NGINX/PHP-FPM
File protection
If you are using PHP-FPM, it is important to block access to configuration file application/config/config.ini.
location ~* /(var|lib|application)/.*$ {
return 403;
}
location ~* \.ini$ {
return 403;
}
How to make Campaign URLs working in Nginx?
To simulate mode_rewrite use try_files.
Example:
location / {
try_files $uri $uri/ /index.php?$args;
}
Domain configuration in Nginx example
server {
# server IP and port
listen 151.236.29.195:80;
# domain name
server_name domain.com www.domain.com;
# root path
set $root_path /home/domain.com;
root $root_path;
charset utf-8;
index index.php;
location ~* \.(jpg|jpeg|gif|png|js|css|txt|zip|ico|gz|csv)$ {
access_log off;
expires 10d;
}
location ~* /(var|lib|application)/.*$ {
return 403;
}
location ~* \.(htaccess|ini|dat)$ {
return 403;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $root_path$fastcgi_script_name;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}
Web Temple "Keitaro TDS" for Vesta
File /usr/local/vesta/data/templates/web/nginx/php-fpm/keitaro.stpl
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location / {
try_files $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|html)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location ~* /(var|lib|application)/.*$ {
return 403;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain%.conf*;
File /usr/local/vesta/data/templates/web/nginx/php-fpm/keitaro.tpl
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location / {
try_files $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|html)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location ~* /(var|lib|application)/.*$ {
return 403;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain%.conf*;
}