🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#1 2015-03-27 21:57:35
- JohnnySSH
- Member
- 2015-03-27
- 3
Config file for Nginx
Hi,
I'm wondering if anyone has a "working" config file for Nginx??
Unfortunately I can't run Apache as I host many sites under Nginx in my setup so the move wouldn't be really feasible.
The current config allows me to access: http://site.domain.tld without appending the index.php at the end however I think I need a few re-write rules to get rid of the "index.php" all together for example from:
http://site.domain.tld/index.php?/category/3
I have tried two config variations but they don't work very well...
Code:
#server {
# listen 80;
# .domain.com will match both domain.com and anything.domain.com
# server_name site.domain.tld;
#rewrite ^ https://$server_name$request_uri? permanent;
# It is best to place the root of the server block at the server level, and not the location level
# any location block path will be relative to this root.
# root /usr/local/www/piwigo;
# It's always good to set logs, note however you cannot turn off the error log
# setting error_log off; will simply create a file called 'off'.
# access_log /var/log/nginx/piwigo.access.log;
# error_log /var/log/nginx/piwigo.error.log;
# This can also go in the http { } level
# index index.html index.htm index.php;
# location / {
# if you're just using wordpress and don't want extra rewrites
# then replace the word @rewrites with /index.php
#try_files $uri $uri/ @rewrites;
# try_files $uri /index.php;
# }
# location @rewrites {
# Can put some of your own rewrite rules in here
# for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last;
# If nothing matches we'll just send it to /index.php
# rewrite ^ /index.php last;
# }
# This block will catch static file requests, such as images, css, js
# The ?: prefix is a 'non-capturing' mark, meaning we do not require
# the pattern to be captured into $1 which should help improve performance
# location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
# Some basic cache-control for static files to be sent to the browser
# expires max;
# add_header Pragma public;
# add_header Cache-Control "public, must-revalidate, proxy-revalidate";
# }
# remove the robots line if you want to use wordpress' virtual robots.txt
# location = /robots.txt { access_log off; log_not_found off; }
# location = /favicon.ico { access_log off; log_not_found off; }
# this prevents hidden files (beginning with a period) from being served
# location ~ /\. { access_log off; log_not_found off; deny all; }
# location ~ \.php {
# fastcgi_param SCRIPT_NAME $fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_index index.php;
# fastcgi_pass php;
# include fastcgi_params;
# }
#}
server {
listen 80;
server_name site.domain.tld;
root /usr/local/www/piwigo;
index index.php;
location / {
try_files $uri /index.php;
}
location ~* \.php {
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
fastcgi_pass php;
}
}If I click on "visit the gallery" from the admin page, the browser just ends up downloading the index.php file and doesn't actually re-direct the page.
Also uploaded images don't show up, the log claims "fatal php error file not found", however the files are there: $piwigo_home/uploads/date/files.ext
where files.ext is png or jpg... basically image file.
Piwigo version: 2.7.4
PHP version: 5.6.6
MySQL version: 5.5.42
Piwigo URL: http:// <demo site currently not open to web>
If anyone could help I'd be most grateful!
Many thanks.
Offline
#2 2015-06-12 20:49:34
- evert
- Member
- 2015-05-17
- 6
Re: Config file for Nginx
Hi,
I don't know whether you're still looking for a solution, but this works for me:
[site http://pub.meulie.net ]
site-config for NGINX:
Code:
server{
listen 80;
listen [::]:80;
gzip_vary on;
server_name pub.meulie.net;
access_log /var/log/nginx/pub.meulie.net.log;
error_log /var/log/nginx/error.log;
client_max_body_size 50m;
root /var/www/pub.meulie.net/htdocs;
include /etc/nginx/conf.d/cloudflare.conf;
include global/restrictions.conf;
charset UTF-8;
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
try_files $script_name = 404;
fastcgi_pass 127.0.0.1:9999;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME /var/www/pub.meulie.net/htdocs$fastcgi_script_name;
fastcgi_param PHP_VALUE "newrelic.appname=pub.meulie.net";
include fastcgi_params;
}
}Additions to /local/config/config.inc.php:
Code:
$conf['question_mark_in_urls'] = false; $conf['php_extension_in_urls'] = false;
Offline
#3 2015-06-25 23:57:35
- JohnnySSH
- Member
- 2015-03-27
- 3
Re: Config file for Nginx
Thanks a lot... sorry for delay on this!
I had to make a few adjustments to the Nginx config file you provided:
Code:
server{
listen 80;
gzip_vary on;
server_name <fqdn>;
access_log /var/log/nginx-access.log;
error_log /var/log/nginx-error.log;
client_max_body_size 50m;
root /usr/local/www/piwigo;
# include /etc/nginx/conf.d/cloudflare.conf;
# include global/restrictions.conf;
charset UTF-8;
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
try_files $script_name = 404;
fastcgi_pass php;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "newrelic.appname=<fqdn>";
include fastcgi_params;
}
}outside of that it seems to be work fine :-)
Offline
#4 2015-06-29 07:15:00
- Applepiee
- Member
- 2014-07-11
- 41
Re: Config file for Nginx
I tried your config but it still is downloading the php file though.. did I do something wrong?
Code:
server {
listen *:80;
server_name fairytailhentaidb.com www.fairytailhentaidb.com;
access_log /var/log/nginx/fairytailhentaidbcom.access.log;
error_log /var/log/nginx/fairytailhentaidbcom.error.log;
root /var/www/vhosts/fairytailhentaidb.com;
index index.html index.htm index.php;
if ($host !~* ^www\.) {
rewrite ^(.*)$ http://www.$host$1 permanent;
}
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
try_files $script_name = 404;
}
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/ajenti-v-php-fcgi-fairytailhentaidbcom-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}Offline
#5 2016-04-15 16:46:34
- teekay
- Member
- 2013-06-12
- 427
Re: Config file for Nginx
Could be useful for others, so here it goes.
I enhanced the config to do following:
- block direct access to /_data/i and /upload
- block hotlinks
- block any direct access to image alias URLs (/i/upload/..)
- make sure ws.php upload stuff still works with referal blockers (there are GET requests from server's own IP and Piwigo user agent to /i/upload/)
- compress js and css
local/config/config.inc.php used:
Code:
$conf['category_url_style'] = 'id-name'; $conf['picture_url_style'] = 'id-file'; $conf['original_url_protection'] = 'images'; $conf['derivative_url_style'] = 2; $conf['question_mark_in_urls'] = false; $conf['php_extension_in_urls'] = false;
Nginx config:
Code:
server {
listen 443 ssl;
server_name fotos.domain.tld;
root /srv/http/piwigo;
ssl_certificate /etc/letsencrypt/live/fotos.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fotos.domain.tld/privkey.pem;
ssl_dhparam /etc/ssl/dh2048.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers FIPS@STRENGTH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
client_max_body_size 50m;
client_body_buffer_size 25m;
gzip on;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
location ~ ^/favicon.ico$ {
log_not_found off;
access_log off;
expires max;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# piwigo distribution files
location ~ ^/(README|doc)$ {
deny all;
}
# prevent direct acces to uploaded images, derivates and logs
location ~ ^/(_data/(i|logs)|upload)/ {
deny all;
}
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
try_files $script_name = 404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# prevent any hotlinks and direct access to alias URIs (/i/upload/...)
# which are not from Piwigo itself (happens when exporting from lightroom via ws.php)
# this section needs to go _after_ the php handler, no idea why.
set $check_referal "";
# very restrictive
valid_referers *.domain.tld;
# if you want google etc to be able to show your images:
#valid_referers ~google\.com ~bing\.com *.domain.tld
if ($invalid_referer) {
set $check_referal "invalid";
}
if ($http_user_agent !~ "Piwigo") {
set $check_referal "${check_referal}+not_piwigo";
}
location ~* \.(gif|png|jpe?g)$ {
if ($check_referal = "invalid+not_piwigo") {
return 403;
}
try_files $uri $uri/ @rewrite;
}
}Last edited by teekay (2016-04-28 13:31:33)
Offline
#6 2016-04-27 17:23:03
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Config file for Nginx
teekay wrote:
Could be useful for others, so here it goes.
Certainly very useful. Thank you teekay!
Offline
#7 2023-03-06 12:58:55
- reox
- Member
- 2023-03-06
- 11
Re: Config file for Nginx
It looks like that many things have changed since the last config was posted here. If I try that with a recent piwgo 13.6, I cannot see any pictures and stylesheets cannot be loaded for the Bootstrap darkroom theme.
I tried to remove everything except the rewrite rules and the culprit seems to be those. While for example images load correctly, if access to _data is granted again, it seems that some rewrite rules are missing, such that the template stylesheets can be loaded correctly.
A plain simple nginx config works as well, but I would like to secure the installation a bit, by removing access to files that do not need to be accessed from the outside.
Furthermore, I would also like to have the rewrite rules working.
Last edited by reox (2023-03-06 12:59:21)
Offline