Re: Nginx configuration to secure Baïkal installation

Thomas Ward teward at thomas-ward.net
Fri Sep 25 19:38:46 UTC 2020 

>From what I can tell the config as is is fine, and shouldn't need to
have anything else exposed.  Since that's basically their nginx snippet
in a nutshell.

Their warning is more if you attempt to use something that doesn't have
a predefined example set - like lighttpd - where you'd then have to
configure it to have the proper docroot.

Otherwise the configuration looks fine per their nginx example on the
same linked instructions page.


Thomas

On 9/25/20 2:47 PM, Amateur Synologist wrote:
> Hi to all. I'm newbie in Linux and nginx, so I need your help
> I have Synology NAS with installed Baïkal CardDAV server.
> Baïkal Installation instructions says:
>
> "Only the html directory is needed to be accessible by your web browser. You
> may choose to lock out access to any other directory using your webserver
> configuration.
> In particular you should really make sure that the Specific directory is not
> accessible directly, as this could contain your sql database.
>
> The following configuration may be used for nginx:
>
> server {
>   listen       80;
>   server_name  dav.example.org;
>
>   root  /var/www/baikal/html;
>   index index.php;
>
>   rewrite ^/.well-known/caldav /dav.php redirect;
>   rewrite ^/.well-known/carddav /dav.php redirect;
>
>   charset utf-8;
>
>   location ~ /(\.ht|Core|Specific) {
>     deny all;
>     return 404;
>   }
>
>   location ~ ^(.+\.php)(.*)$ {
>     try_files $fastcgi_script_name =404;
>     include        /etc/nginx/fastcgi_params;
>     fastcgi_split_path_info  ^(.+\.php)(.*)$;
>     fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
>     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
>     fastcgi_param  PATH_INFO        $fastcgi_path_info;
>   }
> }
> "
> Source: https://sabre.io/baikal/install/
>
> Can you tell me which nginx file(s) should I edit?
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289540,289540#msg-289540
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200925/3b071856/attachment.htm>

More information about the nginx mailing list