Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 21:35:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
streams/install/sample-nginx.conf
elmussol 6c39a78c1a add /util
2024-05-19 20:55:25 +02:00

117 lines
3 KiB
Text
Raw Blame History

# Streams nginx configuration
#
# originally by Olaf Conradi
# with later contributions by Thomas Willingham, Harald Eilertsen and elmussol,
# refactored by elmussol.
#
# preamble
#
# This config was constructed and tested to work on Debian Bookworm 12,
# PHP8.3 (from the Sury repo), and nginx 1.22.
#
# On Debian based distributions you can add this file to:
#
# /etc/nginx/sites-available
#
# then customize to your needs. To enable the configuration
# symlink it to /etc/nginx/sites-enabled and reload Nginx using:
#
# service nginx reload
#
# This configuration assumes:
# Your domain is example.net
# You have a separate subdomain streams.example.net
# You want all Streams traffic to be https
# You have an SSL certificate and key for your subdomain
# (in this example using LetsEncrypt)
# You have PHP FastCGI Process Manager (php8.3-fpm) running as a unix:socket
# You have Streams installed in /var/www/streams/
##
# Send http to https.
server {
listen 80;
listen [::]:80;
server_name streams.example.net;
root /var/www/streams.example.net;
index index.php;
if ($host = streams.example.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
# SSL config.
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name streams.example.net;
root /var/www/streams.example.net;
index index.php;
ssl_certificate /etc/letsencrypt/live/streams.example.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/streams.example.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/streams.log;
# Uncomment the following line to include a standard configuration file.
# Note that the most specific rule wins and your standard configuration
# will therefore *add* to this file, but not override it.
#
# include standard.conf
# Allow uploads up to 20MB in size.
client_max_body_size 20m;
client_body_buffer_size 128k;
include mime.types;
# Rewrite to front controller as default rule.
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?req=$1;
}
}
# Make sure webfinger and other well-known services aren't blocked
# by denying dot files and rewrite request to the front controller.
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?req=$1;
}
}
# Tell where fastcgi lives.
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
include fastcgi_params;
include snippets/fastcgi-php.conf;
}
# Block these file types.
location ~* \.(tpl|tgz|log|out)$ {
deny all;
}
# Block dot files.
location ~ /\. {
deny all;
}
# Deny access to store.
location ~ /store {
deny all;
}
# Deny access to util.
location ~ /util {
deny all;
}
}
Reference in a new issue View git blame Copy permalink