Nginx/MediaWiki: Difference between revisions

From Bibliotheca Anonoma
(Created page with "== PHP-FPM Nginx Config == To make it easy to switch all our present or future PHP apps between TCP ports and UNIX sockets, we use a specific `php-fpm.conf` file which can be...")
 
Line 118: Line 118:
}
}
</nowiki>}}
</nowiki>}}
* [Source: BigDinosaur Blog: Mediawiki with Nginx http://archive.is/pG5Ta]


After setting up MediaWiki, make sure to uncomment the <code>location / {</code> block to allow index.php to be used, and the <code>location ^~ /mw-config/ { internal; }</code> line to disable access to the installation directory.
After setting up MediaWiki, make sure to uncomment the <code>location / {</code> block to allow index.php to be used, and the <code>location ^~ /mw-config/ { internal; }</code> line to disable access to the installation directory.

Revision as of 21:36, 15 December 2016

PHP-FPM Nginx Config

To make it easy to switch all our present or future PHP apps between TCP ports and UNIX sockets, we use a specific `php-fpm.conf` file which can be called with fastcgi_pass php-fpm;. Create this file:

/etc/nginx/conf.d/php-fpm.conf
# PHP-FPM FastCGI server
# network or unix domain socket configuration

upstream php-fpm {
        #server 127.0.0.1:9000;
        server unix:/var/run/php5-fpm.sock;
}

MediaWiki Nginx Config

This is the Nginx Config that we use when when setting up MediaWiki for the first time over conventional HTTP, with PHP-FPM:

  • Path to Mediawiki installation: /var/www/mediawiki/
/etc/nginx/conf.d/wiki.bibanon.org.conf
server {
    listen 80;
    server_name wiki.bibanon.org;

    root /var/www/mediawiki;

    client_max_body_size 8m;

    # let's encrypt SSL dir
    location ~ /\.well-known {
        root /var/lib/letsencrypt;
    }

    access_log /var/log/nginx/wiki.bibanon.org.log;
    error_log /var/log/nginx/wiki.bibanon.org.error.log;

#    Common deny, drop, or internal locations

#    Exclude all access from the cache directory
    location ^~ /cache/ { deny all; }

#    Prevent access to any files starting with a dot, like .htaccess
#    or text editor temp files
    location ~ /\. { access_log off; log_not_found off; deny all; }

#    Prevent access to any files starting with a $ (usually temp files)
    location ~ ~$ { access_log off; log_not_found off; deny all; }

#    Do not log access to robots.txt, to keep the logs cleaner
    location = /robots.txt { access_log off; log_not_found off; }

#    Do not log access to the favicon, to keep the logs cleaner
    location = /favicon.ico { access_log off; log_not_found off; }

#    Keep images and CSS around in browser cache for as long as possible,
#    to cut down on server load
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        try_files $uri /index.php;
        expires max;
        log_not_found off;
    }

#    Mark all of these directories as "internal", which means that they cannot
#    be explicitly accessed by clients. However, the web server can still use
#    and serve the files inside of them. This keeps people from poking around
#    in the wiki's internals.
    location ^~ /bin/ { internal; }
    location ^~ /docs/ { internal; }
    location ^~ /extensions/ { internal; }
    location ^~ /includes/ { internal; }
    location ^~ /maintenance/ { internal; }
#    location ^~ /mw-config/ { internal; } #Uncomment after installation
    location ^~ /resources/ { internal; }
    location ^~ /serialized/ { internal; }
    location ^~ /tests/ { internal; }

#    Serve the wiki toolbar data out of /resources/assets/
    location ^~ /resources/assets/ { }
    location ^~ /extensions/WikiEditor/modules/images/ { }


#    Serve bootstrap-mediawiki theme assets
#    location ^~ /skins/bootstrap-mediawiki/bootstrap {
#        try_files $uri $uri/;
#    }
#    location ^~ /skins/bootstrap-mediawiki/google-code-prettify {
#        try_files $uri $uri/;
#    }
#    location ^~ /skins/bootstrap-mediawiki/js {
#        try_files $uri $uri/;
#    }
#    location ^~ /skins/bootstrap-mediawiki/font-awesome {
#        try_files $uri $uri/;
#        default_type text/plain;
#    }

#    Redirect all requests for unknown URLs out of images and back to the
#    root index.php file
    location ^~ /images/ {
        try_files $uri /index.php;
    }


#    Uncomment after installation!
#    location / {
#        index index.php;
#        rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
#    }

    location ~ \.php?$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass php-fpm;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors on;
    }
}

After setting up MediaWiki, make sure to uncomment the location / { block to allow index.php to be used, and the location ^~ /mw-config/ { internal; } line to disable access to the installation directory.

Also consider setting up an SSL certificate with this Nginx config.

Serving MediaWiki images with Nginx

While images can just be served from domain.org/images/, it is often a better idea to have a separate Nginx config for