# You want all friendica traffic to be https
# You have an SSL certificate and key for your subdomain
# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
+# You have Friendica installed in /mnt/friendica/www
##
server {
# rewrite to front controller as default rule
location / {
- rewrite ^/(.*) /index.php?q=$1 last;
+ rewrite ^/(.*) /index.php?q=$uri&$args last;
}
- # make sure webfinger isn't blocked by denying dot files
- # and rewrite to front controller
- location = /.well-known/host-meta {
+ # make sure webfinger and other well known services aren't blocked
+ # by denying dot files and rewrite request to the front controller
+ location ^~ /.well-known/ {
allow all;
- rewrite ^/(.*) /index.php?q=$1 last;
+ rewrite ^/(.*) /index.php?q=$uri&$args last;
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
- location ~* \.(jpg|jpeg|gif|png|css|js|ico|htm|html)$ {
+ location ~* \.(jpg|jpeg|gif|png|css|js|htm|html)$ {
expires 30d;
try_files $uri /index.php?q=$uri&$args;
}
-
# block these file types
- location ~* \.(tpl|md|git|tgz|log|out) {
+ location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
- # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
- # # With php5-cgi alone:
+ # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+
+ # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
+
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
- # deny access to all dot files (including .htaccess)
+ # deny access to all dot files
location ~ /\. {
deny all;
}
projects / friendica.git / commitdiff