A sample Nginx configuration for Elgg-1.8

elgg.example.org-nginx.conf

## NginX VirtualHost Configuration for elgg.example.org
#
# Copyright 2010 Lorea.org
# This file is part of Lorea Node.
# License: GNU Affero General Public License
#

server {
  listen        80;
  server_name   elgg.example.org;

  root /path/to/elgg-1.8/
  location / { 
    rewrite ^ https://elgg.example.org/ permanent;
  }
}

server {
  listen         443;
  server_name    elgg.example.org;
  root           /path/to/elgg-1.8/;
  index          index.php index.html;
  fastcgi_index  index.php;

  ssl on;
  ssl_certificate      /etc/ssl/elgg.example.org.crt;
  ssl_certificate_key  /etc/ssl/private/elgg.example.org.key;

  access_log off;
#  access_log  /var/log/nginx/elgg.example.org_access-ssl.log;
  error_log  /var/log/nginx/elgg.example.org_error-ssl.log;
  
  client_max_body_size    8M;
  client_body_buffer_size 256K;

  # Check cache/css/js requests first, as we know the files won't exist
  location ~ ^/cache/ {
    rewrite ^/cache/(.*)  /engine/handlers/cache_handler.php?request=$1;
  }
  location ~* ^/pg/(css|js) {
    rewrite ^/pg/(css|js)/(.*)  /engine/handlers/page_handler.php?handler=$1&page=$2;
    rewrite ^/pg/(css|js)       /engine/handlers/page_handler.php?handler=$1;
  }
  # For all other requests, try the file, or rewrite if it's PHP
  location / {
    try_files $uri $uri/ @rewrite;
  }
  
  location @rewrite {
    if (!-e $request_filename) {
      rewrite ^/action/([A-Za-z0-9\_\-\/]+)          /engine/handlers/action_handler.php?action=$1;
      rewrite ^/export/([A-Za-z]+)/([0-9]+)/?$       /engine/handlers/export_handler.php?view=$1&guid=$2;
      rewrite ^/export/([A-Za-z]+)/([0-9]+)/([A-Za-z]+)/([A-Za-z0-9\_]+)/$ /engine/handlers/export_handler.php?view=$1&guid=$2&type=$3&idname=$4;
      rewrite ^/pg/([A-Za-z0-9\_\-]+)/(.*)    /engine/handlers/page_handler.php?handler=$1&page=$2;
      rewrite ^/pg/([A-Za-z0-9\_\-]+)         /engine/handlers/page_handler.php?handler=$1;
      rewrite ^/services/api/([A-Za-z0-9\_\-]+)/(.*) /engine/handlers/service_handler.php?handler=$1&request=$2;
      rewrite ^/tag/(.+)/?$    /engine/handlers/page_handler.php?handler=search&page=$1;
      rewrite ^/xml-rpc.php    /engine/handlers/xml-rpc_handler.php;
      rewrite ^/mt-xmlrpc.cgi  /engine/handlers/xml-rpc_handler.php;
    }
  }
  
  location ~ \.php$ {
    include fastcgi_params;

    # Assuming php-fastcgi running on localhost port 9000
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;

    fastcgi_connect_timeout           60;
    fastcgi_send_timeout             180;
    fastcgi_read_timeout             180;
    fastcgi_buffer_size              128k;
    fastcgi_buffers               4  256k;
    fastcgi_busy_buffers_size        256k;
    fastcgi_temp_file_write_size     256k;
    fastcgi_intercept_errors      on;
  }
  
  # Do not put CSS there or it will break simplecache
  location ~* \.(bmp|js|gif|ico|jpg|jpeg|png)$ {
    expires  max;
#    log_not_found off;
  }

}

gistfile2.txt

Excerpts from msva's message of Thu Aug 11 03:48:16 +0000 2011:

any news? :) **\* Nope, I've been offline for almost 3 months :)

# hk

Hi,
i'm currently found a solution for the rewrite-rules:
http://thomas.deuling.org/2012/01/elgg-community-1-8-2-rewrite-rules-for-nginx/

How to protect the /upgrade.php, /pg/cron and /install.php ?

thanks

Ola,

I guess you can use the internal directive of Nginx HttpCoreModule.

    location /upgrade.php {
        internal;
    }

That would prevent direct access to the page. So you would have to reload the server whenever you want to run that script.

Alternately, you could also restrict access to localhost (or some fixed IP address) using the access module:

    location /pg/cron {
        allow 127.0.0.1;
        deny all;
    }

Finally, you could simply make the actual script inaccessible from the web:

    chmod -rx /path/to/elgg/install.php