Skip to content

Instantly share code, notes, and snippets.

@DarrylDias

DarrylDias/pagekit.conf

Last active January 3, 2023 15:49
Show Gist options
  • Star 13 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save DarrylDias/be8955970f4b37fdd682 to your computer and use it in GitHub Desktop.
Save DarrylDias/be8955970f4b37fdd682 to your computer and use it in GitHub Desktop.
Download ZIP
NGINX config for PageKit. (Tested on Ubuntu) (If for some reason I don't reply to a comment leave a message at https://darryldias.me/contact/)
Raw
pagekit.conf
server {
# Server name
server_name example.com;
# Server Port
listen 80;
# Webroot
root /var/www/;
# Index file
index index.php;
# PHP setup with query string support
location / {
try_files $uri $uri/ /index.php?$args;
}
# Deny access to sensitive folders
location ~* /(packages|storage|tmp)/.*$ {
return 403;
}
# Deny access to files with the following extensions
location ~* \.(db|json|lock|dist|md)$ {
return 403;
}
# Deny access to following files
location ~ /(config.php|composer.lock|composer.json|LICENSE|\.htaccess) {
return 403;
}
# Leverage browser caching of media files for 30 days
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
# Uncomment the lines below depending on the PHP version you are using.
# PHP-FPM settings for PHP 7
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# fastcgi_param HTTP_MOD_REWRITE On;
# }
# PHP-FPM settings for PHP 5
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# fastcgi_param HTTP_MOD_REWRITE On;
# }
}
@Darkentik
Copy link

Darkentik commented Jan 3, 2023
edited

On Debian 11 Bullseye it doesnt work for me with nginx.
Here my nginx site-enabled config:

# Default server configuration
#
# Redirect all HTTP traffic to HTTPS

server {
   listen 80;
   listen [::]:80; 	
   server_name demo.example.cloud;
   return 301 https://$host$request_uri;
}

server {
	# SSL configuration
	# nginx docs: https://gist.github.com/nrollr/9a39bb636a820fb97eec2ed85e473d38
	#
	
	listen 443 ssl default_server;
	listen [::]:443 ssl default_server;

	access_log /var/log/nginx/demo/access.log;
	error_log /var/log/nginx/demo/error.log;

	server_name demo.example.cloud;
	ssl_certificate /etc/letsencrypt/live/demo.example.cloud/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/demo.example.cloud/privkey.pem;
  	
	# Enable server-side protection against BEAST attacks
	#ssl_protocols TLSv1.2;
	#ssl_prefer_server_ciphers on;
	#ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
  			
	root /var/www/pagekit;

	# Index file
	index index.php;
	
	# PHP setup with query string support
	location / {
	  try_files $uri /index.php?$args;
	}

	# Deny access to sensitive folders
	location ~* /tmp/.*$ { 
	  deny all; 
	}

	# Deny access to files with the following extensions
	location ~* \.(db|json|lock|dist|md)$ { 
	  return 403;
	}

	# Deny access to following files  
	location ~ /(config.php|composer.lock|composer.json|LICENSE|\.access) { 
	  return 403; 
	}

	# Leverage browser caching of media files for 30 days
	location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
	  access_log off;
	  expires 30d;
	  add_header Pragma public;
	  add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
	}

	
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment