Skip to content

Instantly share code, notes, and snippets.

@that0n3guy
Last active December 20, 2023 11:13
Show Gist options
  • Save that0n3guy/905c812c0f65e7ffb5ec to your computer and use it in GitHub Desktop.
Save that0n3guy/905c812c0f65e7ffb5ec to your computer and use it in GitHub Desktop.
Mautic nginx config
server {
# see: http://wiki.nginx.org/Pitfalls
# see: http://wiki.nginx.org/IfIsEvil
listen 80;
root /app;
index index.html index.htm index.php;
error_page 404 /index.php;
# Make site accessible from http://set-ip-address.xip.io
server_name localhost;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
charset utf-8;
# redirect index.php to root
rewrite ^/index.php/(.*) /$1 permanent;
#######################################
## Start Mautic Specific config #####
#######################################
# redirect some entire folders
rewrite ^/(vendor|translations|build)/.* /index.php break;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
# one option: try_files $uri $uri/ /index.php$is_args$args;
try_files $uri /index.php$is_args$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Deny everything else in /app folder except Assets folder in bundles
location ~ /app/bundles/.*/Assets/ {
allow all;
access_log off;
}
location ~ /app/ { deny all; }
# Deny everything else in /addons or /plugins folder except Assets folder in bundles
location ~ /(addons|plugins)/.*/Assets/ {
allow all;
access_log off;
}
location ~ /(addons|plugins)/ { deny all; }
# Deny all php files in themes folder
location ~* ^/themes/(.*)\.php {
deny all;
}
# Don't log favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Don't log robots
location = /robots.txt {
access_log off;
log_not_found off;
}
# Deny yml, twig, markdown, init file access
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny all grunt, composer files
location ~* (Gruntfile|package|composer)\.(js|json)$ {
deny all;
access_log off;
log_not_found off;
}
#######################################
## End Mautic Specific config #####
#######################################
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# try_files $uri =403;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
@mbrinson
Copy link

mbrinson commented Nov 4, 2016

Same as TomRoethlisberger has commented, this configuration blocks some functionality.
I was unable to install the default plugins. I got this error message:
*21381 access forbidden by rule, client: ##.##.##.##, server: mautic.somedomain.com, request: "GET /s/plugins/reload?_=1478301629487&mauticUserLastActive=1&mauticLastNotificationId= HTTP/1.1"

My question is, is it safe to just remove / comment-out the "deny all" rules that pertain to the addons|plugins folders? Can I temporarily disable them, add the plugins I want, and then re-enable them and the plugins will still work?

@mbrinson
Copy link

Has anyone else run into problems with nginx and their mautic deployment where the mtc.js file will not load from your website due to CORS?
http://enable-cors.org/server_nginx.html

I've added the add_headers, but keep running into different issues. What I'm wondering is if this is something everyone has had to figure out, or if there's something weird about my setup?

@osterkraft
Copy link

@mbrinson I experience same problem with fresh install of 2.2.1 on nginx server, and I'm struggling to find any good resources...

@mbrinson
Copy link

mbrinson commented Dec 1, 2016

@osterkraft - I discovered the reason for this. By default Mautic has the "Restrict Domains" under "CORS Settings" is set to YES under the "Configuration" -> "System Settings" area, and the "Valid Domains" is left blank. At least, that was the case for me.
I just had to add the full url for the domain for my website where I wanted to enable the tracking. Then all of the CORS problems went away.

@LennyLip
Copy link

@fernandocarletti
Copy link

@manyk
Copy link

manyk commented Feb 27, 2017

@jmeyo - Try to add ^ to force match from the beging.

Example:
location ~ ^/(addons|plugins)/ { deny all; }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment