Nginx configuration to secure Baïkal installation

Amateur Synologist nginx-forum at
Fri Sep 25 18:47:51 UTC 2020

Hi to all. I'm newbie in Linux and nginx, so I need your help
I have Synology NAS with installed Baïkal CardDAV server.
Baïkal Installation instructions says:

"Only the html directory is needed to be accessible by your web browser. You
may choose to lock out access to any other directory using your webserver
In particular you should really make sure that the Specific directory is not
accessible directly, as this could contain your sql database.

The following configuration may be used for nginx:

server {
  listen       80;

  root  /var/www/baikal/html;
  index index.php;

  rewrite ^/.well-known/caldav /dav.php redirect;
  rewrite ^/.well-known/carddav /dav.php redirect;

  charset utf-8;

  location ~ /(\.ht|Core|Specific) {
    deny all;
    return 404;

  location ~ ^(.+\.php)(.*)$ {
    try_files $fastcgi_script_name =404;
    include        /etc/nginx/fastcgi_params;
    fastcgi_split_path_info  ^(.+\.php)(.*)$;
    fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO        $fastcgi_path_info;

Can you tell me which nginx file(s) should I edit?

Posted at Nginx Forum:,289540,289540#msg-289540

More information about the nginx mailing list