Nginx configuration to secure Baïkal installation

Amateur Synologist nginx-forum at forum.nginx.org
Fri Sep 25 18:47:51 UTC 2020


Hi to all. I'm newbie in Linux and nginx, so I need your help
I have Synology NAS with installed Baïkal CardDAV server.
Baïkal Installation instructions says:

"Only the html directory is needed to be accessible by your web browser. You
may choose to lock out access to any other directory using your webserver
configuration.
In particular you should really make sure that the Specific directory is not
accessible directly, as this could contain your sql database.

The following configuration may be used for nginx:

server {
  listen       80;
  server_name  dav.example.org;

  root  /var/www/baikal/html;
  index index.php;

  rewrite ^/.well-known/caldav /dav.php redirect;
  rewrite ^/.well-known/carddav /dav.php redirect;

  charset utf-8;

  location ~ /(\.ht|Core|Specific) {
    deny all;
    return 404;
  }

  location ~ ^(.+\.php)(.*)$ {
    try_files $fastcgi_script_name =404;
    include        /etc/nginx/fastcgi_params;
    fastcgi_split_path_info  ^(.+\.php)(.*)$;
    fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO        $fastcgi_path_info;
  }
}
"
Source: https://sabre.io/baikal/install/

Can you tell me which nginx file(s) should I edit?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289540,289540#msg-289540



More information about the nginx mailing list