My Nginx Conf[edit]
server {
# [...]
if (-f $document_root/maintenance.html) {
return 503;
}
error_page 503 @maintenance;
location @maintenance {
rewrite ^(.*)$ /maintenance.html break;
}
# Disallow access to hidden files and directories, except `/.well-known/`
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~ /\.(?!well-known/) {
return 404;
}
#location = /favicon.ico {
# try_files /favicon.ico =204;
# access_log off;
# log_not_found off;
#}
location = /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1/32;
allow ::1/128;
allow 67.205.190.17;
allow 10.10.0.11;
allow 10.136.225.163;
deny all;
}
location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ {
try_files $script_name =404;
include fastcgi.conf;
# Mitigate HTTPOXY attacks (https://httpoxy.org/)
fastcgi_param HTTP_PROXY "";
fastcgi_index index.php;
fastcgi_pass php5_www-data;
}
location ~ ^(?<script_name>.+\.php)(?<path_info>/.*)$ {
try_files $script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param PATH_TRANSLATED $document_root$path_info;
# Mitigate HTTPOXY attacks (https://httpoxy.org/)
fastcgi_param HTTP_PROXY "";
fastcgi_index index.php;
fastcgi_pass php5_www-data;
}
#### All the following rules added for pretty URLs
location ~ ^/w/(index|load|api|thumb|opensearch_desc)\.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
}
# Images
location /w/images {
# Separate location for images/ so .php execution won't apply
}
location /w/images/deleted {
# Deny access to deleted images folder
deny all;
}
# MediaWiki assets (usually images)
location ~ ^/w/resources/(assets|lib|src) {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Assets, scripts and styles from skins and extensions
location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg)$ {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Favicon
location = /favicon.ico {
alias /w/images/6/64/Favicon.ico;
add_header Cache-Control "public";
expires 7d;
access_log off;
log_not_found off;
}
## Uncomment the following code if you wish to use the installer/updater
## installer/updater
#location /w/mw-config/ {
# # Do this inside of a location so it can be negated
# location ~ \.php$ {
# include /etc/nginx/fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root/w/mw-config/$fastcgi_script_name;
# fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
# }
#}
# Handling for the article path (pretty URLs)
location /wiki/ {
rewrite ^/wiki(?:/(?<pagename>.*))$ /w/index.php;
}
# Allow robots.txt in case you have one
location = /robots.txt {
}
# Explicit access to the root website, redirect to main page (adapt as needed)
# location = / {
# return 301 /wiki/Main_Page;
# }
# # Every other entry point will be disallowed.
# # Add specific rules for other entry points/images as needed above this
# location / {
# return 404;
# }
#### All the above rules added for pretty URLs
client_max_body_size 500m;
}RedWerks Short URL[edit]
from https://shorturls.redwerks.org/?url=https%3A%2F%2Fwww.slicer.org%2Fwiki%2F
server {
# [...]
# Location for the wiki's root
location /w/ {
# Do this inside of a location so it can be negated
location ~ \.php$ {
try_files $uri $uri/ =404; # Don't let php execute non-existent php files
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
location /w/images {
# Separate location for images/ so .php execution won't apply
location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
# Thumbnail handler for MediaWiki
# This location only matches on a thumbnail's url
# If the file does not exist we use @thumb to run the thumb.php script
try_files $uri $uri/ @thumb;
}
}
location /w/images/deleted {
# Deny access to deleted images folder
deny all;
}
# Deny access to folders MediaWiki has a .htaccess deny in
location /w/cache { deny all; }
location /w/languages { deny all; }
location /w/maintenance { deny all; }
location /w/serialized { deny all; }
# Just in case, hide .svn and .git too
location ~ /.(svn|git)(/|$) { deny all; }
# Hide any .htaccess files
location ~ /.ht { deny all; }
# Uncomment the following code if you wish to hide the installer/updater
## Deny access to the installer
#location /w/mw-config { deny all; }
# Handling for the article path
location /wiki {
include /etc/nginx/fastcgi_params;
# article path should always be passed to index.php
fastcgi_param SCRIPT_FILENAME $document_root/w/index.php;
fastcgi_pass 127.0.0.1:9000;
}
# Thumbnail 404 handler, only called by try_files when a thumbnail does not exist
location @thumb {
# Do a rewrite here so that thumb.php gets the correct arguments
rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2;
rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1;
# Run the thumb.php script
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php;
fastcgi_pass 127.0.0.1:9000;
}
# [...]
}
