improved nginx config. It's secure by default now.

5f94b0df · Miha Vrhovnik · 6f99eb8e · 5f94b0df
Commit 5f94b0df authored Jun 29, 2012 by Miha Vrhovnik
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 7 deletions

doc/web_servers.rst doc/web_servers.rst +18 -7

No files found.
--- a/doc/web_servers.rst
+++ b/doc/web_servers.rst
@@ -39,15 +39,26 @@ resources to ``index.php``:
 .. code-block:: nginx
    server {
-        index index.php
+        #site root is redirected to the app boot script
+        location = / {
+            try_files @site @site;
+        }
+        #all other locations try other files first and go to our front controller if none of them exists
        location / {
-            try_files $uri $uri/ /index.php;
+            try_files $uri $uri/ @site;
+        }
+        #return 404 for all php files as we do have a front controller
+        location ~ \.php$ {
+            return 404;
        }
-        location ~ index\.php$ {
+        location @site {
-            fastcgi_pass   /var/run/php5-fpm.sock;
+            fastcgi_pass   unix:/var/run/php-fpm/www.sock;
-            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME $document_root/index.php;
+            #uncomment when running via https
+            #fastcgi_param HTTPS on;
            include fastcgi_params;
        }
    }