X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fnginx%2Fsite.d%2Flhc-wiklou%2Fsite.conf;h=5af107442bf73e32aa78e6381ec039a4abf2a0f8;hb=c819716f6d45c705b7c651b24982ac22cf2b029d;hp=d53fd3cda2adb491982428f53c462718a9832061;hpb=c38e6b3f45945499195ffaa672989cbdc8780006;p=lhc%2Fateliers.git

diff --git a/etc/nginx/site.d/lhc-wiklou/site.conf b/etc/nginx/site.d/lhc-wiklou/site.conf
index d53fd3c..5af1074 100644
--- a/etc/nginx/site.d/lhc-wiklou/site.conf
+++ b/etc/nginx/site.d/lhc-wiklou/site.conf
@@ -7,24 +7,89 @@ client_body_buffer_size 8k;
 client_max_body_size 10m;
 
 location / {
-        try_files $uri $uri/ @rewrite;
+	# Do this inside of a location so it can be negated
+	rewrite  ^/index.php/(.*)$  /wiki/$1  permanent;
+	location ~ \.php$ {
+		try_files $uri $uri/ =404; # Don't let php execute non-existent php files
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+		fastcgi_index  index.php ;
+		include /etc/nginx/conf.d/fastcgi.conf;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	}
 }
- 
-location @rewrite {
-        rewrite ^/(.*)$ /index.php?title=$1&$args;
+
+location /images {
+	# Separate location for images/ so .php execution won't apply
+	location ~ ^/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
+		# Thumbnail handler for MediaWiki
+		# This location only matches on a thumbnail's url
+		# If the file does not exist we use @thumb to run the thumb.php script
+		try_files $uri $uri/ @thumb;
+	}
+}
+
+location /images/deleted {
+	# Deny access to deleted images folder
+	deny	all;
 }
 
-location ~ \.php$ {
+# Deny access to folders MediaWiki has a .htaccess deny in
+location /cache       { deny all; }
+location /languages   { deny all; }
+location /maintenance { deny all; }
+location /serialized  { deny all; }
+
+# Just in case, hide .svn and .git too
+location ~ /.(svn|git)(/|$) { deny all; }
+
+# Hide any .htaccess files
+location ~ /.ht { deny all; }
+
+# Uncomment the following code if you wish to hide the installer/updater
+## Deny access to the installer
+#location /mw-config { deny all; }
+
+# Handling for the article path
+location /wiki {
 	include /etc/nginx/conf.d/fastcgi.conf;
-	fastcgi_index  index.php ;
-	fastcgi_param REDIRECT_STATUS 200;
+	# article path should always be passed to index.php
+	fastcgi_param SCRIPT_FILENAME	$document_root/index.php;
 	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+	fastcgi_index  index.php ;
+}
 
+# Thumbnail 404 handler, only called by try_files when a thumbnail does not exist
+location @thumb {
+	# Do a rewrite here so that thumb.php gets the correct arguments
+	rewrite ^/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2;
+	rewrite ^/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2&archived=1;
+	
+	# Run the thumb.php script
+	include /etc/nginx/conf.d/fastcgi.conf;
+	fastcgi_param SCRIPT_FILENAME	$document_root/thumb.php;
 	fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
 }
+
 location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
 	try_files $uri /index.php;
 	expires max;
 	log_not_found off;
 }
-# vim: ft=sh
+
+
+location = /_.gif {
+	expires max;
+	empty_gif;
+}
+
+location ^~ /cache/ {
+	deny all;
+}
+
+location /dumps {
+	root /var/www/mediawiki/local;
+	autoindex on;
+}
+