Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
# file managed by puppet
map $cookie_env $env {
default w;
x x;
}
server {
listen 80 default_server;
listen [2a03:4000:39:55d:5400:a2ff:fe21:b3ea]:80;
server_name translatewiki.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server deferred http2;
listen [2a03:4000:39:55d:5400:a2ff:fe21:b3ea]:443 default_server deferred ssl http2;
include includes/ssl-certbot.conf;
server_name translatewiki.net;
root /www/$host/docroot;
add_header Referrer-Policy strict-origin-when-cross-origin;
rewrite ^/$ /$env/index.php;
rewrite ^/wiki /$env/index.php;
rewrite ^/sitemap$ "/$env/index.php?title=Special:RecentChanges&translations=&feed=atom";
# No-op if using the default environment, but required for the 'internal' rules to work
rewrite ^/w/(.*) /$env/$1;
# Prevent direct access to /x. It can only be accessed through the above rewrites
location /x {
internal;
}
location ~ ^/[xw]/(cache|config|docs|includes|languages|maintenance|mw-config|tests|vendor)/ {
deny all;
}
# Allowed php files, case sensitive
location ~ ^/[xw]/(i|index|load|api|opensearch_desc|rest|webfiles/jserror)\.php {
limit_req zone=perip burst=30 delay=20;
fastcgi_pass php;
fastcgi_buffering off;
fastcgi_buffers 16 16k;
fastcgi_connect_timeout 1s;
fastcgi_send_timeout 2s;
fastcgi_read_timeout 15s;
include fastcgi.conf;
internal;
}
# Deny access to all php files except those above
location ~* \.php$ {
deny all;
}
location ~* ^/static/mainpage/.*\.jpg$ {
expires 2M;
if ($http_accept ~ "image/webp") {
add_header Vary Accept;
rewrite ^ $uri.webp;
}
}
location ~* \.(png|jpg|jpeg|gif|ico|svg|woff|woff2|eot|ttf|webp)$ {
expires 2M;
}
error_page 500 502 503 504 /error.html;
location = /error.html {
root /www/error;
internal;
}
}