Port nginx configuration changes from 3

silverstripe · Jan 30, 2018 · 8d6d985 · 8d6d985
1 parent 8a6686b
commit 8d6d985
Showing 1 changed file with 75 additions and 88 deletions.
diff --git a/docs/en/00_Getting_Started/01_Installation/How_To/Configure_Nginx.md b/docs/en/00_Getting_Started/01_Installation/How_To/Configure_Nginx.md
@@ -1,7 +1,7 @@
 # Nginx
 
 These instructions are also covered on the
-[Nginx Wiki](http://wiki.nginx.org/SilverStripe).
+[Nginx Wiki](https://www.nginx.com/resources/wiki/start/topics/recipes/silverstripe/).
 
 The prerequisite is that you have already installed Nginx and you are
 able to run PHP files via the FastCGI-wrapper from Nginx.
@@ -18,92 +18,79 @@ Especially be aware of [accidental php-execution](https://nealpoole.com/blog/201
 
 But enough of the disclaimer, on to the actual configuration — typically in `nginx.conf`:
 
-	server {
-		listen 80;
-		root /path/to/ss/folder;
-
-		server_name site.com www.site.com;
-
-		# Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
-		if ($http_x_forwarded_host) {
-			return 400;
-		}
-
-		location / {
-			try_files $uri /index.php?$query_string;
-		}
-
-		error_page 404 /assets/error-404.html;
-		error_page 500 /assets/error-500.html;
-
-		location ^~ /assets/ {
-			location ~ /\. {
-				deny all;
-			}
-			sendfile on;
-			try_files $uri /index.php?$query_string;
-		}
-
-		location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
-			fastcgi_keep_conn on;
-			fastcgi_pass   127.0.0.1:9000;
-			fastcgi_index  index.php;
-			fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
-			include        fastcgi_params;
-		}
-
-		location ~ /(mysite|framework|cms)/.*\.(php|php3|php4|php5|phtml|inc)$ {
-			deny all;
-		}
-
-		location ~ /\.. {
-			deny all;
-		}
-
-		location ~ \.ss$ {
-			satisfy any;
-			allow 127.0.0.1;
-			deny all;
-		}
-
-		location ~ web\.config$ {
-			deny all;
-		}
-
-		location ~ \.ya?ml$ {
-			deny all;
-		}
-
-		location ^~ /vendor/ {
-			deny all;
-		}
-
-		location ~* /silverstripe-cache/ {
-			deny all;
-		}
-
-		location ~* composer\.(json|lock)$ {
-			deny all;
-		}
-
-		location ~* /(cms|framework)/silverstripe_version$ {
-			deny all;
-		}
-
-		location ~ \.php$ {
-			fastcgi_keep_conn on;
-			fastcgi_pass   127.0.0.1:9000;
-			fastcgi_index  index.php;
-			fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
-			include        fastcgi_params;
-			fastcgi_buffer_size 32k;
-			fastcgi_busy_buffers_size 64k;
-			fastcgi_buffers 4 32k;
-		}
-	}
-
-The above configuration sets up a virtual host `site.com` with
-rewrite rules suited for SilverStripe. The location block for php files
-passes all php scripts to the FastCGI-wrapper via a TCP socket.
+```nginx
+server {
+  include mime.types;
+  default_type  application/octet-stream;
+  client_max_body_size 0; # Manage this in php.ini
+  listen 80;
+  root /path/to/ss/folder;
+  server_name example.com www.example.com;
+
+  # Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
+  if ($http_x_forwarded_host) {
+    return 400;
+  }
+
+  location / {
+      try_files $uri /index.php?$query_string;
+  }
+
+  error_page 404 /assets/error-404.html;
+  error_page 500 /assets/error-500.html;
+
+  location ^~ /assets/ {
+    sendfile on;
+    try_files $uri =404;
+  }
+
+  location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
+    fastcgi_buffer_size 32k;
+    fastcgi_busy_buffers_size 64k;
+    fastcgi_buffers 4 32k;
+    fastcgi_keep_conn on;
+    fastcgi_pass   127.0.0.1:9000;
+    fastcgi_index  index.php;
+    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include        fastcgi_params;
+  }
+
+  # Denials
+  location ~ /\.. {
+    deny all;
+  }
+  location ~ \.ss$ {
+    satisfy any;
+    allow 127.0.0.1;
+    deny all;
+  }
+  location ~ web\.config$ {
+    deny all;
+  }
+  location ~ \.ya?ml$ {
+    deny all;
+  }
+  location ~* README.*$ {
+    deny all;
+  }
+  location ^~ /vendor/ {
+    deny all;
+  }
+  location ~* /silverstripe-cache/ {
+    deny all;
+  }
+  location ~* composer\.(json|lock)$ {
+    deny all;
+  }
+  location ~* /(cms|framework)/silverstripe_version$ {
+    deny all;
+  }
+}
+```
+
+The above configuration sets up a virtual host `example.com` with
+rewrite rules suited for SilverStripe. The location block for framework
+php files passes all the php scripts to the FastCGI-wrapper via a TCP
+socket.
 
 Now you can proceed with the SilverStripe installation normally.