diff --git a/conf/nginx.conf b/conf/nginx.conf index e80307d..614c929 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,24 +1,54 @@ location __PATH__ { - alias __FINALPATH__; - client_max_body_size 10G; - index index.php; + alias __FINALPATH__/; + if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } - # Example PHP configuration - index index.php index.html; - try_files $uri $uri/ index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; -} - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Default indexes and catch-all + index index.html index.php; + try_files $uri $uri/ /index.php?$args; + + # Prevent useless logs + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny access to hidden files and directories + location ~ ^/(.+/|)\.(?!well-known\/) { + deny all; + } + + # Execute and serve PHP files + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-my_webapp.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + # .htaccess file from Hubzilla converted using http://winginx.com/en/htaccess + location ~ "(^|/)\.git" + { + return 403; + } + autoindex off; + location / { if (!-e $request_filename) + { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } diff --git a/scripts/install b/scripts/install index 5b2937b..61a73b3 100644 --- a/scripts/install +++ b/scripts/install @@ -131,7 +131,7 @@ sudo cp ../conf/poller-cron /etc/cron.d/$app #================================================= if [ $is_public -eq 0 ] -then # Remove the public access +then # Remove the public ac https://yourhostname.tld/install/testrewrite acess ynh_app_setting_delete $app skipped_uris fi # Make app public if necessary