Created
December 26, 2010 20:46
-
-
Save hellekin/755617 to your computer and use it in GitHub Desktop.
A sample Nginx configuration for Elgg-1.8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## NginX VirtualHost Configuration for elgg.example.org | |
# | |
# Copyright 2010 Lorea.org | |
# This file is part of Lorea Node. | |
# License: GNU Affero General Public License | |
# | |
server { | |
listen 80; | |
server_name elgg.example.org; | |
root /path/to/elgg-1.8/ | |
location / { | |
rewrite ^ https://elgg.example.org/ permanent; | |
} | |
} | |
server { | |
listen 443; | |
server_name elgg.example.org; | |
root /path/to/elgg-1.8/; | |
index index.php index.html; | |
fastcgi_index index.php; | |
ssl on; | |
ssl_certificate /etc/ssl/elgg.example.org.crt; | |
ssl_certificate_key /etc/ssl/private/elgg.example.org.key; | |
access_log off; | |
# access_log /var/log/nginx/elgg.example.org_access-ssl.log; | |
error_log /var/log/nginx/elgg.example.org_error-ssl.log; | |
client_max_body_size 8M; | |
client_body_buffer_size 256K; | |
# Check cache/css/js requests first, as we know the files won't exist | |
location ~ ^/cache/ { | |
rewrite ^/cache/(.*) /engine/handlers/cache_handler.php?request=$1; | |
} | |
location ~* ^/pg/(css|js) { | |
rewrite ^/pg/(css|js)/(.*) /engine/handlers/page_handler.php?handler=$1&page=$2; | |
rewrite ^/pg/(css|js) /engine/handlers/page_handler.php?handler=$1; | |
} | |
# For all other requests, try the file, or rewrite if it's PHP | |
location / { | |
try_files $uri $uri/ @rewrite; | |
} | |
location @rewrite { | |
if (!-e $request_filename) { | |
rewrite ^/action/([A-Za-z0-9\_\-\/]+) /engine/handlers/action_handler.php?action=$1; | |
rewrite ^/export/([A-Za-z]+)/([0-9]+)/?$ /engine/handlers/export_handler.php?view=$1&guid=$2; | |
rewrite ^/export/([A-Za-z]+)/([0-9]+)/([A-Za-z]+)/([A-Za-z0-9\_]+)/$ /engine/handlers/export_handler.php?view=$1&guid=$2&type=$3&idname=$4; | |
rewrite ^/pg/([A-Za-z0-9\_\-]+)/(.*) /engine/handlers/page_handler.php?handler=$1&page=$2; | |
rewrite ^/pg/([A-Za-z0-9\_\-]+) /engine/handlers/page_handler.php?handler=$1; | |
rewrite ^/services/api/([A-Za-z0-9\_\-]+)/(.*) /engine/handlers/service_handler.php?handler=$1&request=$2; | |
rewrite ^/tag/(.+)/?$ /engine/handlers/page_handler.php?handler=search&page=$1; | |
rewrite ^/xml-rpc.php /engine/handlers/xml-rpc_handler.php; | |
rewrite ^/mt-xmlrpc.cgi /engine/handlers/xml-rpc_handler.php; | |
} | |
} | |
location ~ \.php$ { | |
include fastcgi_params; | |
# Assuming php-fastcgi running on localhost port 9000 | |
fastcgi_pass 127.0.0.1:9000; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_connect_timeout 60; | |
fastcgi_send_timeout 180; | |
fastcgi_read_timeout 180; | |
fastcgi_buffer_size 128k; | |
fastcgi_buffers 4 256k; | |
fastcgi_busy_buffers_size 256k; | |
fastcgi_temp_file_write_size 256k; | |
fastcgi_intercept_errors on; | |
} | |
# Do not put CSS there or it will break simplecache | |
location ~* \.(bmp|js|gif|ico|jpg|jpeg|png)$ { | |
expires max; | |
# log_not_found off; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
any news? :)
Excerpts from msva's message of Thu Aug 11 03:48:16 +0000 2011:
any news? :)
**\* Nope, I've been offline for almost 3 months :)
#
hk
Hi,
i'm currently found a solution for the rewrite-rules:
http://thomas.deuling.org/2012/01/elgg-community-1-8-2-rewrite-rules-for-nginx/
How to protect the /upgrade.php, /pg/cron and /install.php ?
thanks
Ola,
I guess you can use the internal directive of Nginx HttpCoreModule.
location /upgrade.php {
internal;
}
That would prevent direct access to the page. So you would have to reload the server whenever you want to run that script.
Alternately, you could also restrict access to localhost (or some fixed IP address) using the access module:
location /pg/cron {
allow 127.0.0.1;
deny all;
}
Finally, you could simply make the actual script inaccessible from the web:
chmod -rx /path/to/elgg/install.php
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for your review, I look forward to reading your updates.