mirror of
https://github.com/YunoHost-Apps/friendica_ynh.git
synced 2024-09-03 18:36:14 +02:00
b956e9b389
Actually we can access to friendica without encryption. So force the connexion to be always encrypted.
106 lines
2.7 KiB
Nginx Configuration File
106 lines
2.7 KiB
Nginx Configuration File
##
|
|
# Friendica Nginx configuration
|
|
# by Olaf Conradi
|
|
#
|
|
# On Debian based distributions you can add this file to
|
|
# /etc/nginx/sites-available
|
|
#
|
|
# Then customize to your needs. To enable the configuration
|
|
# symlink it to /etc/nginx/sites-enabled and reload Nginx using
|
|
#
|
|
# service nginx reload
|
|
##
|
|
|
|
##
|
|
# You should look at the following URL's in order to grasp a solid understanding
|
|
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
|
#
|
|
# http://wiki.nginx.org/Pitfalls
|
|
# http://wiki.nginx.org/QuickStart
|
|
# http://wiki.nginx.org/Configuration
|
|
##
|
|
|
|
##
|
|
# This configuration assumes your domain is example.net
|
|
# You have a separate subdomain friendica.example.net
|
|
# You want all Friendica traffic to be https
|
|
# You have an SSL certificate and key for your subdomain
|
|
# You have PHP FastCGI Process Manager (php5-fpm) running on localhost
|
|
# You have Friendica installed in /var/www/friendica
|
|
##
|
|
location __PATH__ {
|
|
alias __FINALPATH__/;
|
|
|
|
if ($scheme = http) {
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
}
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
#allow uploads up to 20MB in size
|
|
client_max_body_size 20m;
|
|
client_body_buffer_size 128k;
|
|
|
|
|
|
#Default indexes and catch-all
|
|
index index.php;
|
|
try_files $uri $uri/ /index.php?$args;
|
|
|
|
#Prevent useless logs
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
# make sure webfinger and other well known services aren't blocked
|
|
# by denying dot files and rewrite request to the front controller
|
|
location ^~ /.well-known/ {
|
|
allow all;
|
|
rewrite ^/(.*) /index.php?pagename=$uri&$args last;
|
|
}
|
|
|
|
#statically serve these file types when possible
|
|
#otherwise fall back to front controller
|
|
#allow browser to cache them
|
|
#added .htm for advanced source code editor library
|
|
location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
|
|
expires 30d;
|
|
try_files $uri /index.php?pagename=$uri&$args;
|
|
}
|
|
|
|
#block these file types
|
|
location ~* \.(tpl|md|tgz|log|out)$ {
|
|
deny all;
|
|
}
|
|
|
|
#Execute and serve PHP files
|
|
location ~ [^/]\.php(/|$) {
|
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param REMOTE_USER $remote_user;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
|
}
|
|
|
|
#.htaccess file from Friendica converted using http://winginx.com/en/htaccess
|
|
location ~ "(^|/)\.git" { return 403;}
|
|
autoindex off;
|
|
location / { if (!-e $request_filename) { rewrite ^(.*)$ /index.php?pagename=$1;}
|
|
}
|
|
|
|
#deny access to all dot files
|
|
location ~ /\. {
|
|
deny all;
|
|
}
|
|
|
|
#Include SSOWAT user panel.
|
|
include conf.d/yunohost_panel.conf.inc;
|
|
}
|