Re: Nginx configuration to secure Baïkal installation
Thomas Ward
teward at thomas-ward.net
Fri Sep 25 19:38:46 UTC 2020
>From what I can tell the config as is is fine, and shouldn't need to
have anything else exposed. Since that's basically their nginx snippet
in a nutshell.
Their warning is more if you attempt to use something that doesn't have
a predefined example set - like lighttpd - where you'd then have to
configure it to have the proper docroot.
Otherwise the configuration looks fine per their nginx example on the
same linked instructions page.
Thomas
On 9/25/20 2:47 PM, Amateur Synologist wrote:
> Hi to all. I'm newbie in Linux and nginx, so I need your help
> I have Synology NAS with installed Baïkal CardDAV server.
> Baïkal Installation instructions says:
>
> "Only the html directory is needed to be accessible by your web browser. You
> may choose to lock out access to any other directory using your webserver
> configuration.
> In particular you should really make sure that the Specific directory is not
> accessible directly, as this could contain your sql database.
>
> The following configuration may be used for nginx:
>
> server {
> listen 80;
> server_name dav.example.org;
>
> root /var/www/baikal/html;
> index index.php;
>
> rewrite ^/.well-known/caldav /dav.php redirect;
> rewrite ^/.well-known/carddav /dav.php redirect;
>
> charset utf-8;
>
> location ~ /(\.ht|Core|Specific) {
> deny all;
> return 404;
> }
>
> location ~ ^(.+\.php)(.*)$ {
> try_files $fastcgi_script_name =404;
> include /etc/nginx/fastcgi_params;
> fastcgi_split_path_info ^(.+\.php)(.*)$;
> fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
> fastcgi_param PATH_INFO $fastcgi_path_info;
> }
> }
> "
> Source: https://sabre.io/baikal/install/
>
> Can you tell me which nginx file(s) should I edit?
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289540,289540#msg-289540
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200925/3b071856/attachment.htm>
More information about the nginx
mailing list