Announcement

#1 2015-03-27 21:57:35

JohnnySSH
Member
2015-03-27
3

Config file for Nginx

Hi,

I'm wondering if anyone has a "working" config file for Nginx??

Unfortunately I can't run Apache as I host many sites under Nginx in my setup so the move wouldn't be really feasible.

The current config allows me to access: http://site.domain.tld without appending the index.php at the end however I think I need a few re-write rules to get rid of the "index.php" all together for example from:

http://site.domain.tld/index.php?/category/3

I have tried two config variations but they don't work very well...

Code:

#server {
#  listen        80;
  # .domain.com will match both domain.com and anything.domain.com
#  server_name site.domain.tld;
  #rewrite ^ https://$server_name$request_uri? permanent;

  # It is best to place the root of the server block at the server level, and not the location level
  # any location block path will be relative to this root.
#  root /usr/local/www/piwigo;

  # It's always good to set logs, note however you cannot turn off the error log
  # setting error_log off; will simply create a file called 'off'.
#  access_log /var/log/nginx/piwigo.access.log;
#  error_log /var/log/nginx/piwigo.error.log;

  # This can also go in the http { } level
#  index index.html index.htm index.php;

#  location / {
  # if you're just using wordpress and don't want extra rewrites
  # then replace the word @rewrites with /index.php
  #try_files $uri $uri/ @rewrites;
#  try_files $uri /index.php;
#  }
#  location @rewrites {
  # Can put some of your own rewrite rules in here
  # for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last;
  # If nothing matches we'll just send it to /index.php
#  rewrite ^ /index.php last;
#  }

  # This block will catch static file requests, such as images, css, js
  # The ?: prefix is a 'non-capturing' mark, meaning we do not require
  # the pattern to be captured into $1 which should help improve performance
#  location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
  # Some basic cache-control for static files to be sent to the browser
#  expires max;
#  add_header Pragma public;
#  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
#  }

  # remove the robots line if you want to use wordpress' virtual robots.txt
#  location = /robots.txt { access_log off; log_not_found off; }
#  location = /favicon.ico { access_log off; log_not_found off; }

  # this prevents hidden files (beginning with a period) from being served
#  location ~ /\. { access_log off; log_not_found off; deny all; }

#  location ~ \.php {
#  fastcgi_param        SCRIPT_NAME $fastcgi_script_name;
#  fastcgi_param        SCRIPT_FILENAME $document_root$fastcgi_script_name;
#  fastcgi_index        index.php;
#  fastcgi_pass         php;
#  include fastcgi_params;
#  }
#}

server {
        
        listen 80;
        server_name site.domain.tld;
        root /usr/local/www/piwigo;
        index index.php;

        location / {
                try_files $uri /index.php;
        }

        location ~* \.php {
                fastcgi_index  index.php;
                fastcgi_split_path_info ^(.+\.php)(.*)$;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                fastcgi_param  PATH_INFO        $fastcgi_path_info;
                include fastcgi_params;
                fastcgi_pass php;
        }
}

If I click on "visit the gallery" from the admin page, the browser just ends up downloading the index.php file and doesn't actually re-direct the page.

Also uploaded images don't show up, the log claims "fatal php error file not found", however the files are there: $piwigo_home/uploads/date/files.ext

where files.ext is png or jpg... basically image file.

Piwigo version: 2.7.4
PHP version: 5.6.6
MySQL version: 5.5.42
Piwigo URL: http:// <demo site currently not open to web>


If anyone could help I'd be most grateful!

Many thanks.

Offline

 

#2 2015-06-12 20:49:34

evert
Member
2015-05-17
6

Re: Config file for Nginx

Hi,

I don't know whether you're still looking for a solution, but this works for me:
[site http://pub.meulie.net ]

site-config for NGINX:

Code:

server{
        listen 80;
        listen [::]:80;

gzip_vary on;

        server_name pub.meulie.net;
        access_log /var/log/nginx/pub.meulie.net.log;
        error_log /var/log/nginx/error.log;
        client_max_body_size 50m;
        root /var/www/pub.meulie.net/htdocs;
        include  /etc/nginx/conf.d/cloudflare.conf;
        include global/restrictions.conf;
        charset UTF-8;

location / {
                index index.php;
                try_files $uri $uri/ @rewrite;
        }

        location @rewrite {
                rewrite ^/picture((/|$).*)$ /picture.php$1 last;
                rewrite ^/index((/|$).*)$ /index.php$1 last;
                rewrite ^/i((/|$).*)$ /i.php$1 last;
        }

        location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
                try_files $script_name = 404;
    fastcgi_pass 127.0.0.1:9999;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_param SCRIPT_FILENAME /var/www/pub.meulie.net/htdocs$fastcgi_script_name;
    fastcgi_param PHP_VALUE "newrelic.appname=pub.meulie.net";
    include fastcgi_params;
}
}

Additions to /local/config/config.inc.php:

Code:

$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;

Offline

 

#3 2015-06-25 23:57:35

JohnnySSH
Member
2015-03-27
3

Re: Config file for Nginx

Thanks a lot... sorry for delay on this!

I had to make a few adjustments to the Nginx config file you provided:

Code:

server{
        listen 80;

gzip_vary on;

        server_name <fqdn>;
        access_log /var/log/nginx-access.log;
        error_log /var/log/nginx-error.log;
        client_max_body_size 50m;
        root /usr/local/www/piwigo;
#        include  /etc/nginx/conf.d/cloudflare.conf;
#        include global/restrictions.conf;
        charset UTF-8;

location / {
                index index.php;
                try_files $uri $uri/ @rewrite;
        }

        location @rewrite {
                rewrite ^/picture((/|$).*)$ /picture.php$1 last;
                rewrite ^/index((/|$).*)$ /index.php$1 last;
                rewrite ^/i((/|$).*)$ /i.php$1 last;
        }

        location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
                try_files $script_name = 404;
    fastcgi_pass php;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PHP_VALUE "newrelic.appname=<fqdn>";
    include fastcgi_params;
}
}

outside of that it seems to be work fine :-)

Offline

 

#4 2015-06-29 07:15:00

Applepiee
Member
2014-07-11
40

Re: Config file for Nginx

I tried your config but it still is downloading the php file though.. did I do something wrong?

Code:

server {
    listen *:80;
    
    
    server_name fairytailhentaidb.com www.fairytailhentaidb.com;

    access_log /var/log/nginx/fairytailhentaidbcom.access.log;
    error_log /var/log/nginx/fairytailhentaidbcom.error.log;

    root /var/www/vhosts/fairytailhentaidb.com;
    index index.html index.htm index.php;

    if ($host !~* ^www\.) {
    rewrite ^(.*)$ http://www.$host$1 permanent;
}

location / {
                index index.php;
                try_files $uri $uri/ @rewrite;
        }

        location @rewrite {
                rewrite ^/picture((/|$).*)$ /picture.php$1 last;
                rewrite ^/index((/|$).*)$ /index.php$1 last;
                rewrite ^/i((/|$).*)$ /i.php$1 last;
        }

        location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
                try_files $script_name = 404;
}

    
    
    location ~ [^/]\.php(/|$) {
        
        
        
        fastcgi_index index.php;
        include fcgi.conf;
        fastcgi_pass unix:/var/run/ajenti-v-php-fcgi-fairytailhentaidbcom-php-fcgi-0.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    }

Offline

 

#5 2016-04-15 16:46:34

teekay
Member
2013-06-12
427

Re: Config file for Nginx

Could be useful for others, so here it goes.

I enhanced the config to do following:
- block direct access to /_data/i and /upload
- block hotlinks
- block any direct access to image alias URLs (/i/upload/..)
- make sure ws.php upload stuff still works with referal blockers (there are GET requests from server's own IP and Piwigo user agent to /i/upload/)
- compress js and css

local/config/config.inc.php used:

Code:

$conf['category_url_style'] = 'id-name';
$conf['picture_url_style'] = 'id-file';

$conf['original_url_protection'] = 'images';
$conf['derivative_url_style'] = 2;

$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;

Nginx config:

Code:

server {
 listen 443 ssl;
 server_name fotos.domain.tld;
 root /srv/http/piwigo;

 ssl_certificate      /etc/letsencrypt/live/fotos.domain.tld/fullchain.pem;                                     
 ssl_certificate_key  /etc/letsencrypt/live/fotos.domain.tld/privkey.pem;
 ssl_dhparam          /etc/ssl/dh2048.pem;
                                                                                                             
 ssl_session_cache shared:SSL:1m;                                                                         
 ssl_session_timeout  5m;                                                                                 
 ssl_protocols TLSv1.2 TLSv1.1 TLSv1;                                                                     
 ssl_ciphers  FIPS@STRENGTH:!aNULL:!MD5;                                                                  
 ssl_prefer_server_ciphers   on;

 add_header Strict-Transport-Security max-age=31536000;
 add_header X-Frame-Options DENY;

 client_max_body_size 50m;
 client_body_buffer_size 25m; 

 gzip on;                                                                                                                                                             
 gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;

 location ~ ^/favicon.ico$ {
   log_not_found off;
   access_log off;
   expires max;
 }

 location = /robots.txt {
   allow all;
   log_not_found off;
   access_log off;
 }

 # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
 location ~ /\. {
   deny all;
   access_log off;
   log_not_found off;
 }

 # piwigo distribution files 
 location ~ ^/(README|doc)$ {
   deny all;
 }

 # prevent direct acces to uploaded images, derivates and logs
 location ~ ^/(_data/(i|logs)|upload)/ {
   deny all;
 }

 location / {
   index index.php;
   try_files $uri $uri/ @rewrite;
 }

 location @rewrite {
   rewrite ^/picture((/|$).*)$ /picture.php$1 last;
   rewrite ^/index((/|$).*)$ /index.php$1 last;
   rewrite ^/i((/|$).*)$ /i.php$1 last;
 }

 location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
   try_files $script_name = 404;
   include /etc/nginx/fastcgi_params;
   fastcgi_pass 127.0.0.1:9000;
   fastcgi_param PATH_INFO $path_info;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 }

 # prevent any hotlinks  and direct access to alias URIs (/i/upload/...)
 # which are not from Piwigo itself (happens when exporting from lightroom via ws.php)
 # this section needs to go _after_ the php handler, no idea why.

 set $check_referal "";

 # very restrictive
 valid_referers *.domain.tld;
 # if you want google etc to be able to show your images:
 #valid_referers ~google\.com ~bing\.com *.domain.tld

 if ($invalid_referer) {
  set $check_referal "invalid";
 }
 if ($http_user_agent !~ "Piwigo") {
  set $check_referal "${check_referal}+not_piwigo";
 }

 location ~* \.(gif|png|jpe?g)$ {
   if ($check_referal = "invalid+not_piwigo") {
     return 403;
   }
   try_files $uri $uri/ @rewrite;
 }
}

Last edited by teekay (2016-04-28 13:31:33)

Offline

 

#6 2016-04-27 17:23:03

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13476

Re: Config file for Nginx

teekay wrote:

Could be useful for others, so here it goes.

Certainly very useful. Thank you teekay!

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2021 · Contact