Last active
January 3, 2023 15:49
-
-
Save DarrylDias/be8955970f4b37fdd682 to your computer and use it in GitHub Desktop.
NGINX config for PageKit. (Tested on Ubuntu) (If for some reason I don't reply to a comment leave a message at https://darryldias.me/contact/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
# Server name | |
server_name example.com; | |
# Server Port | |
listen 80; | |
# Webroot | |
root /var/www/; | |
# Index file | |
index index.php; | |
# PHP setup with query string support | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
# Deny access to sensitive folders | |
location ~* /(packages|storage|tmp)/.*$ { | |
return 403; | |
} | |
# Deny access to files with the following extensions | |
location ~* \.(db|json|lock|dist|md)$ { | |
return 403; | |
} | |
# Deny access to following files | |
location ~ /(config.php|composer.lock|composer.json|LICENSE|\.htaccess) { | |
return 403; | |
} | |
# Leverage browser caching of media files for 30 days | |
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ { | |
access_log off; | |
expires 30d; | |
add_header Pragma public; | |
add_header Cache-Control "public, mustrevalidate, proxy-revalidate"; | |
} | |
# Uncomment the lines below depending on the PHP version you are using. | |
# PHP-FPM settings for PHP 7 | |
# location ~ \.php$ { | |
# try_files $uri =404; | |
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |
# fastcgi_index index.php; | |
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# include fastcgi_params; | |
# fastcgi_param HTTP_MOD_REWRITE On; | |
# } | |
# PHP-FPM settings for PHP 5 | |
# location ~ \.php$ { | |
# try_files $uri =404; | |
# fastcgi_pass unix:/var/run/php5-fpm.sock; | |
# fastcgi_index index.php; | |
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# include fastcgi_params; | |
# fastcgi_param HTTP_MOD_REWRITE On; | |
# } | |
} |
On Debian 11 Bullseye it doesnt work for me with nginx.
Here my nginx site-enabled config:
# Default server configuration
#
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name demo.example.cloud;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
# nginx docs: https://gist.github.com/nrollr/9a39bb636a820fb97eec2ed85e473d38
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
access_log /var/log/nginx/demo/access.log;
error_log /var/log/nginx/demo/error.log;
server_name demo.example.cloud;
ssl_certificate /etc/letsencrypt/live/demo.example.cloud/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo.example.cloud/privkey.pem;
# Enable server-side protection against BEAST attacks
#ssl_protocols TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
root /var/www/pagekit;
# Index file
index index.php;
# PHP setup with query string support
location / {
try_files $uri /index.php?$args;
}
# Deny access to sensitive folders
location ~* /tmp/.*$ {
deny all;
}
# Deny access to files with the following extensions
location ~* \.(db|json|lock|dist|md)$ {
return 403;
}
# Deny access to following files
location ~ /(config.php|composer.lock|composer.json|LICENSE|\.access) {
return 403;
}
# Leverage browser caching of media files for 30 days
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks! That fixed it from me! I was trying to migrate from Apache to Nginx (in docker) but ran into trouble. But you solved it for me! 👍