]> git.mxchange.org Git - friendica.git/commitdiff
revertig file movements
authorTobias Diekershoff <tobias.diekershoff@gmx.net>
Tue, 15 May 2018 17:23:13 +0000 (19:23 +0200)
committerTobias Diekershoff <tobias.diekershoff@gmx.net>
Tue, 15 May 2018 17:23:13 +0000 (19:23 +0200)
doc/server-config/readme.txt [deleted file]
doc/server-config/sample-Lighttpd.config [deleted file]
doc/server-config/sample-nginx-reverse-proxy.config [deleted file]
doc/server-config/sample-nginx.config [deleted file]
mods/redme.txt [new file with mode: 0644]
mods/sample-Lighttpd.config [new file with mode: 0644]
mods/sample-nginx-reverse-proxy.config [new file with mode: 0644]
mods/sample-nginx.config [new file with mode: 0644]

diff --git a/doc/server-config/readme.txt b/doc/server-config/readme.txt
deleted file mode 100644 (file)
index 8fc1c48..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-sample-Lighttpd.config
-sample-nginx.config
-
-               Sample configuration files to use Friendica with Lighttpd
-               or Nginx. Pleas check software documentation to know how modify
-               these examples to make them work on your server.
-
-
-sample-systemd.timer
-sample-systemd.service
-
-               Sample systemd unit files to start worker.php periodically.
-               
-               Please place them in the correct location for your system,
-               typically this is /etc/systemd/system/friendicaworker.timer 
-               and /etc/systemd/system/friendicaworker.service.
-               Please report problems and improvements to 
-               !helpers@forum.friendi.ca and @utzer@social.yl.ms or open an 
-               issue in Github (https://github.com/friendica/friendica/issues).
-               This is for usage of systemd instead of cron to start the worker.php
-               periodically, the solution is work-in-progress and can surely be improved.
-
-home.css
-home.html
-
-               Example files to customize the landing page of your Friendica node.
-               The home.html file contains the text of the page, the home.css file
-               the style information. The login box will be added according to the
-               other system settings.
-               Both files have to be placed in the base directory of your Friendica
-               installation to be used for the landing page.
diff --git a/doc/server-config/sample-Lighttpd.config b/doc/server-config/sample-Lighttpd.config
deleted file mode 100644 (file)
index 1c83700..0000000
+++ /dev/null
@@ -1,138 +0,0 @@
-Below is a sample config for Lighttpd that 
-seems to work well on Debian Squeeze, with "lighttpd/1.4.28 (ssl)"
-
-The idea is: if someone enters the bare URL for my site, 'example.com',
-they get redirected to https://example.com/index.html, which is simply a
-page with two links on it: https://wordpress.example.com and
-https://friendica.example.com.
-
-If someone enters https://example.com, they get redirected to
-https://wordpress.example.com/main/, which is the 'main' blog in a Word
-Press 'network install' of the 'subdirectory' variety.
-
-I thought it might be nice to offer people who join my Friendica
-instance their own blogs, if they like.
-
-One can obtain free, signed, single subdomain SSL certificates from
-StartCom CA, which upon checking I noticed was already installed in both
-Firefox and Google Chromium.  Info at http://cert.startcom.org/ .  So I
-got one for each site, and have Lighty use the appropriate cert based on
-the requested URL.
-
-Enjoy!
-
-On Debian Jessie with lighttpd 1.4.35-4 there was a problem encountered
-between curl (which is used by Friendica in the background) and lighttp.
-This problem caused requests being served with an error code of 417 in
-the logs and no delivery of postings from the contacts.
-
-One can solve the issue by adding
-
-    server.reject-expect-100-with-417 = "disable"
-
-to the lighttpd configuratiion file (e.g. in the beginning with the
-other 'server.xxx' settings.
-
----------------( config starts )-----------------
-
-debug.log-request-handling = "disable"
-debug.log-condition-handling = "disable"
-
-server.modules = (
-        "mod_access",
-        "mod_alias",
-        "mod_compress",
-        "mod_redirect",
-        "mod_fastcgi",
-        "mod_rewrite"
-)
-
-server.document-root        = "/var/www"
-server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/var/run/lighttpd.pid"
-server.username             = "www-data"
-server.groupname            = "www-data"
-
-# enable SSL
-ssl.engine = "enable"
-ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
-ssl.ca-file = "/etc/lighttpd/ssl/ca.pem"
-
-# fix for problem between curl and lighttpd
-server.reject-expect-100-with-417 = "disable"
-
-# Send everybody to landing page:
-$SERVER["socket"] == ":80" {
-
-$HTTP["scheme"] == "http" {
-    $HTTP["host"] =~ ".*" {
-    # This next redirect doesn't appear to ever execute in Firefox
-    # (sometimes, anyway -- caching issue?), but it does seem to
-    # reliably in Google's Chromium browser. If I change it here
-    # and restart Lighty, Firefox still goes to the URL in the
-    # last 'else' below. Or something.
-Sometimes.
-        server.document-root = "/var/www"
-        url.redirect = (".*" => "https://example.com")
-    }
-}
-
-}
-else $SERVER["socket"] == ":443" {
-
-$HTTP["scheme"] == "https" {
-
-    $HTTP["host"] == "wordpress.example.com" {
-        server.document-root = "/var/www/wordpress"
-        ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
-        # include "wpmu-rewrites.conf"
-        url.rewrite-if-not-file = (
-            "^/(.*/)?files/$" => "/index.php",
-             "^/(.*/)?files/(.*)" => "/wp-includes/ms-files.php?file=$2",
-             "^(/wp-admin/.*)" => "$1",
-             "^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
-             "^/([_0-9a-zA-Z-]+/)?(.*\.php)" => "/$2",
-             "^/(.*)/?$" => "/index.php/$1"
-        )
-    }
-    else $HTTP["host"] == "friendica.example.com" {
-        server.document-root = "/var/www/friendica"
-        ssl.pemfile = "/etc/lighttpd/ssl/friendica.pem"
-        # Got the following 'Drupal Clean URL'after Mike suggested trying
-        # something along those lines, from http://drupal.org/node/1414950
-        url.rewrite-if-not-file = (
-            "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
-            "^\/(.*)$" => "/index.php?q=$1"
-        )
-    }
-    else $HTTP["host"] !~ "(friendica.example.com|wordpress.example.com)" {
-        server.document-root = "/var/www/wordpress"
-        ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
-        url.redirect = (".*" => "https://wordpress.example.com/main/")
-    }
-}
-
-}
-
-index-file.names            = ( "index.php", "index.html",
-                                "index.htm", "default.htm",
-                               "index.lighttpd.html" )
-
-url.access-deny             = ( "~", ".inc" )
-
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-include_shell "/usr/share/lighttpd/use-ipv6.pl"
-
-dir-listing.encoding        = "utf-8"
-server.dir-listing          = "disable"
-
-#compress.cache-dir          = "/var/cache/lighttpd/compress/"
-#compress.filetype           = ( "application/x-javascript", "text/css", "text/html", "text/p\lain" )
-
-
-include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-
----------------( config ends )-----------------
diff --git a/doc/server-config/sample-nginx-reverse-proxy.config b/doc/server-config/sample-nginx-reverse-proxy.config
deleted file mode 100644 (file)
index afc74df..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# Example of NGINX as reverse-proxy terminating an HTTPS connection.
-#
-# This is not a complete NGINX config.
-#
-# Please refer to NGINX docs
-#
-
-# Note provided by Gabe R.: if you are using nginx as proxy server for Apache2
-# make sure your nginx config DOES NOT contain the following
-# -----
-# location ~ /.well-known {
-#  allow all;
-#  }
-# -----
-...
-
-server {
-
-       ...
-
-       # assuming Friendica runs on port 8080
-       location / {
-               if ( $scheme != https ) {
-                       # Force Redirect to HTTPS
-                       return 302 https://$host$uri;
-               }
-               proxy_pass http://localhost:8080;
-               proxy_redirect off;
-               proxy_set_header Host $host;
-               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-               proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; proto=$scheme";
-       }
-
-       ...
-
-}
diff --git a/doc/server-config/sample-nginx.config b/doc/server-config/sample-nginx.config
deleted file mode 100644 (file)
index 6bf75bd..0000000
+++ /dev/null
@@ -1,141 +0,0 @@
-##
-# Friendica Nginx configuration
-# by Olaf Conradi
-#
-# On Debian based distributions you can add this file to
-# /etc/nginx/sites-available
-#
-# Then customize to your needs. To enable the configuration
-# symlink it to /etc/nginx/sites-enabled and reload Nginx using
-#
-# service nginx reload
-##
-
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-#
-# http://wiki.nginx.org/Pitfalls
-# http://wiki.nginx.org/QuickStart
-# http://wiki.nginx.org/Configuration
-##
-
-##
-# This configuration assumes your domain is example.net
-# You have a separate subdomain friendica.example.net
-# You want all Friendica traffic to be https
-# You have an SSL certificate and key for your subdomain
-# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
-# You have Friendica installed in /var/www/friendica
-##
-
-server {
-  listen 80;
-  server_name friendica.example.net;
-
-  index index.php;
-  root /var/www/friendica;
-  rewrite ^ https://friendica.example.net$request_uri? permanent;
-}
-
-##
-# Configure Friendica with SSL
-#
-# All requests are routed to the front controller
-# except for certain known file types like images, css, etc.
-# Those are served statically whenever possible with a
-# fall back to the front controller (needed for avatars, for example)
-##
-
-server {
-  listen 443 ssl;
-  server_name friendica.example.net;
-
-  ssl on;
-
-  #Traditional SSL
-  ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
-  ssl_certificate_key /etc/nginx/ssl/example.net.key;
-
-  # If you have used letsencrypt as your SSL provider, remove the previous two lines, and uncomment the following two (adjusting the path) instead.
-  # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
-  # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
-
-  ssl_session_timeout 5m;
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
-  ssl_prefer_server_ciphers on;
-
-  fastcgi_param HTTPS on;
-
-  index index.php;
-  charset utf-8;
-  root /var/www/friendica;
-  access_log /var/log/nginx/friendica.log;
-    #Uncomment the following line to include a standard configuration file
-    #Note that the most specific rule wins and your standard configuration
-    #will therefore *add* to this file, but not override it.
-  #include standard.conf
-  # allow uploads up to 20MB in size
-  client_max_body_size 20m;
-  client_body_buffer_size 128k;
-
-  # rewrite to front controller as default rule
-  location / {
-    if ($is_args != "") {
-        rewrite ^/(.*) /index.php?pagename=$uri&$args last;
-    }
-    rewrite ^/(.*) /index.php?pagename=$uri last;
-  }
-
-  # make sure webfinger and other well known services aren't blocked
-  # by denying dot files and rewrite request to the front controller
-  location ^~ /.well-known/ {
-    allow all;
-    rewrite ^/(.*) /index.php?pagename=$uri&$args last;
-  }
-
-  # statically serve these file types when possible
-  # otherwise fall back to front controller
-  # allow browser to cache them
-  # added .htm for advanced source code editor library
-  location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
-    expires 30d;
-    try_files $uri /index.php?pagename=$uri&$args;
-  }
-
-  # block these file types
-  location ~* \.(tpl|md|tgz|log|out)$ {
-    deny all;
-  }
-
-  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-  # or a unix socket
-  location ~* \.php$ {
-    # Zero-day exploit defense.
-    # http://forum.nginx.org/read.php?2,88845,page=3
-    # Won't work properly (404 error) if the file is not stored on this
-    # server, which is entirely possible with php-fpm/php-fcgi.
-    # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
-    # another machine.  And then cross your fingers that you won't get hacked.
-    try_files $uri =404;
-
-    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
-    # With php5-cgi alone:
-    # fastcgi_pass 127.0.0.1:9000;
-
-    # With php5-fpm:
-    fastcgi_pass unix:/var/run/php5-fpm.sock;
-
-    include fastcgi_params;
-    fastcgi_index index.php;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-  }
-
-  # deny access to all dot files
-  location ~ /\. {
-    deny all;
-  }
-}
diff --git a/mods/redme.txt b/mods/redme.txt
new file mode 100644 (file)
index 0000000..8fc1c48
--- /dev/null
@@ -0,0 +1,31 @@
+sample-Lighttpd.config
+sample-nginx.config
+
+               Sample configuration files to use Friendica with Lighttpd
+               or Nginx. Pleas check software documentation to know how modify
+               these examples to make them work on your server.
+
+
+sample-systemd.timer
+sample-systemd.service
+
+               Sample systemd unit files to start worker.php periodically.
+               
+               Please place them in the correct location for your system,
+               typically this is /etc/systemd/system/friendicaworker.timer 
+               and /etc/systemd/system/friendicaworker.service.
+               Please report problems and improvements to 
+               !helpers@forum.friendi.ca and @utzer@social.yl.ms or open an 
+               issue in Github (https://github.com/friendica/friendica/issues).
+               This is for usage of systemd instead of cron to start the worker.php
+               periodically, the solution is work-in-progress and can surely be improved.
+
+home.css
+home.html
+
+               Example files to customize the landing page of your Friendica node.
+               The home.html file contains the text of the page, the home.css file
+               the style information. The login box will be added according to the
+               other system settings.
+               Both files have to be placed in the base directory of your Friendica
+               installation to be used for the landing page.
diff --git a/mods/sample-Lighttpd.config b/mods/sample-Lighttpd.config
new file mode 100644 (file)
index 0000000..1c83700
--- /dev/null
@@ -0,0 +1,138 @@
+Below is a sample config for Lighttpd that 
+seems to work well on Debian Squeeze, with "lighttpd/1.4.28 (ssl)"
+
+The idea is: if someone enters the bare URL for my site, 'example.com',
+they get redirected to https://example.com/index.html, which is simply a
+page with two links on it: https://wordpress.example.com and
+https://friendica.example.com.
+
+If someone enters https://example.com, they get redirected to
+https://wordpress.example.com/main/, which is the 'main' blog in a Word
+Press 'network install' of the 'subdirectory' variety.
+
+I thought it might be nice to offer people who join my Friendica
+instance their own blogs, if they like.
+
+One can obtain free, signed, single subdomain SSL certificates from
+StartCom CA, which upon checking I noticed was already installed in both
+Firefox and Google Chromium.  Info at http://cert.startcom.org/ .  So I
+got one for each site, and have Lighty use the appropriate cert based on
+the requested URL.
+
+Enjoy!
+
+On Debian Jessie with lighttpd 1.4.35-4 there was a problem encountered
+between curl (which is used by Friendica in the background) and lighttp.
+This problem caused requests being served with an error code of 417 in
+the logs and no delivery of postings from the contacts.
+
+One can solve the issue by adding
+
+    server.reject-expect-100-with-417 = "disable"
+
+to the lighttpd configuratiion file (e.g. in the beginning with the
+other 'server.xxx' settings.
+
+---------------( config starts )-----------------
+
+debug.log-request-handling = "disable"
+debug.log-condition-handling = "disable"
+
+server.modules = (
+        "mod_access",
+        "mod_alias",
+        "mod_compress",
+        "mod_redirect",
+        "mod_fastcgi",
+        "mod_rewrite"
+)
+
+server.document-root        = "/var/www"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "www-data"
+server.groupname            = "www-data"
+
+# enable SSL
+ssl.engine = "enable"
+ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
+ssl.ca-file = "/etc/lighttpd/ssl/ca.pem"
+
+# fix for problem between curl and lighttpd
+server.reject-expect-100-with-417 = "disable"
+
+# Send everybody to landing page:
+$SERVER["socket"] == ":80" {
+
+$HTTP["scheme"] == "http" {
+    $HTTP["host"] =~ ".*" {
+    # This next redirect doesn't appear to ever execute in Firefox
+    # (sometimes, anyway -- caching issue?), but it does seem to
+    # reliably in Google's Chromium browser. If I change it here
+    # and restart Lighty, Firefox still goes to the URL in the
+    # last 'else' below. Or something.
+Sometimes.
+        server.document-root = "/var/www"
+        url.redirect = (".*" => "https://example.com")
+    }
+}
+
+}
+else $SERVER["socket"] == ":443" {
+
+$HTTP["scheme"] == "https" {
+
+    $HTTP["host"] == "wordpress.example.com" {
+        server.document-root = "/var/www/wordpress"
+        ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
+        # include "wpmu-rewrites.conf"
+        url.rewrite-if-not-file = (
+            "^/(.*/)?files/$" => "/index.php",
+             "^/(.*/)?files/(.*)" => "/wp-includes/ms-files.php?file=$2",
+             "^(/wp-admin/.*)" => "$1",
+             "^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
+             "^/([_0-9a-zA-Z-]+/)?(.*\.php)" => "/$2",
+             "^/(.*)/?$" => "/index.php/$1"
+        )
+    }
+    else $HTTP["host"] == "friendica.example.com" {
+        server.document-root = "/var/www/friendica"
+        ssl.pemfile = "/etc/lighttpd/ssl/friendica.pem"
+        # Got the following 'Drupal Clean URL'after Mike suggested trying
+        # something along those lines, from http://drupal.org/node/1414950
+        url.rewrite-if-not-file = (
+            "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
+            "^\/(.*)$" => "/index.php?q=$1"
+        )
+    }
+    else $HTTP["host"] !~ "(friendica.example.com|wordpress.example.com)" {
+        server.document-root = "/var/www/wordpress"
+        ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
+        url.redirect = (".*" => "https://wordpress.example.com/main/")
+    }
+}
+
+}
+
+index-file.names            = ( "index.php", "index.html",
+                                "index.htm", "default.htm",
+                               "index.lighttpd.html" )
+
+url.access-deny             = ( "~", ".inc" )
+
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+include_shell "/usr/share/lighttpd/use-ipv6.pl"
+
+dir-listing.encoding        = "utf-8"
+server.dir-listing          = "disable"
+
+#compress.cache-dir          = "/var/cache/lighttpd/compress/"
+#compress.filetype           = ( "application/x-javascript", "text/css", "text/html", "text/p\lain" )
+
+
+include_shell "/usr/share/lighttpd/create-mime.assign.pl"
+include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
+
+---------------( config ends )-----------------
diff --git a/mods/sample-nginx-reverse-proxy.config b/mods/sample-nginx-reverse-proxy.config
new file mode 100644 (file)
index 0000000..afc74df
--- /dev/null
@@ -0,0 +1,37 @@
+#
+# Example of NGINX as reverse-proxy terminating an HTTPS connection.
+#
+# This is not a complete NGINX config.
+#
+# Please refer to NGINX docs
+#
+
+# Note provided by Gabe R.: if you are using nginx as proxy server for Apache2
+# make sure your nginx config DOES NOT contain the following
+# -----
+# location ~ /.well-known {
+#  allow all;
+#  }
+# -----
+...
+
+server {
+
+       ...
+
+       # assuming Friendica runs on port 8080
+       location / {
+               if ( $scheme != https ) {
+                       # Force Redirect to HTTPS
+                       return 302 https://$host$uri;
+               }
+               proxy_pass http://localhost:8080;
+               proxy_redirect off;
+               proxy_set_header Host $host;
+               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+               proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; proto=$scheme";
+       }
+
+       ...
+
+}
diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config
new file mode 100644 (file)
index 0000000..6bf75bd
--- /dev/null
@@ -0,0 +1,141 @@
+##
+# Friendica Nginx configuration
+# by Olaf Conradi
+#
+# On Debian based distributions you can add this file to
+# /etc/nginx/sites-available
+#
+# Then customize to your needs. To enable the configuration
+# symlink it to /etc/nginx/sites-enabled and reload Nginx using
+#
+# service nginx reload
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes your domain is example.net
+# You have a separate subdomain friendica.example.net
+# You want all Friendica traffic to be https
+# You have an SSL certificate and key for your subdomain
+# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
+# You have Friendica installed in /var/www/friendica
+##
+
+server {
+  listen 80;
+  server_name friendica.example.net;
+
+  index index.php;
+  root /var/www/friendica;
+  rewrite ^ https://friendica.example.net$request_uri? permanent;
+}
+
+##
+# Configure Friendica with SSL
+#
+# All requests are routed to the front controller
+# except for certain known file types like images, css, etc.
+# Those are served statically whenever possible with a
+# fall back to the front controller (needed for avatars, for example)
+##
+
+server {
+  listen 443 ssl;
+  server_name friendica.example.net;
+
+  ssl on;
+
+  #Traditional SSL
+  ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
+  ssl_certificate_key /etc/nginx/ssl/example.net.key;
+
+  # If you have used letsencrypt as your SSL provider, remove the previous two lines, and uncomment the following two (adjusting the path) instead.
+  # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+  # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+
+  ssl_session_timeout 5m;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+  ssl_prefer_server_ciphers on;
+
+  fastcgi_param HTTPS on;
+
+  index index.php;
+  charset utf-8;
+  root /var/www/friendica;
+  access_log /var/log/nginx/friendica.log;
+    #Uncomment the following line to include a standard configuration file
+    #Note that the most specific rule wins and your standard configuration
+    #will therefore *add* to this file, but not override it.
+  #include standard.conf
+  # allow uploads up to 20MB in size
+  client_max_body_size 20m;
+  client_body_buffer_size 128k;
+
+  # rewrite to front controller as default rule
+  location / {
+    if ($is_args != "") {
+        rewrite ^/(.*) /index.php?pagename=$uri&$args last;
+    }
+    rewrite ^/(.*) /index.php?pagename=$uri last;
+  }
+
+  # make sure webfinger and other well known services aren't blocked
+  # by denying dot files and rewrite request to the front controller
+  location ^~ /.well-known/ {
+    allow all;
+    rewrite ^/(.*) /index.php?pagename=$uri&$args last;
+  }
+
+  # statically serve these file types when possible
+  # otherwise fall back to front controller
+  # allow browser to cache them
+  # added .htm for advanced source code editor library
+  location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
+    expires 30d;
+    try_files $uri /index.php?pagename=$uri&$args;
+  }
+
+  # block these file types
+  location ~* \.(tpl|md|tgz|log|out)$ {
+    deny all;
+  }
+
+  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+  # or a unix socket
+  location ~* \.php$ {
+    # Zero-day exploit defense.
+    # http://forum.nginx.org/read.php?2,88845,page=3
+    # Won't work properly (404 error) if the file is not stored on this
+    # server, which is entirely possible with php-fpm/php-fcgi.
+    # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+    # another machine.  And then cross your fingers that you won't get hacked.
+    try_files $uri =404;
+
+    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+    # With php5-cgi alone:
+    # fastcgi_pass 127.0.0.1:9000;
+
+    # With php5-fpm:
+    fastcgi_pass unix:/var/run/php5-fpm.sock;
+
+    include fastcgi_params;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+  }
+
+  # deny access to all dot files
+  location ~ /\. {
+    deny all;
+  }
+}