Difference between revisions of "Pretty URL/mediawiki"

From Freephile Wiki
Jump to navigation Jump to search
(Created page with "== My Nginx Conf == <syntaxhighlight lang="php" line> server { # [...] if (-f $document_root/maintenance.html) { return 503; }...")
 
Line 1: Line 1:
 +
The purpose of this page is to merge two different configurations for Pretty URLs for MediaWiki on Nginx into the ultimate configuration.  The first is my current configuration which is a combination of what comes from DebOps, and the code found on MediaWiki.org.  The second is the suggested configuration from shorturls.redwerks.com
 +
 +
 
== My Nginx Conf ==
 
== My Nginx Conf ==
 
<syntaxhighlight lang="php" line>
 
<syntaxhighlight lang="php" line>
Line 209: Line 212:
 
== The Ultimate Pretty URL configuration for MediaWiki on Nginx ==
 
== The Ultimate Pretty URL configuration for MediaWiki on Nginx ==
 
<syntaxhighlight lang="php" line>
 
<syntaxhighlight lang="php" line>
 +
 +
server {
 +
 +
        # [...]
 +
 +
        if (-f $document_root/maintenance.html) {
 +
                return 503;
 +
        }
 +
        error_page 503 @maintenance;
 +
        location @maintenance {
 +
                rewrite ^(.*)$ /maintenance.html break;
 +
        }
 +
 +
        # Disallow access to hidden files and directories, except `/.well-known/`
 +
        # https://www.mnot.net/blog/2010/04/07/well-known
 +
        # https://tools.ietf.org/html/rfc5785
 +
        location ~ /\.(?!well-known/) {
 +
                return 404;
 +
        }
 +
 +
        location = /nginx_status {
 +
                stub_status on;
 +
                access_log off;
 +
                allow 127.0.0.1/32;
 +
                allow ::1/128;
 +
                allow 67.205.190.17;
 +
                allow 10.10.0.11;
 +
                allow 10.136.225.163;
 +
                deny all;
 +
        }
 +
  
 
</syntaxhighlight>
 
</syntaxhighlight>

Revision as of 14:18, 14 November 2019

The purpose of this page is to merge two different configurations for Pretty URLs for MediaWiki on Nginx into the ultimate configuration. The first is my current configuration which is a combination of what comes from DebOps, and the code found on MediaWiki.org. The second is the suggested configuration from shorturls.redwerks.com


My Nginx Conf[edit | edit source]

  1 server {
  2 
  3         # [...]
  4 
  5         if (-f $document_root/maintenance.html) {
  6                 return 503;
  7         }
  8         error_page 503 @maintenance;
  9         location @maintenance {
 10                 rewrite ^(.*)$ /maintenance.html break;
 11         }
 12 
 13         # Disallow access to hidden files and directories, except `/.well-known/`
 14         # https://www.mnot.net/blog/2010/04/07/well-known
 15         # https://tools.ietf.org/html/rfc5785
 16         location ~ /\.(?!well-known/) {
 17                 return 404;
 18         }
 19 
 20         #location = /favicon.ico {
 21         #        try_files /favicon.ico =204;
 22         #        access_log off;
 23         #        log_not_found off;
 24         #}
 25 
 26         location = /nginx_status {
 27                 stub_status on;
 28                 access_log off;
 29                 allow 127.0.0.1/32;
 30                 allow ::1/128;
 31                 allow 67.205.190.17;
 32                 allow 10.10.0.11;
 33                 allow 10.136.225.163;
 34                 deny all;
 35         }
 36 
 37         location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ {
 38                 try_files $script_name =404;
 39 
 40                 include fastcgi.conf;
 41 
 42                 # Mitigate HTTPOXY attacks (https://httpoxy.org/)
 43                 fastcgi_param HTTP_PROXY "";
 44 
 45                 fastcgi_index index.php;
 46                 fastcgi_pass php5_www-data;
 47         }
 48 
 49         location ~ ^(?<script_name>.+\.php)(?<path_info>/.*)$ {
 50                 try_files $script_name =404;
 51 
 52                 include fastcgi_params;
 53                 fastcgi_param SCRIPT_FILENAME $document_root$script_name;
 54                 fastcgi_param PATH_INFO $path_info;
 55                 #fastcgi_param PATH_TRANSLATED $document_root$path_info;
 56 
 57                 # Mitigate HTTPOXY attacks (https://httpoxy.org/)
 58                 fastcgi_param HTTP_PROXY "";
 59 
 60                 fastcgi_index index.php;
 61                 fastcgi_pass php5_www-data;
 62         }
 63         #### All the following rules added for pretty URLs
 64         location ~ ^/w/(index|load|api|thumb|opensearch_desc)\.php$ {
 65                 include /etc/nginx/fastcgi_params;
 66                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 67                 fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
 68         }
 69         
 70         # Images
 71         location /w/images {
 72                 # Separate location for images/ so .php execution won't apply
 73         }
 74         location /w/images/deleted {
 75                 # Deny access to deleted images folder
 76                 deny all;
 77         }
 78         # MediaWiki assets (usually images)
 79         location ~ ^/w/resources/(assets|lib|src) {
 80                 try_files $uri 404;
 81                 add_header Cache-Control "public";
 82                 expires 7d;
 83         }
 84         # Assets, scripts and styles from skins and extensions
 85         location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg)$ {
 86                 try_files $uri 404;
 87                 add_header Cache-Control "public";
 88                 expires 7d;
 89         }
 90         # Favicon
 91         location = /favicon.ico {
 92                 alias /w/images/6/64/Favicon.ico;
 93                 add_header Cache-Control "public";
 94                 expires 7d;
 95                 access_log off;
 96                 log_not_found off;
 97         }
 98         
 99         ## Uncomment the following code if you wish to use the installer/updater
100         ## installer/updater
101         #location /w/mw-config/ {
102         #       # Do this inside of a location so it can be negated
103         #       location ~ \.php$ {
104         #               include /etc/nginx/fastcgi_params;
105         #               fastcgi_param SCRIPT_FILENAME $document_root/w/mw-config/$fastcgi_script_name;
106         #               fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
107         #       }
108         #}
109         
110         # Handling for the article path (pretty URLs)
111         location /wiki/ {
112                 rewrite ^/wiki(?:/(?<pagename>.*))$ /w/index.php;
113         }
114 
115         # Allow robots.txt in case you have one
116         location = /robots.txt {
117         }
118         # Explicit access to the root website, redirect to main page (adapt as needed)
119         # location = / {
120         #       return 301 /wiki/Main_Page;
121         # }
122 
123         # # Every other entry point will be disallowed.
124         # # Add specific rules for other entry points/images as needed above this
125         # location / {
126         #       return 404;
127         # }
128         #### All the above rules added for pretty URLs
129         client_max_body_size 500m;
130 }

RedWerks Short URL[edit | edit source]

from https://shorturls.redwerks.org/?url=https%3A%2F%2Fwww.slicer.org%2Fwiki%2F


 1 server {
 2 	# [...]
 3 
 4 	# Location for the wiki's root
 5 	location /w/ {
 6 		# Do this inside of a location so it can be negated
 7 		location ~ \.php$ {
 8 			try_files $uri $uri/ =404; # Don't let php execute non-existent php files
 9 			include /etc/nginx/fastcgi_params;
10 			fastcgi_pass 127.0.0.1:9000;
11 		}
12 	}
13 	
14 	location /w/images {
15 		# Separate location for images/ so .php execution won't apply
16 		
17 		location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
18 			# Thumbnail handler for MediaWiki
19 			# This location only matches on a thumbnail's url
20 			# If the file does not exist we use @thumb to run the thumb.php script
21 			try_files $uri $uri/ @thumb;
22 		}
23 	}
24 	location /w/images/deleted {
25 		# Deny access to deleted images folder
26 		deny	all;
27 	}
28 	
29 	# Deny access to folders MediaWiki has a .htaccess deny in
30 	location /w/cache       { deny all; }
31 	location /w/languages   { deny all; }
32 	location /w/maintenance { deny all; }
33 	location /w/serialized  { deny all; }
34 	
35 	# Just in case, hide .svn and .git too
36 	location ~ /.(svn|git)(/|$) { deny all; }
37 	
38 	# Hide any .htaccess files
39 	location ~ /.ht { deny all; }
40 	
41 	# Uncomment the following code if you wish to hide the installer/updater
42 	## Deny access to the installer
43 	#location /w/mw-config { deny all; }
44 	
45 	# Handling for the article path
46 	location /wiki {
47 		include /etc/nginx/fastcgi_params;
48 		# article path should always be passed to index.php
49 		fastcgi_param SCRIPT_FILENAME	$document_root/w/index.php;
50 		fastcgi_pass  127.0.0.1:9000;
51 	}
52 	
53 	# Thumbnail 404 handler, only called by try_files when a thumbnail does not exist
54 	location @thumb {
55 		# Do a rewrite here so that thumb.php gets the correct arguments
56 		rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2;
57 		rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1;
58 		
59 		# Run the thumb.php script
60 		include /etc/nginx/fastcgi_params;
61 		fastcgi_param SCRIPT_FILENAME	$document_root/w/thumb.php;
62 		fastcgi_pass  127.0.0.1:9000;
63 	}
64 	
65 	# [...]
66 }

The Ultimate Pretty URL configuration for MediaWiki on Nginx[edit | edit source]

 1 server {
 2 
 3         # [...]
 4 
 5         if (-f $document_root/maintenance.html) {
 6                 return 503;
 7         }
 8         error_page 503 @maintenance;
 9         location @maintenance {
10                 rewrite ^(.*)$ /maintenance.html break;
11         }
12 
13         # Disallow access to hidden files and directories, except `/.well-known/`
14         # https://www.mnot.net/blog/2010/04/07/well-known
15         # https://tools.ietf.org/html/rfc5785
16         location ~ /\.(?!well-known/) {
17                 return 404;
18         }
19 
20         location = /nginx_status {
21                 stub_status on;
22                 access_log off;
23                 allow 127.0.0.1/32;
24                 allow ::1/128;
25                 allow 67.205.190.17;
26                 allow 10.10.0.11;
27                 allow 10.136.225.163;
28                 deny all;
29         }