dokuwiki not in root problem of regexp
Jiff
nginx-forum at nginx.us
Sun Jul 1 16:40:34 UTC 2012
myserver.org_dokuwiki_http_https_main.conf
==================================
# DOKUWIKI NOT-ON-ROOT MAIN FILE: BROWSE HTTP + DANGEROUS AREAS HTTPS
#====================================================================
# 2012-07-01 - Author: Jean-Yves F. Barbier - lazyvirus<at]gmx{dot)com
# File: myserver.org_dokuwiki_http_https_main.conf
# MOD'OP: Just symlink this file into /etc/nginx/sites-enabled
# Works on Debian squeeze + backports:
# nginx-full 1.2.1-1~dotdeb.0
# php5 5.3.14-1~dotdeb.0
# php5-fpm 5.3.14-1~dotdeb.0
# Works under Debian sid.
# Solutions mostly coming from:
# http://wiki.nginx.org
# http://agentzh.org/misc/nginx/agentzh-nginx-tutorials-enuk.html
# http://blog.slucas.fr/en/oss/dokuwiki-nginx-config
# http://www.dokuwiki.org/install:nginx?s[]=nginx
# http://www.dokuwiki.org/tips:httpslogin#nginx
# With this conf, leave parm 'securecookie' enabled.
# No tested w/ clean URL (but who cares?)
# CAUTION: MANY TIME WASTED: DW DON'T SET 'useacl' to 1 WHEN
INSTALLING,
# WHICH ALLOW TO LOGIN BUT SEND A 'Permission denied' ASA YOU
# MAKE ANY MODIFICATION!
# SOLT: Install, then manually edit /conf/dokuwiki.php to set it to
1.
# NB: You can also redirect sensitive areas to localhost (unencrypted).
#=============================================================================
HTTP/HTTPS DISCRIMINATOR
# In case of redirection to localhost, comment this line
# (and the one using this VAR in the common file).
map $scheme $php_https { default off; https on; }
#=============================================================================
HTTP
server {
listen 80;
server_name myserver.org;
root /var/www;
index index.html index.php doku.php;
access_log /var/log/nginx/dokuwiki.http.access.log;
error_log /var/log/nginx/dokuwiki.http.error.log;
rewrite_log on; # TEST ONLY (logs all rewrites)
#-------------------------------------------------------------
# Enforce HTTPS for /log…, /admin…, & /profile…
if ($args ~ do=(log|admin|profile)) {
rewrite ^ https://$host$request_uri? redirect;
# locahost (unencrypted) version
### rewrite ^ http://localhost$request_uri? redirect;
}
# Common conf file
include
/etc/nginx/sites-available/myserver.org_dokuwiki_http_https_common.conf;
}
#=============================================================================
HTTPS
server {
listen 443 ssl;
server_name myserver.org;
root /var/www;
index index.html index.php doku.php;
ssl_certificate /etc/nginx/SSL/nginx.crt;
ssl_certificate_key /etc/nginx/SSL/nginx-insecure.key;
access_log /var/log/nginx/dokuwiki.https.access.log;
error_log /var/log/nginx/dokuwiki.https.error.log;
rewrite_log on; # TEST ONLY (log all rewrites)
#-------------------------------------------------------------
# CAUTION: DON'T enforce HTTP for normal requests (do=show|^$),
this
# renders any modification in DW worthless!
# Common conf file
include
/etc/nginx/sites-available/myserver.org_dokuwiki_http_https_common.conf;
}
#=============================================================================
EOF
myserver.org_dokuwiki_http_https_common.conf
====================================
# DOKUWIKI NOT-ON-ROOT COMMON FILE: BROWSE HTTP + DANGEROUS AREAS
HTTPS
#======================================================================
# 2012-07-01 - Author: Jean-Yves F. Barbier -
lazyvirus<at]gmx{dot)com
# File: myserver.org_dokuwiki_http_https_common.conf
# As DW is not on the HTTP/S svr root, redirect any root query
toward it
# from: http://myserver.org/ to: http://myserver.org/dokuwiki
# (until other services being available).
location = / {
error_page 403 = http://$host/dokuwiki;
}
#-------------------------------------------------------------
location /dokuwiki {
try_files $uri $uri/ @dw;
}
location @dw {
rewrite ^/dokuwiki/_media/(.*)
/lib/exe/fetch.php?media=$1 last;
rewrite ^/dokuwiki/_detail/(.*)
/lib/exe/detail.php?media=$1 last;
rewrite ^/dokuwiki/_export/([^/]+)/(.*)
/doku.php?do=export_$1&id=$2 last;
rewrite ^/dokuwiki/(.*)
/doku.php?id=$1&$args last;
}
#-------------------------------------------------------------
location ~ \.php$ {
if (!-f $request_filename) {
return 404;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
# Comment the line below if redirecting to localhost
(unencrypted)
fastcgi_param HTTPS $php_https; # DW checks
$_SERVER['HTTPS']
# Gain the TCP/IP overhead: use socket instead
fastcgi_pass unix:/var/run/php5-fpm.socket;
}
#-------------------------------------------------------------
# For security reasons (http://www.dokuwiki.org/security) some
# directories must not be reachable from the outside. But a
# 'deny all' isn't a good solution, as it returns a 403 which
# is visible by the client. The solution comes from a nginx
# special extension: the 444 error that returns no information
# to the client and closes its connection. Useful as a deterrent
# for malware as it is silent:)
location ~ ^/dokuwiki/(bin|conf|data|inc)/ {
return 444;
}
#-------------------------------------------------------------
# Force a long expiration delay on static files
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
access_log off;
log_not_found off;
}
# This location serves static files
location ~ ^/dokuwiki/lib/ {
expires 30d;
}
#-------------------------------------------------------------
# As of nginx wiki this should go to /etc/nginx/conf.d/drop.conf,
# but I like to have everything on sight.
# NTS: It is normal not to see the pink icon about
# "data directory not properly secured": this is
# when I can see it that there's something wrong:)
location = /dokuwiki/robots.txt {
access_log off;
log_not_found off;
}
location = /dokuwiki/favicon.ico {
access_log off;
log_not_found off;
}
# Silently protect all Linux hidden files (but log get attempts)
location ~ /\. {
return 444;
}
# I spent some time to understand what this block was meant for:
# http://kbeezie.com/view/nginx-configuration-examples/
# This block is mainly for people who use vim, or any other command
line
# editor that creates a backup copy of a file being worked on with a
file
# name ending in ~.
# Hiding this prevents someone from accessing a backup copy of a
file you
# have been working on.
location ~ ~$ {
access_log off;
log_not_found off;
return 444;
}
#=============================================================================
EOF
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228124,228155#msg-228155
More information about the nginx
mailing list