This repository has been archived by the owner on May 7, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
nginx.conf.example
78 lines (65 loc) · 2.03 KB
/
nginx.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
server {
listen 80;
server_name u.localhost;
root /path/to/pste/public;
index index.php;
client_max_body_size 100M;
location ~ /index\.php$ {
include fastcgi_params;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ /robots.txt {
allow all;
log_not_found off;
access_log off;
}
}
server {
listen 80;
server_name a.localhost;
root /path/to/pste/public;
index index.php;
include mime.types;
# Very important to at least serve .php files as plaintext, otherwise your site WILL be hacked in no time at all.
# SVG served as plaintext due to https://hackerone.com/reports/148853
types {
text/plain txt ini html htm shtml sh desktop;
text/plain pl go py cs c java fish php svg js;
text/plain rb rs lua ls hy asm S conf vim;
text/plain moon log tcl tk md coffee;
text/plain scss ts less d hs;
}
gzip on;
expires modified +1h;
# It is very important to be specific here, otherwise your users won't be able to upload PHP files to be served as plaintext.
location ~ /index\.php$ {
include fastcgi_params;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = / {
return 302 http://u.localhost;
}
location /uploads {
internal;
alias /path/to/pste/storage/app/uploads;
}
location ~ /robots.txt {
allow all;
log_not_found off;
access_log off;
}
}