1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-25 13:46:50 +02:00
Files
php-phpbb/phpBB/docs/nginx.sample.conf
ftc2 8f97887683 [ticket/15385] nginx.sample.conf: www redirection, security regex
according to the latest wiki info:
    http://wiki.nginx.org/Pitfalls#Taxing_Rewrites
`return 301` is preferred over a rewrite.

also, the 'security' regex breaks some official extensions because it
will match and deny access to `/ext/phpbb`.
looking through the names of dirs and files containing `phpbb`, it
looks like the intent of the regex was to only disallow the folder
`phpbb` in the root dir and not other `/phpbb` matches.
a negative lookbehind was added to specifically not match `/ext/phpbb`
but still match other occurrences of `/phpbb`.

Tracker ticket: https://tracker.phpbb.com/browse/PHPBB3-15385
2017-10-01 22:57:21 -06:00

128 lines
3.9 KiB
Plaintext

# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.
# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
# define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.
http {
# Compression - requires gzip and gzip static modules.
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
# Compression levels over 6 do not give an appreciable improvement
# in compression ratio, but take more resources.
gzip_comp_level 6;
# IE 6 and lower do not support gzip with Vary correctly.
gzip_disable "msie6";
# Before nginx 0.7.63:
#gzip_disable "MSIE [1-6]\.";
# Catch-all server for requests to invalid hosts.
# Also catches vulnerability scanners probing IP addresses.
server {
# default specifies that this block is to be used when
# no other block matches.
listen 80 default;
server_name bogus;
return 444;
root /var/empty;
}
# If you have domains with and without www prefix,
# redirect one to the other.
server {
# Default port is 80.
#listen 80;
server_name myforums.com;
# A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
return 301 http://www.myforums.com$request_uri;
}
# The actual board domain.
server {
#listen 80;
server_name www.myforums.com;
root /path/to/phpbb;
location / {
# phpBB uses index.htm
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /app.php$is_args$args;
fastcgi_pass php;
}
# Correctly pass scripts for installer
location /install/ {
# phpBB uses index.htm
try_files $uri $uri/ @rewrite_installapp;
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args;
fastcgi_pass php;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
}
# If running php as fastcgi, specify php upstream.
upstream php {
server unix:/tmp/php.sock;
}
}