Skip to content

Instantly share code, notes, and snippets.

@jbq
Created December 8, 2014 15:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jbq/76ebfd526f2ba8b60166 to your computer and use it in GitHub Desktop.
Save jbq/76ebfd526f2ba8b60166 to your computer and use it in GitHub Desktop.
server {
listen 80;
server_name my.server.name;
root /srv/pimcore/data;
# no limit on upload size
client_max_body_size 0;
# allow access to plugin-data and core assets ( done by excluding .*/static and static)
# forbid the direct access to pimcore-internal data (eg. config-files, ...)
# ~* = case-insensitive
location ~* ^(/plugins/(?!.*/static).*|^/pimcore/(?!static|modules/3rdparty/adminer).*|/website/var/(?!tmp|assets|plugins|areas)) {
return 403;
}
# basic zend-framework setup see: http://framework.zend.com/manual/en/zend.controller.html
# First attempt to serve request as file, then as directory, then fall back to index.php
location / {
try_files $uri /website/var/assets/$uri $uri/ /website/var/assets/$uri/ /index.php?$args;
expires 1w;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# This configuration depends on your set-up. The default nginx.conf contains an example for your setup.
include uwsgi_params;
uwsgi_modifier1 14;
uwsgi_read_timeout 300;
uwsgi_pass 127.0.0.1:3030;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment