samjaninf · September 24, 2018 17:43
diff --git a/mautic nginx b/mautic nginx
 server {
  listen 80;
  listen 443 ssl http2;
  server_name   your.mautic.location;
  root /your/mautic/path ;
  server_tokens off;
  add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
  add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';


 
 	client_max_body_size 64M;
 
  gzip on;
 	gzip_disable "msie6";
  gzip_min_length 256;

 	gzip_vary on;
 	gzip_proxied any;
 	gzip_comp_level 6;
 	gzip_buffers 16 8k;
 	gzip_http_version 1.1;
  gzip_types
    font/truetype
    font/opentype
    font/woff2
    text/plain
    text/css
    text/js
    text/xml
    text/javascript
    application/javascript
    application/x-javascript
    application/json
    application/xml
    application/rss+xml
    image/svg+xml;
       
  error_page 404 /index.php;


  # redirect index.php to root
  rewrite ^/index.php/(.*) /$1  permanent;

  #######################################
  ##  Start Mautic Specific config #####
  #######################################

  # redirect some entire folders
  rewrite ^/(vendor|translations|build)/.* /index.php break;

  location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to index.html
      # one option: try_files $uri $uri/ /index.php$is_args$args;
      try_files $uri /index.php$is_args$args;
    # Uncomment to enable naxsi on this location
    # include /etc/nginx/naxsi.rules
  }

  # Deny everything else in /app folder except Assets folder in bundles
  location ~ /app/bundles/.*/Assets/ {
    allow all;
    access_log off;
  }
  location ~ /app/ { deny all; }

  # Deny everything else in /addons or /plugins folder except Assets folder in bundles
  location ~ /(addons|plugins)/.*/Assets/ {
    allow all;
    access_log off;
  }
  location ~ /(addons|plugins)/ { deny all; }

  # Deny all php files in themes folder
  location ~* ^/themes/(.*)\.php {
    deny all;
  }

  # Don't log favicon
  location = /favicon.ico {
    log_not_found off;
    access_log off;
  }

  # Don't log robots
  location = /robots.txt  {
    access_log off;
    log_not_found off;
  }

  # Deny yml, twig, markdown, init file access
  location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
    deny all;
    access_log off;
    log_not_found off;
  }

  # Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
  location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
  }

  # Deny all grunt, composer files
  location ~* (Gruntfile|package|composer)\.(js|json)$ {
    deny all;
    access_log off;
    log_not_found off;
  }

  location ~ /app/bundles/CoreBundle/Assets/js/libraries/ckeditor/filemanager/connectors/php/filemanager.php {
    allow all;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
  }

  #######################################
  ##  End Mautic Specific config #####
  #######################################

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

  location ~ \.php$ {
    # try_files $uri =403;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 16k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
  }
 }
	server {
	listen 80;
	listen 443 ssl http2;
	server_name your.mautic.location;
	root /your/mautic/path ;
	server_tokens off;
	add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';



	client_max_body_size 64M;

	gzip on;
	gzip_disable "msie6";
	gzip_min_length 256;

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types
	font/truetype
	font/opentype
	font/woff2
	text/plain
	text/css
	text/js
	text/xml
	text/javascript
	application/javascript
	application/x-javascript
	application/json
	application/xml
	application/rss+xml
	image/svg+xml;

	error_page 404 /index.php;


	# redirect index.php to root
	rewrite ^/index.php/(.*) /$1 permanent;

	#######################################
	## Start Mautic Specific config #####
	#######################################

	# redirect some entire folders
	rewrite ^/(vendor\|translations\|build)/.* /index.php break;

	location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to index.html
	# one option: try_files $uri $uri/ /index.php$is_args$args;
	try_files $uri /index.php$is_args$args;
	# Uncomment to enable naxsi on this location
	# include /etc/nginx/naxsi.rules
	}

	# Deny everything else in /app folder except Assets folder in bundles
	location ~ /app/bundles/.*/Assets/ {
	allow all;
	access_log off;
	}
	location ~ /app/ { deny all; }

	# Deny everything else in /addons or /plugins folder except Assets folder in bundles
	location ~ /(addons\|plugins)/.*/Assets/ {
	allow all;
	access_log off;
	}
	location ~ /(addons\|plugins)/ { deny all; }

	# Deny all php files in themes folder
	location ~* ^/themes/(.*)\.php {
	deny all;
	}

	# Don't log favicon
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	# Don't log robots
	location = /robots.txt {
	access_log off;
	log_not_found off;
	}

	# Deny yml, twig, markdown, init file access
	location ~* /(.*)\.(?:markdown\|md\|twig\|yaml\|yml\|ht\|htaccess\|ini)$ {
	deny all;
	access_log off;
	log_not_found off;
	}

	# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	# Deny all grunt, composer files
	location ~* (Gruntfile\|package\|composer)\.(js\|json)$ {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ /app/bundles/CoreBundle/Assets/js/libraries/ckeditor/filemanager/connectors/php/filemanager.php {
	allow all;
	include /etc/nginx/fastcgi_params;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
	}

	#######################################
	## End Mautic Specific config #####
	#######################################

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

	location ~ \.php$ {
	# try_files $uri =403;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;

	fastcgi_buffer_size 128k;
	fastcgi_buffers 256 16k;
	fastcgi_busy_buffers_size 256k;
	fastcgi_temp_file_write_size 256k;
	}
	}