NGINX/PHP-FPM
File protection
If you are using PHP-FPM, it is important to block access to configuration file application/config/config.ini.
location ~* /(var|lib|application)/.*$ { return 403; } location ~* \.ini$ { return 403; }
How to make Campaign URLs working in Nginx?
To simulate mode_rewrite use try_files.
Example:
location / { try_files $uri $uri/ /index.php?$args; }
Domain configuration in Nginx example
server { # server IP and port listen 151.236.29.195:80; # domain name server_name domain.com www.domain.com; # root path set $root_path /home/domain.com; root $root_path; charset utf-8; index index.php; location ~* \.(jpg|jpeg|gif|png|js|css|txt|zip|ico|gz|csv)$ { access_log off; expires 10d; } location ~* /(var|lib|application)/.*$ { return 403; } location ~* \.(htaccess|ini|dat)$ { return 403; } location ~ \.php$ { include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $root_path$fastcgi_script_name; } location / { try_files $uri $uri/ /index.php?$args; } }
Web Temple "Keitaro TDS" for Vesta
File /usr/local/vesta/data/templates/web/nginx/php-fpm/keitaro.stpl
server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; root %docroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; location / { try_files $uri $uri/ /index.php?$args; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|html)$ { expires max; } location ~ [^/]\.php(/|$) { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass %backend_lsnr%; include /etc/nginx/fastcgi_params; } } location ~* "/\.(htaccess|htpasswd)$" { deny all; return 404; } location ~* /(var|lib|application)/.*$ { return 403; } include /etc/nginx/conf.d/phpmyadmin.inc*; include /etc/nginx/conf.d/phppgadmin.inc*; include /etc/nginx/conf.d/webmail.inc*; include %home%/%user%/conf/web/nginx.%domain%.conf*;
File /usr/local/vesta/data/templates/web/nginx/php-fpm/keitaro.tpl
server { listen %ip%:%web_port%; server_name %domain_idn% %alias_idn%; root %docroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; location / { try_files $uri $uri/ /index.php?$args; location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|html)$ { expires max; } location ~ [^/]\.php(/|$) { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass %backend_lsnr%; include /etc/nginx/fastcgi_params; } } location ~* "/\.(htaccess|htpasswd)$" { deny all; return 404; } location ~* /(var|lib|application)/.*$ { return 403; } include /etc/nginx/conf.d/phpmyadmin.inc*; include /etc/nginx/conf.d/phppgadmin.inc*; include /etc/nginx/conf.d/webmail.inc*; include %home%/%user%/conf/web/nginx.%domain%.conf*; }