forked from silverstripe/silverstripe-framework
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update documentation of nginx configuration
- Avoid using "if" to check for file existence (use try_files instead) - Replicate the behavior of the .htaccess files - TODO: get static error pages to work
- Loading branch information
Showing
1 changed file
with
83 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,38 +1,97 @@ | ||
# Nginx | ||
|
||
These instructions are also covered on the [Nginx Wiki](http://wiki.nginx.org/SilverStripe) | ||
These instructions are also covered in less detail on the | ||
[Nginx Wiki](http://wiki.nginx.org/SilverStripe). | ||
|
||
The prerequisite is that you have already installed Nginx and you are able to run PHP files via the FastCGI-wrapper from | ||
Nginx. | ||
The prerequisite is that you have already installed Nginx and you are | ||
able to run PHP files via the FastCGI-wrapper from Nginx. | ||
|
||
Now you need to setup a virtual host in Nginx with the following configuration settings: | ||
Now you need to set up a virtual host in Nginx with the following | ||
configuration settings: | ||
|
||
server { | ||
listen 80; | ||
server_name yoursite.com; | ||
|
||
root /home/yoursite.com/httpdocs; | ||
index index.html index.php; | ||
listen 80; | ||
# SSL configuration (optional, but recommended for security) | ||
include ssl | ||
root /var/www/example.com; | ||
index index.php index.html index.htm; | ||
server_name example.com; | ||
|
||
include silverstripe3; | ||
include htaccess; | ||
} | ||
|
||
Here is the include file `silverstripe3`: | ||
|
||
location / { | ||
try_files $uri @silverstripe; | ||
} | ||
|
||
location @silverstripe { | ||
include fastcgi_params; | ||
# Defend against arbitrary PHP code execution | ||
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini | ||
# More info: | ||
# https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ | ||
fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
fastcgi_param SCRIPT_FILENAME $document_root/framework/main.php; | ||
fastcgi_param SCRIPT_NAME /framework/main.php; | ||
fastcgi_param QUERY_STRING url=$uri&$args; | ||
fastcgi_pass unix:/var/run/php5-fpm.sock; | ||
fastcgi_index index.php; | ||
fastcgi_buffer_size 32k; | ||
fastcgi_buffers 4 32k; | ||
fastcgi_busy_buffers_size 64k; | ||
} | ||
|
||
|
||
Here is the include file `htaccess`: | ||
|
||
# Don't serve up any .htaccess files | ||
location ~ /\.ht { | ||
deny all; | ||
} | ||
|
||
if (!-f $request_filename) { | ||
rewrite ^/(.*?)(\?|$)(.*)$ /framework/main.php?url=$1&$3 last; | ||
} | ||
# Deny access to silverstripe-cache | ||
location ~ ^/silverstripe-cache { | ||
deny all; | ||
} | ||
|
||
error_page 404 /framework/main.php; | ||
# Don't execute scripts in the assets | ||
location ^~ /assets/ { | ||
try_files $uri $uri/ =404; | ||
} | ||
|
||
location ~ \.php$ { | ||
include fastcgi_params; | ||
fastcgi_pass 127.0.0.1:9000; | ||
fastcgi_index index.php; | ||
fastcgi_param SCRIPT_FILENAME /home/yoursite.com/httpdocs$fastcgi_script_name; | ||
fastcgi_buffer_size 32k; | ||
fastcgi_buffers 4 32k; | ||
fastcgi_busy_buffers_size 64k; | ||
} | ||
# cms & framework .htaccess rules | ||
location ~ ^/(cms|framework|mysite)/.*\.(php|php[345]|phtml|inc)$ { | ||
deny all; | ||
} | ||
location ~ ^/(cms|framework)/silverstripe_version$ { | ||
deny all; | ||
} | ||
location ~ ^/framework/.*(main|static-main|rpc|tiny_mce_gzip)\.php$ { | ||
allow all; | ||
} | ||
|
||
Here is the optional include file `ssl`: | ||
|
||
listen 443 ssl; | ||
ssl_certificate server.crt; | ||
ssl_certificate_key server.key; | ||
ssl_session_timeout 5m; | ||
ssl_protocols SSLv3 TLSv1; | ||
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; | ||
|
||
The above configuration will setup a new virtual host `yoursite.com` with rewrite rules suited for SilverStripe. The | ||
location block at the bottom will pass all php scripts to the FastCGI-wrapper. | ||
The above configuration sets up a virtual host `example.com` with | ||
rewrite rules suited for SilverStripe. The location block named | ||
`@silverstripe` passes all php scripts to the FastCGI-wrapper via a Unix | ||
socket. This example is from a site running Ubuntu with the php5-fpm | ||
package. | ||
|
||
Now you can proceed with the SilverStripe installation normally. |