client_max_body_size 10m;
location / {
- try_files $uri $uri/ @rewrite;
+ # Do this inside of a location so it can be negated
+ location ~ \.php$ {
+ try_files $uri $uri/ =404; # Don't let php execute non-existent php files
+ rewrite ^/index.php/(.*)$ /wiki/$1 permanent;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+ fastcgi_index index.php ;
+ fastcgi_buffers 16 16k;
+ fastcgi_buffer_size 32k;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ }
}
-
-location @rewrite {
- rewrite ^/(.*)$ /index.php?title=$1&$args;
+
+location /images {
+ # Separate location for images/ so .php execution won't apply
+ location ~ ^/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
+ # Thumbnail handler for MediaWiki
+ # This location only matches on a thumbnail's url
+ # If the file does not exist we use @thumb to run the thumb.php script
+ try_files $uri $uri/ @thumb;
+ }
}
-location ~ \.php$ {
- include /etc/nginx/conf.d/fastcgi.conf;
- fastcgi_index index.php ;
- fastcgi_param REDIRECT_STATUS 200;
+location /images/deleted {
+ # Deny access to deleted images folder
+ deny all;
+}
+
+# Deny access to folders MediaWiki has a .htaccess deny in
+location /cache { deny all; }
+location /languages { deny all; }
+location /maintenance { deny all; }
+location /serialized { deny all; }
+
+# Just in case, hide .svn and .git too
+location ~ /.(svn|git)(/|$) { deny all; }
+
+# Hide any .htaccess files
+location ~ /.ht { deny all; }
+
+# Uncomment the following code if you wish to hide the installer/updater
+## Deny access to the installer
+#location /mw-config { deny all; }
+
+# Handling for the article path
+location /wiki {
+ include /etc/nginx/fastcgi_params;
+ # article path should always be passed to index.php
+ fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+ fastcgi_index index.php ;
+ fastcgi_buffers 16 16k;
+ fastcgi_buffer_size 32k;
+ include fastcgi_params;
+}
+# Thumbnail 404 handler, only called by try_files when a thumbnail does not exist
+location @thumb {
+ # Do a rewrite here so that thumb.php gets the correct arguments
+ rewrite ^/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2;
+ rewrite ^/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2&archived=1;
+
+ # Run the thumb.php script
+ include /etc/nginx/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root/thumb.php;
fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
}
+
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
try_files $uri /index.php;
expires max;
log_not_found off;
}
-# vim: ft=sh
+
+
+location = /_.gif {
+ expires max;
+ empty_gif;
+}
+
+location ^~ /cache/ {
+ deny all;
+}
+
+location /dumps {
+ root /var/www/mediawiki/local;
+ autoindex on;
+}
+