d7934c1e5;hb=73e163100c108caee1e295d00ac8433ea62405be;hp=a3e4611960c879acc0f85a2610b6d5573f17758d;hpb=f44cb1ccce16ee76c2a47dc096f31058e78d59d8;p=friendica.git diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config index a3e4611960..88edf19162 100644 --- a/mods/sample-nginx.config +++ b/mods/sample-nginx.config @@ -20,6 +20,24 @@ # http://wiki.nginx.org/Configuration ## +## +# by https://syshero.org/2018-04-13-nginx-unique-request-identifier/ +# if X-Request-ID is set, NGINX will forward the same value to the next upstream +# if the header is not set, NGINX will generate a random request identifier and add it to the request. +# +# To guarantee backward compatibility, map to format the $request_id variable to a format that matches any old setups. +## + +map $request_id $formatted_id { + "~*(?[0-9a-f]{8})(?[0-9a-f]{4})(?[0-9a-f]{4})(?[0-9a-f]{4})(?.*)$" "${p1}-${p2}-${p3}-${p4}-${p5}"; +} + +map $http_x_request_id $uuid { + default "${request_id}"; + ~* "${http_x_request_id}"; +} + + ## # This configuration assumes your domain is example.net # You have a separate subdomain friendica.example.net @@ -35,7 +53,7 @@ server { index index.php; root /var/www/friendica; - rewrite ^ https://friendica.example.net$request_uri? permanent; + rewrite ^ https://$server_name$request_uri? permanent; } ## @@ -51,8 +69,6 @@ server { listen 443 ssl; server_name friendica.example.net; - ssl on; - #Traditional SSL ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem; ssl_certificate_key /etc/nginx/ssl/example.net.key; @@ -82,20 +98,19 @@ server { client_max_body_size 20m; client_body_buffer_size 128k; + # add the request id header to show it in the HTTP header output + add_header X-Request-ID $uuid; + # rewrite to front controller as default rule location / { - if (!-e $request_filename) { - rewrite ^(.*)$ /index.php?pagename=$1; - } + try_files $uri /index.php?pagename=$uri&$args; } # make sure webfinger and other well known services aren't blocked # by denying dot files and rewrite request to the front controller location ^~ /.well-known/ { allow all; - if (!-e $request_filename) { - rewrite ^(.*)$ /index.php?pagename=$1; - } + rewrite ^ /index.php?pagename=$uri; } include mime.types; @@ -126,11 +141,15 @@ server { # fastcgi_pass 127.0.0.1:9000; # With php7.0-fpm: - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; include fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_X_REQUEST_ID $uuid; + + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; } # block these file types @@ -142,4 +161,9 @@ server { location ~ /\. { deny all; } + + # deny access to the CLI scripts + location ^~ /bin { + deny all; + } }