Latest revision |
Your text |
Line 1: |
Line 1: |
| {{Note|These Nginx configs are written without HTTPS for simplicity, but you should be [https://letsencrypt.org/getting-started/ using SSL certificates from LetsEncrypt.] They're free!}}
| | == PHP-FPM Nginx Config == |
| | |
| The Web Server sends and receives data over the HTTP protocol. In the case of MediaWiki, the web server serves HTML pages to a user’s web browser. We’ve chosen Nginx instead of Apache for it’s greater effectiveness with serving and caching static HTML.
| |
| | |
| == Installing Nginx ==
| |
| | |
| Follow one of these guides to install Nginx for your Linux Distribution.
| |
| | |
| * Debian 8: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-debian-8
| |
| * Ubuntu 16.04 LTS: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04
| |
| * RHEL/CentOS 7: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7
| |
| | |
| == HHVM ==
| |
| | |
| If you are using [[PHP/HHVM|HHVM]] as your PHP Engine, use these Nginx Configs.
| |
| | |
| == PHP-FPM ==
| |
| | |
| If you are using PHP-FPM as your PHP Engine, use these Nginx Configs.
| |
| | |
| === PHP-FPM Nginx Config ===
| |
|
| |
|
| To make it easy to switch all our present or future PHP apps between TCP ports and UNIX sockets, we use a specific `php-fpm.conf` file which can be called with {{ic|fastcgi_pass php-fpm;}}. Create this file: | | To make it easy to switch all our present or future PHP apps between TCP ports and UNIX sockets, we use a specific `php-fpm.conf` file which can be called with {{ic|fastcgi_pass php-fpm;}}. Create this file: |
Line 29: |
Line 9: |
| upstream php-fpm { | | upstream php-fpm { |
| #server 127.0.0.1:9000; | | #server 127.0.0.1:9000; |
| server unix:/var/run/php7.0-fpm.sock; # use this if you have php7.0-fpm | | server unix:/var/run/php5-fpm.sock; |
| #server unix:/var/run/php5-fpm.sock; # use this if you have php5-fpm
| |
| } | | } |
| </nowiki>}} | | </nowiki>}} |
|
| |
|
| === MediaWiki Nginx Config ===
| | == MediaWiki Nginx Config == |
|
| |
|
| This is the Nginx Config that we use when when setting up MediaWiki for the first time over conventional HTTP, with PHP-FPM: | | This is the Nginx Config that we use when when setting up MediaWiki for the first time over conventional HTTP, with PHP-FPM: |
Line 148: |
Line 127: |
| == Serving MediaWiki images with Nginx == | | == Serving MediaWiki images with Nginx == |
|
| |
|
| Nginx can be optimized to make image serving more efficient, and block hotlinking. Since the settings for static images often differ greatly from that of dynamic text, it is recommended that you create a specific subdomain just for images (such as <code>img.bibanon.org</code>) and serve your image folder from there.
| | While images can just be served from domain.org/images/, it is often a better idea to have a separate Nginx config for |
| | |
| Here is the Nginx config we used (without SSL) to serve our image folder:
| |
| | |
| {{hc|/etc/nginx/conf.d/img.bibanon.org.conf|<nowiki>
| |
| server {
| |
| listen 80;
| |
| server_name img.bibanon.org;
| |
| | |
| # nginx caching, expires in 1M
| |
| expires 1M;
| |
| access_log off;
| |
| add_header Cache-Control "public";
| |
| | |
| # images stored here
| |
| root /var/www/mediawiki/images;
| |
| | |
| # let's encrypt SSL dir
| |
| location ~ /\.well-known {
| |
| root /var/lib/letsencrypt;
| |
| }
| |
| | |
| location ^~ / {
| |
| try_files $uri =404;
| |
| }
| |
| | |
| location ^~ /thumb/ {
| |
| try_files $uri =404;
| |
| }
| |
| | |
| # block unnecessary access
| |
| location ^~ /lockdir/ { deny all; }
| |
| location ^~ /temp/ { deny all; }
| |
| location ^~ /archive/ { deny all; }
| |
| | |
| # block image hotlinking, but not from search engines
| |
| valid_referers none blocked bibanon.org *.bibanon.org ~.google. ~.bing. ~.yahoo.;
| |
| if ($invalid_referer) {
| |
| return 403; # you can alternatively link to an small unsavory picture to be a douche, though it still takes a little bandwidth
| |
| }
| |
| }
| |
| </nowiki>}}
| |
| | |
| After setting this up, just add this line to LocalSettings:
| |
| | |
| {{hc|/var/www/mediawiki/LocalSettings.php|<nowiki>
| |
| $wgUploadBaseUrl = 'https://img.bibanon.org';
| |
| </nowiki>}}
| |
| | |
| https://serversforhackers.com/nginx-caching
| |