Nginx

From EQdkp Plus
Jump to: navigation, search

Here are some hints for creating a nginx configuration.

Deny access to folders

There are some default folders that should not be accessible.

  • Change c3338889c07ac363fc08bc715b22c59c to the one that fits to your installation
  • These are not all files. Some plugins require more protected folders
  • Check all folders that have a .htaccess files with "Deny all" content. These folders have to be protected.
    • data/<HASH>/tmp
    • data/<HASH>/repository
    • data/<HASH>/live_update
    • data/<HASH>/cache
    • data/<HASH>/eqdkp/backup
    • data/<HASH>/eqdkp/timekeeper
    • data/<HASH>/eqdkp/config
    • data/<HASH>/eqdkp/rss
	location ~ /data/c3338889c07ac363fc08bc715b22c59c/eqdkp/(backup|timekeeper|config|rss) {
		deny all;
	}
	location ~ /data/c3338889c07ac363fc08bc715b22c59c/(tmp|repository|live_update|cache){
		deny all;
	}

PHP-Files

  • Because we are using the structure index.php/someurl/, the configuration for php files must look like this:
	location ~ \.php(/|$) { 
		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		# With php5-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php5-fpm:
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

FastCGI-Params

  • You have to edit the file /etc/nginx/fastcgi_params and add the following lines, if they are not present:
fastcgi_param   PATH_INFO               $fastcgi_path_info;
fastcgi_param   PATH_TRANSLATED         $document_root$fastcgi_path_info;

SEO URLs

  • For removing the index.php from URLs, you can add the following:
	location / {
		index index.php;
		try_files $uri $uri/ /index.php/$uri?$args;
	}
  • You have to adjust the installation path. E.g. if you have installed EQdkp Plus in subdirectory /eqdkp/, it must look like this:
	location /eqdkp/ {
		index index.php;
		try_files $uri $uri/ /eqdkp/index.php/$uri?$args;
	}

Full example

server {
	listen   80; ## listen for ipv4; this line is default and implied
	#listen   [::]:80 default_server ipv6only=on; ## listen for ipv6

	root /var/www/nginx;
	index index.html index.htm index.php;

	# Make site accessible from http://localhost/
	server_name localhost;
	
	# START EQDKP CONFIGURATION
	# =========================
	
	# Deny access to some folders. Change the subfolder-name c3338889c07ac363fc08bc715b22c59c to the one of your installation. 
	# Please keep in mind, that there will be more if you install plugins etc.
	
	location ~ /data/c3338889c07ac363fc08bc715b22c59c/eqdkp/(backup|timekeeper|config|rss) {
		deny all;
	}
	location ~ /data/c3338889c07ac363fc08bc715b22c59c/(tmp|repository|live_update|cache){
		deny all;
	}
	
	# Configuration of php Files
	# Maybe you have to adjust fastcgi_pass unix:/var/run/php5-fpm.sock;
	location ~ \.php(/|$) { 
		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		# With php5-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php5-fpm:
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}
	
	# SEO URLs. Here you have to change your install directory
	location / {
		index index.php;
		try_files $uri $uri/ /index.php/$uri?$args;
	}
	
	# END EQDKP CONFIGURATION
	# =========================

	# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
	#location /RequestDenied {
	#	proxy_pass http://127.0.0.1:8080;    
	#}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	#error_page 500 502 503 504 /50x.html;
	#location = /50x.html {
	#	root /usr/share/nginx/www;
	#}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	#	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	#
	#	# With php5-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php5-fpm:
	#	fastcgi_pass unix:/var/run/php5-fpm.sock;
	#	fastcgi_index index.php;
	#	include fastcgi_params;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
		deny all;
	}
}