Last active
February 5, 2024 07:50
-
-
Save refringe/6545132 to your computer and use it in GitHub Desktop.
Nginx configuration file example for Sendy (http://sendy.co/).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name domain.com; | |
| autoindex off; | |
| index index.php index.html; | |
| root /srv/www/domain.com/public; | |
| access_log /srv/www/domain.com/logs/access.log; | |
| error_log /srv/www/domain.com/logs/error.log; | |
| location / { | |
| try_files $uri $uri/ $uri.php?$args; | |
| } | |
| location /l/ { | |
| rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; | |
| } | |
| location /t/ { | |
| rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; | |
| } | |
| location /w/ { | |
| rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; | |
| } | |
| location /unsubscribe/ { | |
| rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; | |
| } | |
| location /subscribe/ { | |
| rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; | |
| } | |
| location ~ \.php$ { | |
| try_files $uri =404; | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| fastcgi_index index.php; | |
| include fastcgi_params; | |
| } | |
| location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ { | |
| access_log off; | |
| log_not_found off; | |
| expires 30d; | |
| } | |
| } |
Bascially all you really need is this
location / {
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
But to be on the safe side I added everything below:
location / {
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
location /l/ {
rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last;
}
location /t/ {
rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last;
}
location /w/ {
rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last;
}
location /unsubscribe/ {
rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last;
}
location /subscribe/ {
rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last;
}
location /confirm/ {
rewrite ^/confirm/(.*)$ /confirm.php?i=$1 last;
}
And it works really well.
this will ensure that you are using a pretty URL
location / {
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
and this will ensure that you are using a pretty URL with sendy settings.
location / {
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
location /l/ {
rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last;
}
location /t/ {
rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last;
}
location /w/ {
rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last;
}
location /unsubscribe/ {
rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last;
}
location /subscribe/ {
rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last;
}
location /confirm/ {
rewrite ^/confirm/(.*)$ /confirm.php?i=$1 last;
}
I tried a whole bunch of stuff. This is what finally worked for me (with certbot https). Sub-domain install of Sendy using nginx and SSL/TLS.
# Marketing (Sendy) Installation # server { root /var/www/marketing.site.com; index index.php index.html index.htm; server_name marketing.site.com; autoindex off; add_header X-Robots-Tag "noindex, noarchive"; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } location ~ /\. { deny all; log_not_found off; access_log off; return 404; } location / { try_files $uri $uri/ /$uri.php$is_args$args; # $is_args converts to a ? if true } location /l/ { rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; } location /t/ { rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; } location /w/ { rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; } location /unsubscribe/ { rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; } location /subscribe/ { rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; } location /confirm/ { rewrite ^/confirm/(.*)$ /confirm.php?i=$1 last; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|xml)$ { access_log off; log_not_found off; expires 30d; } # Added by certbot - remove these when copying this vhost to a new server block # listen [::]:443 ssl http2; # managed by Certbot listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/marketing.site.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/marketing.site.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = marketing.site.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; # listen [::]:80; server_name marketing.site.com; return 404; # managed by Certbot }
Thanks for this, it also worked for me but I found that I could not login. Using chatGPT I added the below after the other "add_header " and I could now login securely.
add_header Content-Security-Policy "upgrade-insecure-requests";
I tried a whole bunch of stuff. This is what finally worked for me (with certbot https). Sub-domain install of Sendy using nginx and SSL/TLS.
# Marketing (Sendy) Installation # server { root /var/www/marketing.site.com; index index.php index.html index.htm; server_name marketing.site.com; autoindex off; add_header X-Robots-Tag "noindex, noarchive"; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } location ~ /\. { deny all; log_not_found off; access_log off; return 404; } location / { try_files $uri $uri/ /$uri.php$is_args$args; # $is_args converts to a ? if true } location /l/ { rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; } location /t/ { rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; } location /w/ { rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; } location /unsubscribe/ { rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; } location /subscribe/ { rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; } location /confirm/ { rewrite ^/confirm/(.*)$ /confirm.php?i=$1 last; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|xml)$ { access_log off; log_not_found off; expires 30d; } # Added by certbot - remove these when copying this vhost to a new server block # listen [::]:443 ssl http2; # managed by Certbot listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/marketing.site.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/marketing.site.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = marketing.site.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; # listen [::]:80; server_name marketing.site.com; return 404; # managed by Certbot }
That helped. Thanks!
Thanks to everyone who contributed to this.
For anyone that is hosting in Azure App Service for Linux which uses nginx,
What I would advise is to first copy the original nginx file and then edit it based on the config above.
First:
cp /etc/nginx/sites-available/default /home/site/default
The above will copy the default file from the etc/nginx/sites-available to your deployment folder.
For example, this is what I got:
server {
#proxy_cache cache;
#proxy_cache_valid 200 1s;
listen 8080;
listen [::]:8080;
root /home/site/wwwroot;
index index.php index.html index.htm;
server_name example.com www.example.com;
port_in_redirect off;
location / {
index index.php index.html index.htm hostingstart.html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /html/;
}
# Disable .git directory
location ~ /\.git {
deny all;
access_log off;
log_not_found off;
}
# Add locations of phpmyadmin here.
location ~* [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.[Pp][Hh][Pp])(|/.*)$;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 3600;
fastcgi_read_timeout 3600;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
Then we can edit it based on the config shared above.
*Note, the main location / ... should include what you had from the original file. I went through pain because of this.
Also, the config for location ~* [^/]\.php(/|$) {.... should be kept
Final config is:
server {
#proxy_cache cache;
#proxy_cache_valid 200 1s;
listen 8080;
listen [::]:8080;
root /home/site/wwwroot;
index index.php index.html index.htm;
server_name www.example.com;
autoindex off;
port_in_redirect off;
location / {
index index.php index.html index.htm hostingstart.html; #make sure to include this
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
location /l/ {
rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last;
}
location /t/ {
rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last;
}
location /w/ {
rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last;
}
location /unsubscribe/ {
rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last;
}
location /subscribe/ {
rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last;
}
location /confirm/ {
rewrite ^/confirm/(.*)$ /confirm.php?i=$1 last;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /html/;
}
# Disable .git directory
location ~ /\.git {
deny all;
access_log off;
log_not_found off;
}
# Did not replace this
location ~* [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.[Pp][Hh][Pp])(|/.*)$;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 3600;
fastcgi_read_timeout 3600;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
}
Then run cp /home/site/default /etc/nginx/sites-available/default && service nginx restart via SSH
And also add cp /home/site/default /etc/nginx/sites-available/default && service nginx restart in the Startup Command under Configuration in your Azure Portal
You do realise this is extremely bad practice as you are exposing your http configuration to the world by placing it in your www root directory?
You do realise this is extremely bad practice as you are exposing your http configuration to the world by placing it in your www root directory?
Thanks for catching this!. Not sure how the files are served in nginx.
Moved it to a different folder.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks a lot @cartpauj https://gist.github.com/refringe/6545132#gistcomment-2925206 for this. It has helped me to fix.