--- /dev/null
+sample-Lighttpd.config
+sample-nginx.config
+
+ Sample configuration files to use Friendica with Lighttpd
+ or Nginx. Pleas check software documentation to know how modify
+ these examples to make them work on your server.
+
+
+sample-systemd.timer
+sample-systemd.service
+
+ Sample systemd unit files to start worker.php periodically.
+
+ Please place them in the correct location for your system,
+ typically this is /etc/systemd/system/friendicaworker.timer
+ and /etc/systemd/system/friendicaworker.service.
+ Please report problems and improvements to
+ !helpers@forum.friendi.ca and @utzer@social.yl.ms or open an
+ issue in Github (https://github.com/friendica/friendica/issues).
+ This is for usage of systemd instead of cron to start the worker.php
+ periodically, the solution is work-in-progress and can surely be improved.
+
+home.css
+home.html
+
+ Example files to customize the landing page of your Friendica node.
+ The home.html file contains the text of the page, the home.css file
+ the style information. The login box will be added according to the
+ other system settings.
+ Both files have to be placed in the base directory of your Friendica
+ installation to be used for the landing page.
--- /dev/null
+Below is a sample config for Lighttpd that
+seems to work well on Debian Squeeze, with "lighttpd/1.4.28 (ssl)"
+
+The idea is: if someone enters the bare URL for my site, 'example.com',
+they get redirected to https://example.com/index.html, which is simply a
+page with two links on it: https://wordpress.example.com and
+https://friendica.example.com.
+
+If someone enters https://example.com, they get redirected to
+https://wordpress.example.com/main/, which is the 'main' blog in a Word
+Press 'network install' of the 'subdirectory' variety.
+
+I thought it might be nice to offer people who join my Friendica
+instance their own blogs, if they like.
+
+One can obtain free, signed, single subdomain SSL certificates from
+StartCom CA, which upon checking I noticed was already installed in both
+Firefox and Google Chromium. Info at http://cert.startcom.org/ . So I
+got one for each site, and have Lighty use the appropriate cert based on
+the requested URL.
+
+Enjoy!
+
+On Debian Jessie with lighttpd 1.4.35-4 there was a problem encountered
+between curl (which is used by Friendica in the background) and lighttp.
+This problem caused requests being served with an error code of 417 in
+the logs and no delivery of postings from the contacts.
+
+One can solve the issue by adding
+
+ server.reject-expect-100-with-417 = "disable"
+
+to the lighttpd configuratiion file (e.g. in the beginning with the
+other 'server.xxx' settings.
+
+---------------( config starts )-----------------
+
+debug.log-request-handling = "disable"
+debug.log-condition-handling = "disable"
+
+server.modules = (
+ "mod_access",
+ "mod_alias",
+ "mod_compress",
+ "mod_redirect",
+ "mod_fastcgi",
+ "mod_rewrite"
+)
+
+server.document-root = "/var/www"
+server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
+server.errorlog = "/var/log/lighttpd/error.log"
+server.pid-file = "/var/run/lighttpd.pid"
+server.username = "www-data"
+server.groupname = "www-data"
+
+# enable SSL
+ssl.engine = "enable"
+ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
+ssl.ca-file = "/etc/lighttpd/ssl/ca.pem"
+
+# fix for problem between curl and lighttpd
+server.reject-expect-100-with-417 = "disable"
+
+# Send everybody to landing page:
+$SERVER["socket"] == ":80" {
+
+$HTTP["scheme"] == "http" {
+ $HTTP["host"] =~ ".*" {
+ # This next redirect doesn't appear to ever execute in Firefox
+ # (sometimes, anyway -- caching issue?), but it does seem to
+ # reliably in Google's Chromium browser. If I change it here
+ # and restart Lighty, Firefox still goes to the URL in the
+ # last 'else' below. Or something.
+Sometimes.
+ server.document-root = "/var/www"
+ url.redirect = (".*" => "https://example.com")
+ }
+}
+
+}
+else $SERVER["socket"] == ":443" {
+
+$HTTP["scheme"] == "https" {
+
+ $HTTP["host"] == "wordpress.example.com" {
+ server.document-root = "/var/www/wordpress"
+ ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
+ # include "wpmu-rewrites.conf"
+ url.rewrite-if-not-file = (
+ "^/(.*/)?files/$" => "/index.php",
+ "^/(.*/)?files/(.*)" => "/wp-includes/ms-files.php?file=$2",
+ "^(/wp-admin/.*)" => "$1",
+ "^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
+ "^/([_0-9a-zA-Z-]+/)?(.*\.php)" => "/$2",
+ "^/(.*)/?$" => "/index.php/$1"
+ )
+ }
+ else $HTTP["host"] == "friendica.example.com" {
+ server.document-root = "/var/www/friendica"
+ ssl.pemfile = "/etc/lighttpd/ssl/friendica.pem"
+ # Got the following 'Drupal Clean URL'after Mike suggested trying
+ # something along those lines, from http://drupal.org/node/1414950
+ url.rewrite-if-not-file = (
+ "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
+ "^\/(.*)$" => "/index.php?q=$1"
+ )
+ }
+ else $HTTP["host"] !~ "(friendica.example.com|wordpress.example.com)" {
+ server.document-root = "/var/www/wordpress"
+ ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
+ url.redirect = (".*" => "https://wordpress.example.com/main/")
+ }
+}
+
+}
+
+index-file.names = ( "index.php", "index.html",
+ "index.htm", "default.htm",
+ "index.lighttpd.html" )
+
+url.access-deny = ( "~", ".inc" )
+
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+include_shell "/usr/share/lighttpd/use-ipv6.pl"
+
+dir-listing.encoding = "utf-8"
+server.dir-listing = "disable"
+
+#compress.cache-dir = "/var/cache/lighttpd/compress/"
+#compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/p\lain" )
+
+
+include_shell "/usr/share/lighttpd/create-mime.assign.pl"
+include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
+
+---------------( config ends )-----------------
--- /dev/null
+#
+# Example of NGINX as reverse-proxy terminating an HTTPS connection.
+#
+# This is not a complete NGINX config.
+#
+# Please refer to NGINX docs
+#
+
+# Note provided by Gabe R.: if you are using nginx as proxy server for Apache2
+# make sure your nginx config DOES NOT contain the following
+# -----
+# location ~ /.well-known {
+# allow all;
+# }
+# -----
+...
+
+server {
+
+ ...
+
+ # assuming Friendica runs on port 8080
+ location / {
+ if ( $scheme != https ) {
+ # Force Redirect to HTTPS
+ return 302 https://$host$uri;
+ }
+ proxy_pass http://localhost:8080;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; proto=$scheme";
+ }
+
+ ...
+
+}
--- /dev/null
+##
+# Friendica Nginx configuration
+# by Olaf Conradi
+#
+# On Debian based distributions you can add this file to
+# /etc/nginx/sites-available
+#
+# Then customize to your needs. To enable the configuration
+# symlink it to /etc/nginx/sites-enabled and reload Nginx using
+#
+# service nginx reload
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes your domain is example.net
+# You have a separate subdomain friendica.example.net
+# You want all Friendica traffic to be https
+# You have an SSL certificate and key for your subdomain
+# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
+# You have Friendica installed in /var/www/friendica
+##
+
+server {
+ listen 80;
+ server_name friendica.example.net;
+
+ index index.php;
+ root /var/www/friendica;
+ rewrite ^ https://friendica.example.net$request_uri? permanent;
+}
+
+##
+# Configure Friendica with SSL
+#
+# All requests are routed to the front controller
+# except for certain known file types like images, css, etc.
+# Those are served statically whenever possible with a
+# fall back to the front controller (needed for avatars, for example)
+##
+
+server {
+ listen 443 ssl;
+ server_name friendica.example.net;
+
+ ssl on;
+
+ #Traditional SSL
+ ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
+ ssl_certificate_key /etc/nginx/ssl/example.net.key;
+
+ # If you have used letsencrypt as your SSL provider, remove the previous two lines, and uncomment the following two (adjusting the path) instead.
+ # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+ # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+
+ ssl_session_timeout 5m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+ ssl_prefer_server_ciphers on;
+
+ fastcgi_param HTTPS on;
+
+ index index.php;
+ charset utf-8;
+ root /var/www/friendica;
+ access_log /var/log/nginx/friendica.log;
+ #Uncomment the following line to include a standard configuration file
+ #Note that the most specific rule wins and your standard configuration
+ #will therefore *add* to this file, but not override it.
+ #include standard.conf
+ # allow uploads up to 20MB in size
+ client_max_body_size 20m;
+ client_body_buffer_size 128k;
+
+ # rewrite to front controller as default rule
+ location / {
+ if ($is_args != "") {
+ rewrite ^/(.*) /index.php?pagename=$uri&$args last;
+ }
+ rewrite ^/(.*) /index.php?pagename=$uri last;
+ }
+
+ # make sure webfinger and other well known services aren't blocked
+ # by denying dot files and rewrite request to the front controller
+ location ^~ /.well-known/ {
+ allow all;
+ rewrite ^/(.*) /index.php?pagename=$uri&$args last;
+ }
+
+ # statically serve these file types when possible
+ # otherwise fall back to front controller
+ # allow browser to cache them
+ # added .htm for advanced source code editor library
+ location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
+ expires 30d;
+ try_files $uri /index.php?pagename=$uri&$args;
+ }
+
+ # block these file types
+ location ~* \.(tpl|md|tgz|log|out)$ {
+ deny all;
+ }
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ # or a unix socket
+ location ~* \.php$ {
+ # Zero-day exploit defense.
+ # http://forum.nginx.org/read.php?2,88845,page=3
+ # Won't work properly (404 error) if the file is not stored on this
+ # server, which is entirely possible with php-fpm/php-fcgi.
+ # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+ # another machine. And then cross your fingers that you won't get hacked.
+ try_files $uri =404;
+
+ # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ # With php5-cgi alone:
+ # fastcgi_pass 127.0.0.1:9000;
+
+ # With php5-fpm:
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+
+ include fastcgi_params;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ }
+
+ # deny access to all dot files
+ location ~ /\. {
+ deny all;
+ }
+}
+++ /dev/null
-sample-Lighttpd.config
-sample-nginx.config
-
- Sample configuration files to use Friendica with Lighttpd
- or Nginx. Pleas check software documentation to know how modify
- these examples to make them work on your server.
-
-
-sample-systemd.timer
-sample-systemd.service
-
- Sample systemd unit files to start worker.php periodically.
-
- Please place them in the correct location for your system,
- typically this is /etc/systemd/system/friendicaworker.timer
- and /etc/systemd/system/friendicaworker.service.
- Please report problems and improvements to
- !helpers@forum.friendi.ca and @utzer@social.yl.ms or open an
- issue in Github (https://github.com/friendica/friendica/issues).
- This is for usage of systemd instead of cron to start the worker.php
- periodically, the solution is work-in-progress and can surely be improved.
-
-home.css
-home.html
-
- Example files to customize the landing page of your Friendica node.
- The home.html file contains the text of the page, the home.css file
- the style information. The login box will be added according to the
- other system settings.
- Both files have to be placed in the base directory of your Friendica
- installation to be used for the landing page.
+++ /dev/null
-Below is a sample config for Lighttpd that
-seems to work well on Debian Squeeze, with "lighttpd/1.4.28 (ssl)"
-
-The idea is: if someone enters the bare URL for my site, 'example.com',
-they get redirected to https://example.com/index.html, which is simply a
-page with two links on it: https://wordpress.example.com and
-https://friendica.example.com.
-
-If someone enters https://example.com, they get redirected to
-https://wordpress.example.com/main/, which is the 'main' blog in a Word
-Press 'network install' of the 'subdirectory' variety.
-
-I thought it might be nice to offer people who join my Friendica
-instance their own blogs, if they like.
-
-One can obtain free, signed, single subdomain SSL certificates from
-StartCom CA, which upon checking I noticed was already installed in both
-Firefox and Google Chromium. Info at http://cert.startcom.org/ . So I
-got one for each site, and have Lighty use the appropriate cert based on
-the requested URL.
-
-Enjoy!
-
-On Debian Jessie with lighttpd 1.4.35-4 there was a problem encountered
-between curl (which is used by Friendica in the background) and lighttp.
-This problem caused requests being served with an error code of 417 in
-the logs and no delivery of postings from the contacts.
-
-One can solve the issue by adding
-
- server.reject-expect-100-with-417 = "disable"
-
-to the lighttpd configuratiion file (e.g. in the beginning with the
-other 'server.xxx' settings.
-
----------------( config starts )-----------------
-
-debug.log-request-handling = "disable"
-debug.log-condition-handling = "disable"
-
-server.modules = (
- "mod_access",
- "mod_alias",
- "mod_compress",
- "mod_redirect",
- "mod_fastcgi",
- "mod_rewrite"
-)
-
-server.document-root = "/var/www"
-server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
-server.errorlog = "/var/log/lighttpd/error.log"
-server.pid-file = "/var/run/lighttpd.pid"
-server.username = "www-data"
-server.groupname = "www-data"
-
-# enable SSL
-ssl.engine = "enable"
-ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
-ssl.ca-file = "/etc/lighttpd/ssl/ca.pem"
-
-# fix for problem between curl and lighttpd
-server.reject-expect-100-with-417 = "disable"
-
-# Send everybody to landing page:
-$SERVER["socket"] == ":80" {
-
-$HTTP["scheme"] == "http" {
- $HTTP["host"] =~ ".*" {
- # This next redirect doesn't appear to ever execute in Firefox
- # (sometimes, anyway -- caching issue?), but it does seem to
- # reliably in Google's Chromium browser. If I change it here
- # and restart Lighty, Firefox still goes to the URL in the
- # last 'else' below. Or something.
-Sometimes.
- server.document-root = "/var/www"
- url.redirect = (".*" => "https://example.com")
- }
-}
-
-}
-else $SERVER["socket"] == ":443" {
-
-$HTTP["scheme"] == "https" {
-
- $HTTP["host"] == "wordpress.example.com" {
- server.document-root = "/var/www/wordpress"
- ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
- # include "wpmu-rewrites.conf"
- url.rewrite-if-not-file = (
- "^/(.*/)?files/$" => "/index.php",
- "^/(.*/)?files/(.*)" => "/wp-includes/ms-files.php?file=$2",
- "^(/wp-admin/.*)" => "$1",
- "^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
- "^/([_0-9a-zA-Z-]+/)?(.*\.php)" => "/$2",
- "^/(.*)/?$" => "/index.php/$1"
- )
- }
- else $HTTP["host"] == "friendica.example.com" {
- server.document-root = "/var/www/friendica"
- ssl.pemfile = "/etc/lighttpd/ssl/friendica.pem"
- # Got the following 'Drupal Clean URL'after Mike suggested trying
- # something along those lines, from http://drupal.org/node/1414950
- url.rewrite-if-not-file = (
- "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
- "^\/(.*)$" => "/index.php?q=$1"
- )
- }
- else $HTTP["host"] !~ "(friendica.example.com|wordpress.example.com)" {
- server.document-root = "/var/www/wordpress"
- ssl.pemfile = "/etc/lighttpd/ssl/wordpress.pem"
- url.redirect = (".*" => "https://wordpress.example.com/main/")
- }
-}
-
-}
-
-index-file.names = ( "index.php", "index.html",
- "index.htm", "default.htm",
- "index.lighttpd.html" )
-
-url.access-deny = ( "~", ".inc" )
-
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-include_shell "/usr/share/lighttpd/use-ipv6.pl"
-
-dir-listing.encoding = "utf-8"
-server.dir-listing = "disable"
-
-#compress.cache-dir = "/var/cache/lighttpd/compress/"
-#compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/p\lain" )
-
-
-include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-
----------------( config ends )-----------------
+++ /dev/null
-#
-# Example of NGINX as reverse-proxy terminating an HTTPS connection.
-#
-# This is not a complete NGINX config.
-#
-# Please refer to NGINX docs
-#
-
-# Note provided by Gabe R.: if you are using nginx as proxy server for Apache2
-# make sure your nginx config DOES NOT contain the following
-# -----
-# location ~ /.well-known {
-# allow all;
-# }
-# -----
-...
-
-server {
-
- ...
-
- # assuming Friendica runs on port 8080
- location / {
- if ( $scheme != https ) {
- # Force Redirect to HTTPS
- return 302 https://$host$uri;
- }
- proxy_pass http://localhost:8080;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; proto=$scheme";
- }
-
- ...
-
-}
+++ /dev/null
-##
-# Friendica Nginx configuration
-# by Olaf Conradi
-#
-# On Debian based distributions you can add this file to
-# /etc/nginx/sites-available
-#
-# Then customize to your needs. To enable the configuration
-# symlink it to /etc/nginx/sites-enabled and reload Nginx using
-#
-# service nginx reload
-##
-
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-#
-# http://wiki.nginx.org/Pitfalls
-# http://wiki.nginx.org/QuickStart
-# http://wiki.nginx.org/Configuration
-##
-
-##
-# This configuration assumes your domain is example.net
-# You have a separate subdomain friendica.example.net
-# You want all Friendica traffic to be https
-# You have an SSL certificate and key for your subdomain
-# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
-# You have Friendica installed in /var/www/friendica
-##
-
-server {
- listen 80;
- server_name friendica.example.net;
-
- index index.php;
- root /var/www/friendica;
- rewrite ^ https://friendica.example.net$request_uri? permanent;
-}
-
-##
-# Configure Friendica with SSL
-#
-# All requests are routed to the front controller
-# except for certain known file types like images, css, etc.
-# Those are served statically whenever possible with a
-# fall back to the front controller (needed for avatars, for example)
-##
-
-server {
- listen 443 ssl;
- server_name friendica.example.net;
-
- ssl on;
-
- #Traditional SSL
- ssl_certificate /etc/nginx/ssl/friendica.example.net.chain.pem;
- ssl_certificate_key /etc/nginx/ssl/example.net.key;
-
- # If you have used letsencrypt as your SSL provider, remove the previous two lines, and uncomment the following two (adjusting the path) instead.
- # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
- # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
-
- ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
- ssl_prefer_server_ciphers on;
-
- fastcgi_param HTTPS on;
-
- index index.php;
- charset utf-8;
- root /var/www/friendica;
- access_log /var/log/nginx/friendica.log;
- #Uncomment the following line to include a standard configuration file
- #Note that the most specific rule wins and your standard configuration
- #will therefore *add* to this file, but not override it.
- #include standard.conf
- # allow uploads up to 20MB in size
- client_max_body_size 20m;
- client_body_buffer_size 128k;
-
- # rewrite to front controller as default rule
- location / {
- if ($is_args != "") {
- rewrite ^/(.*) /index.php?pagename=$uri&$args last;
- }
- rewrite ^/(.*) /index.php?pagename=$uri last;
- }
-
- # make sure webfinger and other well known services aren't blocked
- # by denying dot files and rewrite request to the front controller
- location ^~ /.well-known/ {
- allow all;
- rewrite ^/(.*) /index.php?pagename=$uri&$args last;
- }
-
- # statically serve these file types when possible
- # otherwise fall back to front controller
- # allow browser to cache them
- # added .htm for advanced source code editor library
- location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
- expires 30d;
- try_files $uri /index.php?pagename=$uri&$args;
- }
-
- # block these file types
- location ~* \.(tpl|md|tgz|log|out)$ {
- deny all;
- }
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- # or a unix socket
- location ~* \.php$ {
- # Zero-day exploit defense.
- # http://forum.nginx.org/read.php?2,88845,page=3
- # Won't work properly (404 error) if the file is not stored on this
- # server, which is entirely possible with php-fpm/php-fcgi.
- # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
- # another machine. And then cross your fingers that you won't get hacked.
- try_files $uri =404;
-
- # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
- # With php5-cgi alone:
- # fastcgi_pass 127.0.0.1:9000;
-
- # With php5-fpm:
- fastcgi_pass unix:/var/run/php5-fpm.sock;
-
- include fastcgi_params;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- }
-
- # deny access to all dot files
- location ~ /\. {
- deny all;
- }
-}
projects / friendica.git / commitdiff