proffalken/README.md

## README.md

      
      Raw
    
  
              README.md
            
          
    Mautic Nginx Configuration
These files allow you to configure Mautic using Nginx.

  
## nginx-mautic.conf
server {
        listen 443 ssl; # managed by Certbot
        server_name   your.mautic.location;
        root /your/mautic/path ;
        server_tokens off;
	      add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';


	client_max_body_size 64M;

        gzip on;
	gzip_disable "msie6";
        gzip_min_length 256;

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
        gzip_types
            font/truetype
            font/opentype
            font/woff2
            text/plain
            text/css
            text/js
            text/xml
            text/javascript
            application/javascript
            application/x-javascript
            application/json
            application/xml
            application/rss+xml
            image/svg+xml;

            error_page 404 /index.php;


    # redirect index.php to root
    rewrite ^/index.php/(.*) /$1  permanent;

    #######################################
    ##  Start Mautic Specific config #####
    #######################################

    # redirect some entire folders
    rewrite ^/(vendor|translations|build)/.* /index.php break;

    location / {

		# First attempt to serve request as file, then
		# as directory, then fall back to index.html
        # one option: try_files $uri $uri/ /index.php$is_args$args;
        try_files $uri /index.php$is_args$args;
 		# Uncomment to enable naxsi on this location
		# include /etc/nginx/naxsi.rules
	}

    # Deny everything else in /app folder except Assets folder in bundles
    location ~ /app/bundles/.*/Assets/ {
        allow all;
        access_log off;
    }
    location ~ /app/ { deny all; }

    # Deny everything else in /addons or /plugins folder except Assets folder in bundles
    location ~ /(addons|plugins)/.*/Assets/ {
        allow all;
        access_log off;
    }
    # location ~ /(addons|plugins)/ { deny all; }

    # Deny all php files in themes folder
    location ~* ^/themes/(.*)\.php {
        deny all;
    }

    # Don't log favicon
    location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    }

    # Don't log robots
    location = /robots.txt  {
    	access_log off;
    	log_not_found off;
    }

    # Deny yml, twig, markdown, init file access
    location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, composer files
    location ~* (Gruntfile|package|composer)\.(js|json)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    #######################################
    ##  End Mautic Specific config #####
    #######################################

        location ~*  \.(jpg|jpeg|png|ico|pdf)$ {
                expires 15d;
        }

	# Deny access to any files with a .php extension in the uploads directory
        location ~* /(?:uploads|files)/.*\.php$ {
                deny all;
        }

        # Solve email tracking pixel not found
        location ~ email/(.*).gif {
        try_files $uri /index.php?$args;
        }
        # Solve JS Loading 404 Error
        location ~ (.*).js {
        try_files $uri /index.php?$args;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_index index.php;
                fastcgi_pass  127.0.0.1:9003;
                fastcgi_param   SCRIPT_FILENAME
                                $document_root$fastcgi_script_name;
                include       fastcgi_params;
        }
    ssl_certificate /etc/letsencrypt/live/<TLS SERVER NAME>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<TLS SERVER NAME>/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

## php-fpm-mautic.conf
[mautic]
user = apache
group = apache
listen = 127.0.0.1:9003
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
slowlog = /var/log/php-fpm/mautic-slow.log
php_admin_value[error_log] = /var/log/php-fpm/mautic-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
php_admin_value[open_basedir] = /your/path/to/mautic
	server {
	listen 443 ssl; # managed by Certbot
	server_name your.mautic.location;
	root /your/mautic/path ;
	server_tokens off;
	add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';



	client_max_body_size 64M;

	gzip on;
	gzip_disable "msie6";
	gzip_min_length 256;

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types
	font/truetype
	font/opentype
	font/woff2
	text/plain
	text/css
	text/js
	text/xml
	text/javascript
	application/javascript
	application/x-javascript
	application/json
	application/xml
	application/rss+xml
	image/svg+xml;

	error_page 404 /index.php;


	# redirect index.php to root
	rewrite ^/index.php/(.*) /$1 permanent;

	#######################################
	## Start Mautic Specific config #####
	#######################################

	# redirect some entire folders
	rewrite ^/(vendor\|translations\|build)/.* /index.php break;

	location / {

	# First attempt to serve request as file, then
	# as directory, then fall back to index.html
	# one option: try_files $uri $uri/ /index.php$is_args$args;
	try_files $uri /index.php$is_args$args;
	# Uncomment to enable naxsi on this location
	# include /etc/nginx/naxsi.rules
	}

	# Deny everything else in /app folder except Assets folder in bundles
	location ~ /app/bundles/.*/Assets/ {
	allow all;
	access_log off;
	}
	location ~ /app/ { deny all; }

	# Deny everything else in /addons or /plugins folder except Assets folder in bundles
	location ~ /(addons\|plugins)/.*/Assets/ {
	allow all;
	access_log off;
	}
	# location ~ /(addons\|plugins)/ { deny all; }

	# Deny all php files in themes folder
	location ~* ^/themes/(.*)\.php {
	deny all;
	}

	# Don't log favicon
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	# Don't log robots
	location = /robots.txt {
	access_log off;
	log_not_found off;
	}

	# Deny yml, twig, markdown, init file access
	location ~* /(.*)\.(?:markdown\|md\|twig\|yaml\|yml\|ht\|htaccess\|ini)$ {
	deny all;
	access_log off;
	log_not_found off;
	}

	# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	# Deny all grunt, composer files
	location ~* (Gruntfile\|package\|composer)\.(js\|json)$ {
	deny all;
	access_log off;
	log_not_found off;
	}

	#######################################
	## End Mautic Specific config #####
	#######################################

	location ~* \.(jpg\|jpeg\|png\|ico\|pdf)$ {
	expires 15d;
	}

	# Deny access to any files with a .php extension in the uploads directory
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	# Solve email tracking pixel not found
	location ~ email/(.*).gif {
	try_files $uri /index.php?$args;
	}
	# Solve JS Loading 404 Error
	location ~ (.*).js {
	try_files $uri /index.php?$args;
	}

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_index index.php;
	fastcgi_pass 127.0.0.1:9003;
	fastcgi_param SCRIPT_FILENAME
	$document_root$fastcgi_script_name;
	include fastcgi_params;
	}
	ssl_certificate /etc/letsencrypt/live/<TLS SERVER NAME>/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/<TLS SERVER NAME>/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


	if ($scheme != "https") {
	return 301 https://$host$request_uri;
	} # managed by Certbot
	}
	[mautic]
	user = apache
	group = apache
	listen = 127.0.0.1:9003
	listen.allowed_clients = 127.0.0.1
	pm = dynamic
	pm.max_children = 5
	pm.start_servers = 1
	pm.min_spare_servers = 1
	pm.max_spare_servers = 2
	slowlog = /var/log/php-fpm/mautic-slow.log
	php_admin_value[error_log] = /var/log/php-fpm/mautic-error.log
	php_admin_flag[log_errors] = on
	php_value[session.save_handler] = files
	php_value[session.save_path] = /var/lib/php/session
	php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
	php_admin_value[open_basedir] = /your/path/to/mautic