From 480d4d3e53108c271ebafdb5cbf4efbbbf5a87fb Mon Sep 17 00:00:00 2001
From: Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
Date: Thu, 25 Feb 2016 15:55:24 +0100
Subject: [PATCH] =?utf8?q?Modifications=C2=A0:=20=20=20=20=20=20=20=20=20e?=
 =?utf8?q?tc/nginx/site.d/lhc-wiklou/site.conf=20-=20Mise=20en=20place=20d?=
 =?utf8?q?es=20Urls=20propres?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 etc/nginx/site.d/lhc-wiklou/site.conf | 88 ++++++++++++++++++++++++---
 1 file changed, 79 insertions(+), 9 deletions(-)

diff --git a/etc/nginx/site.d/lhc-wiklou/site.conf b/etc/nginx/site.d/lhc-wiklou/site.conf
index d53fd3c..f01b460 100644
--- a/etc/nginx/site.d/lhc-wiklou/site.conf
+++ b/etc/nginx/site.d/lhc-wiklou/site.conf
@@ -7,24 +7,94 @@ client_body_buffer_size 8k;
 client_max_body_size 10m;
 
 location / {
-        try_files $uri $uri/ @rewrite;
+	# Do this inside of a location so it can be negated
+	location ~ \.php$ {
+		try_files $uri $uri/ =404; # Don't let php execute non-existent php files
+		rewrite  ^/index.php/(.*)$  /wiki/$1  permanent;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+		fastcgi_index  index.php ;
+		fastcgi_buffers 16 16k;
+		fastcgi_buffer_size 32k;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	}
 }
- 
-location @rewrite {
-        rewrite ^/(.*)$ /index.php?title=$1&$args;
+
+location /images {
+	# Separate location for images/ so .php execution won't apply
+	location ~ ^/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
+		# Thumbnail handler for MediaWiki
+		# This location only matches on a thumbnail's url
+		# If the file does not exist we use @thumb to run the thumb.php script
+		try_files $uri $uri/ @thumb;
+	}
 }
 
-location ~ \.php$ {
-	include /etc/nginx/conf.d/fastcgi.conf;
-	fastcgi_index  index.php ;
-	fastcgi_param REDIRECT_STATUS 200;
+location /images/deleted {
+	# Deny access to deleted images folder
+	deny	all;
+}
+
+# Deny access to folders MediaWiki has a .htaccess deny in
+location /cache       { deny all; }
+location /languages   { deny all; }
+location /maintenance { deny all; }
+location /serialized  { deny all; }
+
+# Just in case, hide .svn and .git too
+location ~ /.(svn|git)(/|$) { deny all; }
+
+# Hide any .htaccess files
+location ~ /.ht { deny all; }
+
+# Uncomment the following code if you wish to hide the installer/updater
+## Deny access to the installer
+#location /mw-config { deny all; }
+
+# Handling for the article path
+location /wiki {
+	include /etc/nginx/fastcgi_params;
+	# article path should always be passed to index.php
+	fastcgi_param SCRIPT_FILENAME	$document_root/index.php;
 	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
+	fastcgi_index  index.php ;
+	fastcgi_buffers 16 16k;
+	fastcgi_buffer_size 32k;
+	include fastcgi_params;
+}
 
+# Thumbnail 404 handler, only called by try_files when a thumbnail does not exist
+location @thumb {
+	# Do a rewrite here so that thumb.php gets the correct arguments
+	rewrite ^/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2;
+	rewrite ^/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /thumb.php?f=$1&width=$2&archived=1;
+	
+	# Run the thumb.php script
+	include /etc/nginx/fastcgi_params;
+	fastcgi_param SCRIPT_FILENAME	$document_root/thumb.php;
 	fastcgi_pass unix:/run/php5/fpm/lhc_wiklou;
 }
+
 location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
 	try_files $uri /index.php;
 	expires max;
 	log_not_found off;
 }
-# vim: ft=sh
+
+
+location = /_.gif {
+	expires max;
+	empty_gif;
+}
+
+location ^~ /cache/ {
+	deny all;
+}
+
+location /dumps {
+	root /var/www/mediawiki/local;
+	autoindex on;
+}
+
-- 
2.20.1