friendica_ynh/conf/nginx.conf

##
# Friendica Nginx configuration
# by Olaf Conradi
#
# On Debian based distributions you can add this file to
# /etc/nginx/sites-available
#
# Then customize to your needs. To enable the configuration
# symlink it to /etc/nginx/sites-enabled and reload Nginx using
#
# service nginx reload
##

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
#
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
##

##
# This configuration assumes your domain is example.net
# You have a separate subdomain friendica.example.net
# You want all Friendica traffic to be https
# You have an SSL certificate and key for your subdomain
# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
# You have Friendica installed in /var/www/friendica
##
location __PATH__  {
    alias __FINALPATH__/;

    if ($scheme = http) {
        rewrite ^ https://$server_name$request_uri? permanent;
    }
    
     if (!-e $request_filename) {
    	rewrite ^(.*)$ /index.php?pagename=$1;
    }
    
 
    #allow uploads up to 20MB in size
    client_max_body_size 20m;
    client_body_buffer_size 128k;


    #Default indexes and catch-all
    index  index.php;
    try_files $uri $uri/ /index.php?$args;
  

  # make sure webfinger and other well known services aren't blocked
  # by denying dot files and rewrite request to the front controller
  location ^~ /.well-known/ {
    allow all;
   if (!-e $request_filename) {
     rewrite ^(.*)$ /index.php?pagename=$1;
   }
  }
  
  include mime.types;

  # block these file types
  location ~* \.(tpl|md|tgz|log|out)$ {
    deny all;
  }


    #statically serve these file types when possible
    #otherwise fall back to front controller
    #allow browser to cache them
    #added .htm for advanced source code editor library
    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
        expires 30d;
        try_files $uri /index.php?pagename=$request_uri&$args;
    }


    #Execute and serve PHP files
    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param REMOTE_USER $remote_user;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $request_filename;
    }

 
  # deny access to all dot files
  location ~ /\. {
    deny all;
  }
    #Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
}
Did changes to nginx.conf 2017-07-21 10:14:27 +02:00			`##`
			`# Friendica Nginx configuration`
			`# by Olaf Conradi`
			`#`
			`# On Debian based distributions you can add this file to`
			`# /etc/nginx/sites-available`
			`#`
			`# Then customize to your needs. To enable the configuration`
			`# symlink it to /etc/nginx/sites-enabled and reload Nginx using`
			`#`
			`# service nginx reload`
			`##`
changed the nginx.conf so that .htaccess has write access 2017-07-18 22:13:40 +02:00
Did changes to nginx.conf 2017-07-21 10:14:27 +02:00			`##`
			`# You should look at the following URL's in order to grasp a solid understanding`
			`# of Nginx configuration files in order to fully unleash the power of Nginx.`
			`#`
			`# http://wiki.nginx.org/Pitfalls`
			`# http://wiki.nginx.org/QuickStart`
			`# http://wiki.nginx.org/Configuration`
			`##`
Tried rebuilding the app to make it work again 2017-07-18 12:21:08 +02:00
Did changes to nginx.conf 2017-07-21 10:14:27 +02:00			`##`
			`# This configuration assumes your domain is example.net`
			`# You have a separate subdomain friendica.example.net`
			`# You want all Friendica traffic to be https`
			`# You have an SSL certificate and key for your subdomain`
			`# You have PHP FastCGI Process Manager (php5-fpm) running on localhost`
			`# You have Friendica installed in /var/www/friendica`
			`##`
			`location __PATH__ {`
Fix Indentation 2018-01-18 23:29:59 +01:00			`alias __FINALPATH__/;`
Did changes to nginx.conf 2017-07-21 10:14:27 +02:00
Fix Indentation 2018-01-18 23:29:59 +01:00			`if ($scheme = http) {`
			`rewrite ^ https://$server_name$request_uri? permanent;`
			`}`
Updated to version 2018.05 and many fixes 2018-06-05 23:17:03 +02:00
			`if (!-e $request_filename) {`
			`rewrite ^(.*)$ /index.php?pagename=$1;`
			`}`


Did changes to nginx.conf 2017-07-21 10:14:27 +02:00
Fix Indentation 2018-01-18 23:29:59 +01:00			`#allow uploads up to 20MB in size`
			`client_max_body_size 20m;`
			`client_body_buffer_size 128k;`


			`#Default indexes and catch-all`
			`index index.php;`
			`try_files $uri $uri/ /index.php?$args;`
Updated to version 2018.05 and many fixes 2018-06-05 23:17:03 +02:00
Fix Indentation 2018-01-18 23:29:59 +01:00
Updated to version 2018.05 and many fixes 2018-06-05 23:17:03 +02:00			`# make sure webfinger and other well known services aren't blocked`
			`# by denying dot files and rewrite request to the front controller`
			`location ^~ /.well-known/ {`
			`allow all;`
			`if (!-e $request_filename) {`
			`rewrite ^(.*)$ /index.php?pagename=$1;`
			`}`
			`}`

			`include mime.types;`
Fix Indentation 2018-01-18 23:29:59 +01:00
Updated to version 2018.05 and many fixes 2018-06-05 23:17:03 +02:00			`# block these file types`
			`location ~* \.(tpl\|md\|tgz\|log\|out)$ {`
			`deny all;`
			`}`
Fix Indentation 2018-01-18 23:29:59 +01:00
Did changes to nginx.conf 2017-07-21 10:14:27 +02:00
Fix Indentation 2018-01-18 23:29:59 +01:00			`#statically serve these file types when possible`
			`#otherwise fall back to front controller`
			`#allow browser to cache them`
			`#added .htm for advanced source code editor library`
			`location ~* \.(jpg\|jpeg\|gif\|png\|ico\|css\|js\|htm\|html\|ttf\|woff\|svg)$ {`
			`expires 30d;`
Fix nginx security Issue #1 2018-01-18 23:33:29 +01:00			`try_files $uri /index.php?pagename=$request_uri&$args;`
Fix Indentation 2018-01-18 23:29:59 +01:00			`}`
Did changes to nginx.conf 2017-07-21 10:14:27 +02:00
Fix Indentation 2018-01-18 23:29:59 +01:00
			`#Execute and serve PHP files`
			`location ~ [^/]\.php(/\|$) {`
			`fastcgi_split_path_info ^(.+?\.php)(/.*)$;`
Updated to version 2018.05 and many fixes 2018-06-05 23:17:03 +02:00			`fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;`
Fix Indentation 2018-01-18 23:29:59 +01:00			`fastcgi_index index.php;`
			`include fastcgi_params;`
			`fastcgi_param REMOTE_USER $remote_user;`
			`fastcgi_param PATH_INFO $fastcgi_path_info;`
			`fastcgi_param SCRIPT_FILENAME $request_filename;`
			`}`

Updated to version 2018.05 and many fixes 2018-06-05 23:17:03 +02:00
			`# deny access to all dot files`
			`location ~ /\. {`
			`deny all;`
			`}`
Fix Indentation 2018-01-18 23:29:59 +01:00			`#Include SSOWAT user panel.`
			`include conf.d/yunohost_panel.conf.inc;`
			`}`