== The Ultimate Pretty URL configuration for MediaWiki on Nginx ==
<syntaxhighlight lang="php" line>
server {
# [...] if (-f $document_root/maintenance.html) { return 503; } error_page 503 @maintenance; location @maintenance { rewrite ^(.*)$ /maintenance.html break; } # Disallow access to hidden files and directories, except `/.well-known/` # https://www.mnot.net/blog/2010/04/07/well-known # https://tools.ietf.org/html/rfc5785 location ~ /\.(?!well-known/) { return 404; }
if ( location = /nginx_status { stub_status on; access_log off; allow 127.0.0.1/32; allow ::1/128; allow 67.205.190.17; allow 10.10.0.11; allow 10.136.225.163; deny all; } # Favicon location = /favicon.ico { alias /w/images/6/64/Favicon.ico; add_header Cache-f Control "public"; expires 7d; access_log off; log_not_found off; } # Location for the wiki's root location /w/ { # Do this inside of a location so it can be negated location ~ \.php$ { try_files $document_rooturi $uri/maintenance=404; # Don't let php execute non-existent php files include fastcgi.htmlconf; #Mitigate HTTPOXY attacks (https://httpoxy.org) fastcgi_param HTTP_PROXY ""; fastcgi_pass 127.0.0.1:9000; } # MediaWiki assets (usually images) location ~ ^/w/resources/(assets|lib|src) { return 503try_files $uri 404; add_header Cache-Control "public"; expires 7d;
}
error_page 503 @maintenance;# Assets, scripts and styles from skins and extensions location @maintenance { rewrite ~ ^/w/(skins|extensions)/.*+\.(css|js|gif|jpg|jpeg|png|svg)$ /maintenance.html break{ try_files $uri 404; add_header Cache-Control "public"; expires 7d;
}
}
# Disallow access to hidden files and directories, except `Separate location for images/so .wellphp execution won't apply location /w/images { location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-known.*$ { # Thumbnail handler for MediaWiki # This location only matches on a thumbnail's url # If the file does not exist we use @thumb to run the thumb.php script try_files $uri $uri/`@thumb; } } # Thumbnail 404 handler, only called by try_files when a thumbnail does not exist location @thumb { # https:Do a rewrite here so that thumb.php gets the correct arguments rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/www([0-9]+)px-.mnot*$ /w/thumb.netphp?f=$1&width=$2; rewrite ^/w/images/blogthumb/archive/[0-9a-f]/2010[0-9a-f][0-9a-f]/04([^/07]+)/well([0-known9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1; # httpsRun the thumb.php script include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php; fastcgi_pass 127.0.0.1:9000; } # Deny access to deleted images folder location /w/images/toolsdeleted { deny all; } # Deny access to folders MediaWiki has a .ietf.orghtaccess deny in location /htmlw/rfc5785cache { deny all; } location ~ /\.(?!well-knownw/) languages {deny all; } return 404 location /w/maintenance { deny all;} location /w/serialized { deny all; }
# Deny access to the installer location = /nginx_status w/mw-config { stub_status on; access_log off; allow 127.0.0.1/32; allow ::1/128; allow 67.205.190.17; allow 10.10.0.11; allow 10.136.225.163; deny all; }
# Handling for the article path
location /wiki {
include /etc/nginx/fastcgi_params;
# article path should always be passed to index.php
fastcgi_param SCRIPT_FILENAME $document_root/w/index.php;
fastcgi_pass 127.0.0.1:9000;
}
</syntaxhighlight>