+ # Do this inside of a location so it can be negated
+ location ~ \.php$ {
+ try_files $uri $uri/ =404; # Don't let php execute non-existent php files
+ rewrite ^/index.php/(.*)$ /wiki/$1 permanent;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+ fastcgi_index index.php ;
+ fastcgi_buffers 16 16k;
+ fastcgi_buffer_size 32k;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ }
+}
+
+location /images {
+ # Separate location for images/ so .php execution won't apply
+ location ~ ^/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
+ # Thumbnail handler for MediaWiki
+ # This location only matches on a thumbnail's url
+ # If the file does not exist we use @thumb to run the thumb.php script
+ try_files $uri $uri/ @thumb;
+ }
+}
+
+location /images/deleted {
+ # Deny access to deleted images folder
+ deny all;
+}
+
+# Deny access to folders MediaWiki has a .htaccess deny in
+location /cache { deny all; }
+location /languages { deny all; }
+location /maintenance { deny all; }
+location /serialized { deny all; }
+
+# Just in case, hide .svn and .git too
+location ~ /.(svn|git)(/|$) { deny all; }
+
+# Hide any .htaccess files
+location ~ /.ht { deny all; }
+
+# Uncomment the following code if you wish to hide the installer/updater
+## Deny access to the installer
+#location /mw-config { deny all; }
+
+# Handling for the article path
+location /wiki {
+ include /etc/nginx/fastcgi_params;
+ # article path should always be passed to index.php
+ fastcgi_param SCRIPT_FILENAME $document_root/index.php;