Mautic nginx config

gistfile1.txt

server {
    # see: http://wiki.nginx.org/Pitfalls
    # see: http://wiki.nginx.org/IfIsEvil
    listen 80;

    root /app;
    index index.html index.htm index.php;
    error_page 404 /index.php;

    # Make site accessible from http://set-ip-address.xip.io
    server_name localhost;

    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log error;

    charset utf-8;

    # redirect index.php to root
    rewrite ^/index.php/(.*) /$1  permanent;

    #######################################
    ##  Start Mautic Specific config #####
    #######################################

    # redirect some entire folders
    rewrite ^/(vendor|translations|build)/.* /index.php break;

    location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to index.html
        # one option: try_files $uri $uri/ /index.php$is_args$args;
        try_files $uri /index.php$is_args$args;
 		# Uncomment to enable naxsi on this location
		# include /etc/nginx/naxsi.rules
	}

    # Deny everything else in /app folder except Assets folder in bundles
    location ~ /app/bundles/.*/Assets/ {
        allow all;
        access_log off;
    }
    location ~ /app/ { deny all; }

    # Deny everything else in /addons or /plugins folder except Assets folder in bundles
    location ~ /(addons|plugins)/.*/Assets/ {
        allow all;
        access_log off;
    }
    location ~ /(addons|plugins)/ { deny all; }

    # Deny all php files in themes folder
    location ~* ^/themes/(.*)\.php {
        deny all;
    }

    # Don't log favicon
    location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    }

    # Don't log robots
    location = /robots.txt  {
    	access_log off;
    	log_not_found off;
    }

    # Deny yml, twig, markdown, init file access
    location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, composer files
    location ~* (Gruntfile|package|composer)\.(js|json)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    #######################################
    ##  End Mautic Specific config #####
    #######################################

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
    location ~ \.php$ {
        # try_files $uri =403;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        
        fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    }
}

Same as TomRoethlisberger has commented, this configuration blocks some functionality.
I was unable to install the default plugins. I got this error message:
*21381 access forbidden by rule, client: ##.##.##.##, server: mautic.somedomain.com, request: "GET /s/plugins/reload?_=1478301629487&mauticUserLastActive=1&mauticLastNotificationId= HTTP/1.1"

My question is, is it safe to just remove / comment-out the "deny all" rules that pertain to the addons|plugins folders? Can I temporarily disable them, add the plugins I want, and then re-enable them and the plugins will still work?

Has anyone else run into problems with nginx and their mautic deployment where the mtc.js file will not load from your website due to CORS?
http://enable-cors.org/server_nginx.html

I've added the add_headers, but keep running into different issues. What I'm wondering is if this is something everyone has had to figure out, or if there's something weird about my setup?

@mbrinson I experience same problem with fresh install of 2.2.1 on nginx server, and I'm struggling to find any good resources...

@osterkraft - I discovered the reason for this. By default Mautic has the "Restrict Domains" under "CORS Settings" is set to YES under the "Configuration" -> "System Settings" area, and the "Valid Domains" is left blank. At least, that was the case for me.
I just had to add the full url for the domain for my website where I wanted to enable the tracking. Then all of the CORS problems went away.

Thanks! but missing mtc.js section : https://www.mautic.org/community/index.php/4626-mtc-js-not-found/0

This did not work for me. This other one did: https://www.mautic.org/community/index.php/2680-installation-with-nginx/0

@jmeyo - Try to add ^ to force match from the beging.

Example:
location ~ ^/(addons|plugins)/ { deny all; }