phpMyFAQ/nginx.conf at main · thorsten/phpMyFAQ · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
##
# phpMyFAQ nginx.conf file
#
# this assumes you installed in /
#   if that is not the case,
#   sed 's,/,,g' _nginx.conf
#
# This Source Code Form is subject to the terms of the Mozilla Public License,
# v. 2.0. If a copy of the MPL was not distributed with this file, You can
# obtain one at https://mozilla.org/MPL/2.0/.
#
# @author    Florian Anderiasch <florian@phpmyfaq.de>
# @copyright 2011-2025 phpMyFAQ Team
# @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
# @link      https://www.phpmyfaq.de
# @since     2011-01-14
#

server {
    listen      80;
    server_name example.org;
    index       index.php index.html index.htm;
    root        /var/www/html;

    # Increase max upload size (adjust as needed)
    client_max_body_size 100M;

    rewrite //  /           break;
    rewrite ^/$ /index.php  last;

    # Gzip Settings
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_proxied no-cache no-store private expired auth;
    gzip_min_length 1000;
    gzip_comp_level 6;
    gzip_vary on;
    gzip_buffers 16 8k;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    location ~* \.(jpg|jpeg|gif|png|webp|svg|ico|mp4|webm|mpeg|ttf|otf|woff|woff2|css|js|pdf)$ {
        expires 1y;
        add_header Cache-Control "public";
    }

    # Additional configurations for specific file types
    location ~* \.(svg|eot|ttf|woff|woff2|json)$ {
        add_header Access-Control-Allow-Origin "*";
    }

    # Specific cache-control for javascript files
    location ~* \.(js)$ {
        expires 1y;
        add_header Cache-Control "public, max-age=31536000, immutable";
    }

    # Specific cache-control for CSS files
    location ~* \.(css)$ {
        expires 1y;
        add_header Cache-Control "public, max-age=31536000, immutable";
    }

    # Block zip files in content directory
    location ~ ^/content/.*\.zip$ {
        deny all;
        return 403;
    }

    # Rewrite logging, should be turned off on production
    rewrite_log on;

    # X-Frame-Options to prevent clickjacking
    add_header X-Frame-Options SAMEORIGIN;

    # Error pages are handled by Symfony's front controller (PageNotFoundController).
    # Unknown URIs fall through `try_files` into `@rewriteapp` → /index.php, where
    # Symfony renders the styled 404 page. Do not intercept upstream PHP errors.
    fastcgi_intercept_errors off;

    # Service Worker - no caching, proper headers
    location = /sw.js {
        add_header Content-Type "application/javascript; charset=utf-8";
        add_header Service-Worker-Allowed "/";
        add_header Cache-Control "no-cache, no-store, must-revalidate";
        add_header X-Content-Type-Options "nosniff";
        try_files $uri =404;
    }

    # Update pages - rewrite before try_files can hit the PHP handler
    location ^~ /update {
        rewrite ^                                                    /index.php last;
    }

    location / {
        index index.php;
        try_files $uri $uri/ @rewriteapp;
    }

    location @rewriteapp {

        # Administration API
        rewrite ^/admin/api/                                         /admin/api/index.php last;

        # Administration pages (redirect /admin to /admin/)
        rewrite ^/admin$                                             /admin/ permanent;
        rewrite ^/admin/                                             /admin/index.php last;

        # API routes (all API endpoints)
        rewrite ^/api/                                               /api/index.php last;

        # Setup pages
        rewrite ^/setup/                                             /setup/index.php last;

        # Front controller: route all other requests to index.php (Symfony Router)
        rewrite ^                                                    /index.php last;
    }

    location /admin/assets {
        try_files $uri $uri/ =404;
    }

    location @php {
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root/index.php;
        include         /etc/nginx/fastcgi_params;
    }

    location ~ '/.+\.ph(p|tml)(/|$)' {
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        include         /etc/nginx/fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 2d;
        add_header Cache-Control "no-store";
    }
}