diff options
Diffstat (limited to 'volumes/hubzilla/nginx.conf')
-rw-r--r-- | volumes/hubzilla/nginx.conf | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/volumes/hubzilla/nginx.conf b/volumes/hubzilla/nginx.conf new file mode 100644 index 0000000..0680a2b --- /dev/null +++ b/volumes/hubzilla/nginx.conf @@ -0,0 +1,73 @@ +# +# Hubzilla nginx configuration for sandcastles +# +# TLS is terminated by the traefik router, so we will only ever see http +# trafic here. +# + +server { + listen 80; + server_name hubzilla.castle; + + index index.php; + charset utf-8; + root /var/www/html; + + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + include mime.types; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?q=$1; + } + } + + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?q=$1; + } + } + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to the fpm container + location ~* \.php$ { + try_files $uri =404; + + fastcgi_param HTTPS on; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass hubzilla_fpm:9000; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + + #deny access to store + location ~ /store { + deny all; + } + + #deny access to util + location ~ /util { + deny all; + } +} |