WordOps NGINX Config settings for Mautic 4.4.6+

cronjobs.txt

# These tasks need to be added to your cron job
# crontab -e
# will bring up the editor. Replace your php and file path in the code below

* * * * * /usr/bin/php /var/www/example.com/htdocs/bin/console mautic:campaigns:trigger >/dev/null 2>&1
0 * * * * /usr/bin/php /var/www/example.com/htdocs/bin/console mautic:segments:update >/dev/null 2>&1
0 * * * * /usr/bin/php /var/www/example.com/htdocs/bin/console mautic:campaigns:update >/dev/null 2>&1
0 * * * * /usr/bin/php /var/www/example.com/htdocs/bin/console mautic:leadlists:update >/dev/null 2>&1
0 0 * * * /usr/bin/php /var/www/example.com/htdocs/bin/console mautic:cleanup >/dev/null 2>&1

mautic-dashboard-configuration.txt

Log in to your Mautic Dashboard, and then in the right side click Settings, then Configuration. 

1: Remove index.php from your Site URL
2: Scroll to CORS Settings, and set value to NO

What you've done:

1: Migrated over the .htaccess rules included in Mautic to your NGINX config file so all redirects, scripting, etc work
2: By commenting out "Common Security Headers" and disabling CORS you remove the absolute headache of CORS when it comes to submitting Mautic forms on external domains
3: WordOps out of the box is not configured correclty to allow for JS embedding of forms from Mautic, the mautic.php config file and CORS removal makes this happen
4: Removing index.php from the Site URL fixes media assets paths so avatars and other assets in the Media library show up
5: Because of step 4, Lines 45-51 of mautic.conf might not be necessary anymore, BUT I spent 2 days figuring all this crap out and it's working, so I'm done tinkering

mautic.conf

# Create a new folder at /etc/nginx/mautic and create mautic.conf
# Copy from line 11 to the end and paste in to mautic.conf.
# be sure to replace example.com with your domain below on line 50. Save and Exit
# Then, edit your sites config file (wo site edit example.com) and add a line to this file
# include mautic/mautic.conf;
# then comment out
# common/php80.conf
# as this is now included in mautic.conf
# Save and exit, this should restart NGINX and Mautic configurations are now in place.

# REPLACES PHP80
location / {
  try_files $uri $uri/ /index.php$is_args$args;

  # Determine the RewriteBase automatically and set it as environment variable
  if ($request_uri ~ ^/(.*)/index\.php(/(.*)|$)) {
    set $base $1;
  }
  # Redirect to URI without front controller to prevent duplicate content
  if ($request_uri ~ ^/index\.php(/(.*)|$)) {
    return 301 $scheme://$server_name$base/$2;
  }
  # If the requested filename exists, simply serve it
  if (-f $request_filename) {
    break;
  }
  # Rewrite all other queries to the front controller
  if (!-f $request_filename) {
    rewrite ^(.*)$ /index.php?$1 last;
    break;
  }
}

location ~ \.php$ {
  try_files $uri =404;
  include fastcgi_params;
  fastcgi_pass php80;
  # Define the location of the front controller
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

# Define the location block to deny access to files starting with "."
location ~ /\. {
  deny all;
}

# Define the location block for serving static files
  location /static/ {
    # Define the path to the static files
    alias /var/www/example.com/htdocs/static/;
    # Set the cache time for static files to 30 days
    expires 30d;
}

location = /index.php/media/js/mautic-form.js {
  return 301 /media/js/mautic-form.js;
}

location = /index.php/media/css/modal.min.css {
  return 301 /media/css/modal.min.css;
}

# Mautic tracking fallback
location = /mtracking.gif {
     expires off;
     gzip off;
     default_type "image/gif";
     add_header 'Access-Control-Allow-Origin' *;
     try_files $uri /index.php?$args;
}

location ~ email/(.*).gif{
     try_files $uri /index.php?$args;
}

# Mautic tracking code
location = /mtc.js {
    expires off;
    default_type "application/javascript";
    try_files $uri $uri/ /index.php$is_args$args;
}

# Embedded forms
location = /form/generate.js {
    expires off;
    default_type "application/javascript";
    try_files $uri $uri/ /index.php$is_args$args;
}

nginx.conf

# sudo nano edit /etc/nginx/nginx.conf
# This file is populated with values by WordOps
# Scroll to line ~66 and comment out all the Common Security Headers
# Do not copy this file in, as the line numbes I added below will break your config
# This file is for instruction only
# I have not needed to update WordOps yet, so I'm not sure if these changes will be
# overwritten when you update WordOps. If so, just go back to the nginx.conf file and
# comment these lines out again. Easy peasy.
# Run the command wo stack restart --nginx to implement this change

## NOTE: This is required for embedding a form on a different domain website. HOWEVER
## Uncommenting this will open up more potential for annoying malware to be installed.
## My WordPress sites are plagued with malware, and it was happening before I commented this out.
## But maybe commenting this out made it worse for me? I don't know. Drives me crazy.

66	# Common security headers
67	# more_set_headers "X-Frame-Options : SAMEORIGIN";
68	# more_set_headers "X-Content-Type-Options : nosniff";
69	# more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";

Tags: Mautic, WordOps, NGINX

I love WordOps, but installing a Mautic instance is not one of the site create options. Running Mautic with a standard install script wo site create mautic.com --php80 --mysql gets it running mostly out of the box, but there are some nginx configurations that need to be taken care before all scripts and tracking and form actions load on external sites. My gratitude to Mautic Forums and ChatGPT for helping me put all this together.

Updated Cron to reference /bin not /app