"Idiomatic" Gallery3 configuration

[Stefan Foerster]

Hello world,

I've looked around the net for quite some time to find a suitable
configuration for nginx that allows me to run Gallery3 with php-fpm.
Unfortunately, the search results weren't that helpful. So I carefully
read through the official documentation for "location" and
"try_files", and I think I managed to get something that could serve
as a basis. Since I still lack experience with nginx, I'd really
appreciate any help you could give me with cleaning up that
configuration.

To recap, what needs to be achieved is (examples only):

1. /lib/images/logo.png -> pass through
2. /Controller?param -> /index.php?kohana_uri=Controller?param
3. /index.php/Controller?param -> /index.php?kohana_uri=Controller?param
4. /var/(albums|thumbs|resizes) -> /file_proxy/$1 (continue with #2)
5. deny access to /var/(logs|tmp|tmp) and /bin
6. deny access to .htaccess, config.inc.php and so on
7. set "Expires" headers to static content (to make YSlow happy :-)

The configuration I've come up with is:

# is that outer location block actually needed?
location / {
  location ~ /(index\.php/)?(.+)$ {
    try_files $uri /index.php?kohana_uri=$2&$args;

    # is it possible/desirable to consolidate access control to
    # special files within one regexp (and not three?)
    location ~ /\.(ht|tpl(\.php?)|sql|inc\.php|db)$ {
      deny all;
    }
    # see previous comment
    location ~ /var/(uploads|tmp|logs) {
      deny all;
    }
    # see previous comment
    location ~ /bin { 
      deny all;
    }

    location ~ /var/(albums|thumbs|resizes) {
      # instead of repeating "albums|thumbs..", can I use $1 here? and
      # will $2 still be a valid capture then? Something like
      # "rewrite ^/var/$1/(.*)$ /file_proxy/$2 last; perhaps?"

      # furthermore, is this a legitimate use of "rewrite"?
      rewrite ^/var/(albums|thumbs|resizes)/(.*)$ /file_proxy/$2 last;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|ttf)$ {
      try_files $uri /index.php?kohana_uri=$uri&$args;
      expires 30d;
    }
  }
  location = /index.php {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/vhost-3222.sock;
    fastcgi_index index.php;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    include fastcgi_params;
  }
}

There are a couple of things I'm unsure about and a few other things
that I'm unhappy with - I've outlined them with comments:

1. Is the outer "location /" block actually needed?
2. As you can see, I'm using three regexps to protect special
   directories. Is it desirable to consolidate those into one
   line?
3. The location block protecting "/var/(albums|...)" already captures
   a part of the URL - can I refer to "$1" in the "rewrite" clause? If
   so, can I still refer to "$2"? What would be the proper way to
   handle this?
4. From reading through a lot of threads, I get the impression that
   the use of "rewrite" is actually frowned upon. Is my use of
   "rewrite" a "legitimate" one?

Furthermore, I'd like to make the configuration a bit more "generic".
As of now, it is assumed that the application is actually installed in
the server's root directory. Could I use a variable to store the
actual installation root and refer to this within the "location"
directives?

I'd appreciate any and all insights you could share with me. Please
don't hesitate to tell me when I need to read certain parts of the
documentation again :)


Cheers
Stefan