Nginx configuration to secure Baïkal installation
Amateur Synologist
nginx-forum at forum.nginx.org
Fri Sep 25 18:47:51 UTC 2020
Hi to all. I'm newbie in Linux and nginx, so I need your help
I have Synology NAS with installed Baïkal CardDAV server.
Baïkal Installation instructions says:
"Only the html directory is needed to be accessible by your web browser. You
may choose to lock out access to any other directory using your webserver
configuration.
In particular you should really make sure that the Specific directory is not
accessible directly, as this could contain your sql database.
The following configuration may be used for nginx:
server {
listen 80;
server_name dav.example.org;
root /var/www/baikal/html;
index index.php;
rewrite ^/.well-known/caldav /dav.php redirect;
rewrite ^/.well-known/carddav /dav.php redirect;
charset utf-8;
location ~ /(\.ht|Core|Specific) {
deny all;
return 404;
}
location ~ ^(.+\.php)(.*)$ {
try_files $fastcgi_script_name =404;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
"
Source: https://sabre.io/baikal/install/
Can you tell me which nginx file(s) should I edit?
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289540,289540#msg-289540
More information about the nginx
mailing list