-
-
Save MarkAdamson/e7195e6ed1822733d61a3e038ac88add to your computer and use it in GitHub Desktop.
Nginx, Mediawiki subdomain with short url
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /config/nginx/site-confs/default | |
# listening on port 80 disabled by default, redirect all traffic to https | |
server { | |
listen 80; | |
server_name _; | |
return 301 https://$host$request_uri; | |
} | |
# example subdomain: | |
server { | |
server_name example.*; | |
include /config/nginx/subd_common.conf; | |
location / { | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8001; | |
} | |
} | |
# ... a bunch of other subdomains - as above ^^^ | |
# my wiki subdomain - DOESN'T WORK: | |
server { | |
server_name wiki.*; | |
include /config/nginx/subd_common.conf; | |
# Location for the wiki's root | |
location / { | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8010; | |
# Do this inside of a location so it can be negated | |
location ~ \.php$ { | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8010; | |
try_files $uri $uri/ =404; # Don't let php execute non-existent php files | |
include /etc/nginx/fastcgi_params; | |
fastcgi_pass 127.0.0.1:9000; | |
} | |
} | |
location /images { | |
# Separate location for images/ so .php execution won't apply | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8010; | |
location ~ ^/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ { | |
# Thumbnail handler for MediaWiki | |
# This location only matches on a thumbnail's url | |
# If the file does not exist we use @thumb to run the thumb.php script | |
try_files $uri $uri/ @thumb; | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8010; | |
} | |
} | |
location /images/deleted { | |
# Deny access to deleted images folder | |
deny all; | |
} | |
# Deny access to folders MediaWiki has a .htaccess deny in | |
location /cache { deny all; } | |
location /languages { deny all; } | |
location /maintenance { deny all; } | |
location /serialized { deny all; } | |
# Just in case, hide .svn and .git too | |
location ~ /.(svn|git)(/|$) { deny all; } | |
# Hide any .htaccess files | |
location ~ /.ht { deny all; } | |
# Uncomment the following code if you wish to hide the installer/updater | |
## Deny access to the installer | |
#location /mw-config { deny all; } | |
# Handling for the article path | |
location /r { | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8010; | |
include /etc/nginx/fastcgi_params; | |
# article path should always be passed to index.php | |
fastcgi_param SCRIPT_FILENAME $document_root/index.php; | |
fastcgi_pass 127.0.0.1:9000; | |
} | |
# Thumbnail 404 handler, only called by try_files when a thumbnail does not exist | |
location @thumb { | |
include /config/nginx/proxy.conf; | |
proxy_pass http://192.168.0.2:8010; | |
# Do a rewrite here so that thumb.php gets the correct arguments | |
rewrite ^/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2; | |
rewrite ^/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2&archived=1; | |
# Run the thumb.php script | |
include /etc/nginx/fastcgi_params; | |
fastcgi_param SCRIPT_FILENAME $document_root/thumb.php; | |
fastcgi_pass 127.0.0.1:9000; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# [...] | |
$wgScriptPath = ""; | |
$wgScriptExtension = ".php"; | |
$wgArticlePath = "/r/$1"; | |
$wgUsePathInfo = true; | |
$wgGenerateThumbnailOnParse = false; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /config/nginx/proxy.conf | |
client_max_body_size 10m; | |
client_body_buffer_size 128k; | |
#Timeout if the real server is dead | |
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
# Advanced Proxy Config | |
send_timeout 5m; | |
proxy_read_timeout 240; | |
proxy_send_timeout 240; | |
proxy_connect_timeout 240; | |
# Basic Proxy Config | |
proxy_set_header Host $host:$server_port; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect http:// $scheme://; | |
proxy_http_version 1.1; | |
proxy_set_header Connection ""; | |
proxy_cache_bypass $cookie_session; | |
proxy_no_cache $cookie_session; | |
proxy_buffers 32 4k; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /config/nginx/subd_common.conf | |
listen 443 ssl; | |
root /config/www; | |
index index.html index.htm index.php; | |
ssl_certificate /config/keys/letsencrypt/fullchain.pem; | |
ssl_certificate_key /config/keys/letsencrypt/privkey.pem; | |
ssl_dhparam /config/nginx/dhparams.pem; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE$ | |
ssl_prefer_server_ciphers on; | |
client_max_body_size 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment