Skip to content

Instantly share code, notes, and snippets.

@EzequielBruni

EzequielBruni/nginx-and-typemill.md

Last active December 11, 2023 02:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save EzequielBruni/05605ca206db6842ce00dc9a45b24194 to your computer and use it in GitHub Desktop.
Save EzequielBruni/05605ca206db6842ce00dc9a45b24194 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx configuration for Typemill
Raw
nginx-and-typemill.md

How to configure Nginx for Typemill

Prequisites

  • Nginx installed.
  • PHP-FPM installed, and set to run with the same user name and group as your Nginx server.
  • The PHP modules listed below:
    • Depending on your Linux distro, some of these modules may be included by default.
    • Some of these modules may be named differently. On Alpine Linux, for example, every "php-" should actually be "php8-" (or whatever PHP version you want), and modules like "php-xmlrpc" will have longer names like "php8-pecl-xmlrpc". CHeck your distro's documentation and package lists to be sure.
php-common
php-curl
php-fileinfo
php-fpm
php-gd
php-iconv
php-mbstring
php-openssl
php-xmlrpc
php-session
php-soap
php-sqlite3
php-xml
php-zip

The .conf file

Here is the basic file without SSL enabled. Using certbot on it should do the rest. I can also confirm that this configuration works behind a simple Nginx reverse proxy, and will work with separate LXD containers (ie. one container is hosting the website, and another is hosting the proxy server.)

Just change everything in [brackets] to meet your needs, and anything else you feel like changing.

server {
    listen 80;
    listen [::]:80; 
    
    # Your domain name
    server_name [your-domain-name];

    # document root
    root        [your-root-directory-here];

    # Just setting up some log files
    access_log  /var/log/nginx/typemill_access.log;
    error_log   /var/log/nginx/typemill_error.log;

    # Defining what any directory's index file is going to look like
    index       index.php;

    # Set up robots.txt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    
    # --- EVERYTHING BELOW THIS LINE CAN BE LEFT ALONE
    
    # This enables PHP in your website
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        /etc/nginx/fastcgi_params;
    }
    
    # This makes sure PHP query URLs don't break. Usually.
    location / {
        try_files $uri $uri/ /index.php?$args;
        rewrite (.*?)index\.php/*(.*) /$1$2 redirect;
        rewrite (^|/)\.(?!well-known\/) /index.php break;
        rewrite ^/(system|content|data|settings|(media\/files\/)) /index.php break;
    }
    
    # This makes sure that missing links to image files
    # don't clog up your logs.
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }

    # The following two rule sets deny direct access to certain files
    # and kinds of files to prevent security issues.
    
    location ~\.(git|txt|md|yml|md|php|twig)$ {
        deny all;
        return 404;
    }

    location ~ ^/(licence\.md|readme\.md|composer\.lock|composer\.json|\.htaccess)$ {
                deny all;
        return 404;
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment