Skip to content

Instantly share code, notes, and snippets.

@proffalken
Last active April 25, 2023 21:38
  • Star 19 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save proffalken/ebfa9debc4eef929b0163d11a80af349 to your computer and use it in GitHub Desktop.
Mautic Nginx Configuration

Mautic Nginx Configuration

These files allow you to configure Mautic using Nginx.

server {
listen 443 ssl; # managed by Certbot
server_name your.mautic.location;
root /your/mautic/path ;
server_tokens off;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
client_max_body_size 64M;
gzip on;
gzip_disable "msie6";
gzip_min_length 256;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
font/truetype
font/opentype
font/woff2
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
error_page 404 /index.php;
# redirect index.php to root
rewrite ^/index.php/(.*) /$1 permanent;
#######################################
## Start Mautic Specific config #####
#######################################
# redirect some entire folders
rewrite ^/(vendor|translations|build)/.* /index.php break;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
# one option: try_files $uri $uri/ /index.php$is_args$args;
try_files $uri /index.php$is_args$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Deny everything else in /app folder except Assets folder in bundles
location ~ /app/bundles/.*/Assets/ {
allow all;
access_log off;
}
location ~ /app/ { deny all; }
# Deny everything else in /addons or /plugins folder except Assets folder in bundles
location ~ /(addons|plugins)/.*/Assets/ {
allow all;
access_log off;
}
# location ~ /(addons|plugins)/ { deny all; }
# Deny all php files in themes folder
location ~* ^/themes/(.*)\.php {
deny all;
}
# Don't log favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Don't log robots
location = /robots.txt {
access_log off;
log_not_found off;
}
# Deny yml, twig, markdown, init file access
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny all grunt, composer files
location ~* (Gruntfile|package|composer)\.(js|json)$ {
deny all;
access_log off;
log_not_found off;
}
#######################################
## End Mautic Specific config #####
#######################################
location ~* \.(jpg|jpeg|png|ico|pdf)$ {
expires 15d;
}
# Deny access to any files with a .php extension in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Solve email tracking pixel not found
location ~ email/(.*).gif {
try_files $uri /index.php?$args;
}
# Solve JS Loading 404 Error
location ~ (.*).js {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9003;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
ssl_certificate /etc/letsencrypt/live/<TLS SERVER NAME>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<TLS SERVER NAME>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
[mautic]
user = apache
group = apache
listen = 127.0.0.1:9003
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
slowlog = /var/log/php-fpm/mautic-slow.log
php_admin_value[error_log] = /var/log/php-fpm/mautic-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
php_admin_value[open_basedir] = /your/path/to/mautic
@ashishkpaul
Copy link

Hello sir, I am using above configuration for my mautic server, running well, but getting an error: Access to XMLHttpRequest at 'https://mautic.saa9vi.com/mtc/event' from origin 'https://www.saa9vi.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Any suggestion, Thanks in advance

@proffalken
Copy link
Author

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin has good documentation on what this error message means and how to fix it.

I'm not using this code anymore, so I don't have anything to hand to demonstrate the exact fix, but a quick google reveals quite a few answers to the problem so hopefully the above will help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment