Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
NGINX config for PageKit. (Tested on Ubuntu) (If for some reason I don't reply to a comment leave a message at https://darryldias.me/contact/)
server {
# Server name
server_name example.com;
# Server Port
listen 80;
# Webroot
root /var/www/;
# Index file
index index.php;
# PHP setup with query string support
location / {
try_files $uri $uri/ /index.php?$args;
}
# Deny access to sensitive folders
location ~* /(packages|storage|tmp)/.*$ {
return 403;
}
# Deny access to files with the following extensions
location ~* \.(db|json|lock|dist|md)$ {
return 403;
}
# Deny access to following files
location ~ /(config.php|composer.lock|composer.json|LICENSE|\.htaccess) {
return 403;
}
# Leverage browser caching of media files for 30 days
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
# Uncomment the lines below depending on the PHP version you are using.
# PHP-FPM settings for PHP 7
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# fastcgi_param HTTP_MOD_REWRITE On;
# }
# PHP-FPM settings for PHP 5
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# fastcgi_param HTTP_MOD_REWRITE On;
# }
}
@ghost

This comment has been minimized.

Copy link

commented Apr 13, 2016

Worked fine to me, thanks

@vemacs

This comment has been minimized.

Copy link

commented Jun 23, 2016

Doesn't work during installation. Breaks all the required JS/CSS.

@csfalcao

This comment has been minimized.

Copy link

commented Jun 27, 2016

Same problem as @vemacs - no JS/CSS breaks installer
safari

@d8vjork

This comment has been minimized.

Copy link

commented Jul 4, 2016

+1 Pagekit doesn't load any JS/CSS asset

@ghost

This comment has been minimized.

Copy link

commented Jul 12, 2016

Works fine here. Debian 8.5 up-to-date.

@xorinzor

This comment has been minimized.

Copy link

commented Nov 30, 2016

Same issue as above, because the app directory is blocked in the nginx configuration all resources return 403

@xorinzor

This comment has been minimized.

Copy link

commented Dec 1, 2016

Thanks to a very kind person we've managed to fix the issue:

https://stackoverflow.com/questions/40900158/nginx-configuration-not-working

at location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)\$

remove the slash before the dollar sign

@DarrylDias

This comment has been minimized.

Copy link
Owner Author

commented Dec 14, 2016

Sorry for the delay in looking into the problems with the config, I have tried fixing the issues. Let me know if it works or doesn't.

@DarrylDias

This comment has been minimized.

Copy link
Owner Author

commented Dec 14, 2016

Not sure why GitHub did not notify me even after having so many comments on this gist.

@ToeiRei

This comment has been minimized.

Copy link

commented Jul 12, 2017

location ~ /(config.php|pagekit also blocks pagekit-logo-large.svg

@vinhtq

This comment has been minimized.

Copy link

commented Jul 14, 2017

@ToeiRei +1 I have same issue

@vinhtq

This comment has been minimized.

Copy link

commented Jul 14, 2017

Just figure out how to fix this


server {
    
   # Server name
   server_name example.com;
    
   # Server Port
   listen 80;
    
   # Webroot
   root /var/www/;
    
   # Index file
   index index.php;
    
   # PHP setup with query string support
  location / {
   try_files $uri $uri/ /index.php?$args;
  }
   # Leverage browser caching of media files for 30 days
   location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff|svg)$ {
   access_log off;
   expires 30d;
   add_header Pragma public;
   add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
  }
    
  # Deny access to sensitive folders
   location ~* /(packages|storage|tmp)/.*$ {
   return 403;
  }
    
   
   # Deny access to files with the following extensions
   location ~* \.(db|json|lock|dist|md)$ {
   return 403;
   }
   
  # Deny access to following files
  location ~ /(config.php|pagekit|composer.lock|composer.json|LICENSE|\.htaccess) {
  return 403;
  }
    
  # Uncomment the lines below depending on the PHP version you are using.
  
 # PHP-FPM settings for PHP 7
  
 #  location ~ \.php$ {
 #    try_files $uri =404;
 #    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 #    fastcgi_index index.php;
 #    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 #    include fastcgi_params;
 #    fastcgi_param  HTTP_MOD_REWRITE  On;
 #  }
  
  
 # PHP-FPM settings for PHP 5
  
 #  location ~ \.php$ {
 #    try_files $uri =404;
 #    fastcgi_pass unix:/var/run/php5-fpm.sock;
 #    fastcgi_index index.php;
 #    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 #    include fastcgi_params;
 #    fastcgi_param  HTTP_MOD_REWRITE  On;
 #  }
  
 }

@yangfan21

This comment has been minimized.

Copy link

commented Jul 27, 2017

+1 Pagekit doesn't load any JS/CSS

@Every0ne

This comment has been minimized.

Copy link

commented Jan 17, 2019

location ~* /(packages|storage|tmp)/.*$ {

This is wrong, as it will block access to any resources needed to display the webpage properly. If you want to block access just to raw packages and storage directories but allow anything else inside them, then you don't need to list them in location blocks at all. By default nginx does not provide a directory listing page like Apache does, unless the autoindex on; directive is set in http, or context of server or location block OR unless the directory has a defined index file inside, in which case it will get displayed instead.

Therefore all you need to do is to block access to tmp and anything below it,

location ~* /tmp/.*$ {
	deny all;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.