-
-
Save that0n3guy/905c812c0f65e7ffb5ec to your computer and use it in GitHub Desktop.
| server { | |
| # see: http://wiki.nginx.org/Pitfalls | |
| # see: http://wiki.nginx.org/IfIsEvil | |
| listen 80; | |
| root /app; | |
| index index.html index.htm index.php; | |
| error_page 404 /index.php; | |
| # Make site accessible from http://set-ip-address.xip.io | |
| server_name localhost; | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log error; | |
| charset utf-8; | |
| # redirect index.php to root | |
| rewrite ^/index.php/(.*) /$1 permanent; | |
| ####################################### | |
| ## Start Mautic Specific config ##### | |
| ####################################### | |
| # redirect some entire folders | |
| rewrite ^/(vendor|translations|build)/.* /index.php break; | |
| location / { | |
| # First attempt to serve request as file, then | |
| # as directory, then fall back to index.html | |
| # one option: try_files $uri $uri/ /index.php$is_args$args; | |
| try_files $uri /index.php$is_args$args; | |
| # Uncomment to enable naxsi on this location | |
| # include /etc/nginx/naxsi.rules | |
| } | |
| # Deny everything else in /app folder except Assets folder in bundles | |
| location ~ /app/bundles/.*/Assets/ { | |
| allow all; | |
| access_log off; | |
| } | |
| location ~ /app/ { deny all; } | |
| # Deny everything else in /addons or /plugins folder except Assets folder in bundles | |
| location ~ /(addons|plugins)/.*/Assets/ { | |
| allow all; | |
| access_log off; | |
| } | |
| location ~ /(addons|plugins)/ { deny all; } | |
| # Deny all php files in themes folder | |
| location ~* ^/themes/(.*)\.php { | |
| deny all; | |
| } | |
| # Don't log favicon | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| # Don't log robots | |
| location = /robots.txt { | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Deny yml, twig, markdown, init file access | |
| location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc... | |
| location ~ /\. { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Deny all grunt, composer files | |
| location ~* (Gruntfile|package|composer)\.(js|json)$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| ####################################### | |
| ## End Mautic Specific config ##### | |
| ####################################### | |
| # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
| # | |
| location ~ \.php$ { | |
| # try_files $uri =403; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| include fastcgi_params; | |
| fastcgi_buffer_size 128k; | |
| fastcgi_buffers 256 16k; | |
| fastcgi_busy_buffers_size 256k; | |
| fastcgi_temp_file_write_size 256k; | |
| } | |
| } |
@TomRoethlisberger Thanks!. That was just what I was looking for!!!
Regexp for plugins/addons is misleading as it blocks some mautic routes. For example when you want to reload the plugins (xhr like https://someserver.com/s/plugins/reload?_=1472827734097&mauticUserLastActive=1&mauticLastNotificationId=) the rule answers 403.
Same as TomRoethlisberger has commented, this configuration blocks some functionality.
I was unable to install the default plugins. I got this error message:
*21381 access forbidden by rule, client: ##.##.##.##, server: mautic.somedomain.com, request: "GET /s/plugins/reload?_=1478301629487&mauticUserLastActive=1&mauticLastNotificationId= HTTP/1.1"
My question is, is it safe to just remove / comment-out the "deny all" rules that pertain to the addons|plugins folders? Can I temporarily disable them, add the plugins I want, and then re-enable them and the plugins will still work?
Has anyone else run into problems with nginx and their mautic deployment where the mtc.js file will not load from your website due to CORS?
http://enable-cors.org/server_nginx.html
I've added the add_headers, but keep running into different issues. What I'm wondering is if this is something everyone has had to figure out, or if there's something weird about my setup?
@mbrinson I experience same problem with fresh install of 2.2.1 on nginx server, and I'm struggling to find any good resources...
@osterkraft - I discovered the reason for this. By default Mautic has the "Restrict Domains" under "CORS Settings" is set to YES under the "Configuration" -> "System Settings" area, and the "Valid Domains" is left blank. At least, that was the case for me.
I just had to add the full url for the domain for my website where I wanted to enable the tracking. Then all of the CORS problems went away.
Thanks! but missing mtc.js section : https://www.mautic.org/community/index.php/4626-mtc-js-not-found/0
This did not work for me. This other one did: https://www.mautic.org/community/index.php/2680-installation-with-nginx/0
@jmeyo - Try to add ^ to force match from the beging.
Example:
location ~ ^/(addons|plugins)/ { deny all; }
Don't you have an issue with this configuration and the ckeditor filemanager? On my instance, I had to add a special rule for allowing the file manager to execute. Did you encounter a similar issue?
Here the code I've added before the /app/bundles/(.*)/Assets rule:
location ~ /app/bundles/CoreBundle/Assets/js/libraries/ckeditor/filemanager/connectors/php/filemanager.php {
allow all;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}