blob: cd3cddb8185aa92b1c6957dd8816372a37b42dbf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>An Nginx configuration for MediaWiki — Luke Shumaker</title>
<link rel="stylesheet" type="text/css" href="assets/style.css">
</head>
<body>
<header><a href="/">Luke Shumaker</a> » <a href=/blog>blog</a> » nginx-mediawiki</header>
<article>
<h1 id="an-nginx-configuration-for-mediawiki">An Nginx configuration for MediaWiki</h1>
<p>There are <a href="http://wiki.nginx.org/MediaWiki">several</a> <a href="https://wiki.archlinux.org/index.php/MediaWiki#Nginx">example</a> <a href="https://www.mediawiki.org/wiki/Manual:Short_URL/wiki/Page_title_--_nginx_rewrite--root_access">Nginx</a> <a href="https://www.mediawiki.org/wiki/Manual:Short_URL/Page_title_-_nginx,_Root_Access,_PHP_as_a_CGI_module">configurations</a> <a href="http://wiki.nginx.org/RHEL_5.4_%2B_Nginx_%2B_Mediawiki">for</a> <a href="http://stackoverflow.com/questions/11080666/mediawiki-on-nginx">MediaWiki</a> floating around the web. Many of them don't block the user from accessing things like <code>/serialized/</code>. Many of them also <a href="https://labs.parabola.nu/issues/725">don't correctly handle</a> a wiki page named <code>FAQ</code>, since that is a name of a file in the MediaWiki root! In fact, the configuration used on the official Nginx Wiki has both of those issues!</p>
<p>This is because most of the configurations floating around basically try to pass all requests through, and blacklist certain requests, either denying them, or passing them through to <code>index.php</code>.</p>
<p>It's my view that blacklisting is inferior to whitelisting in situations like this. So, I developed the following configuration that instead works by whitelisting certain paths.</p>
<pre><code>root /path/to/your/mediawiki; # obviously, change this line
index index.php;
location / { try_files /var/empty @rewrite; }
location /images/ { try_files $uri $uri/ @rewrite; }
location /skins/ { try_files $uri $uri/ @rewrite; }
location /api.php { try_files /var/empty @php; }
location /api.php5 { try_files /var/empty @php; }
location /img_auth.php { try_files /var/empty @php; }
location /img_auth.php5 { try_files /var/empty @php; }
location /index.php { try_files /var/empty @php; }
location /index.php5 { try_files /var/empty @php; }
location /load.php { try_files /var/empty @php; }
location /load.php5 { try_files /var/empty @php; }
location /opensearch_desc.php { try_files /var/empty @php; }
location /opensearch_desc.php5 { try_files /var/empty @php; }
location /profileinfo.php { try_files /var/empty @php; }
location /thumb.php { try_files /var/empty @php; }
location /thumb.php5 { try_files /var/empty @php; }
location /thumb_handler.php { try_files /var/empty @php; }
location /thumb_handler.php5 { try_files /var/empty @php; }
location /wiki.phtml { try_files /var/empty @php; }
location @rewrite {
rewrite ^/(.*)$ /index.php?title=$1&$args;
}
location @php {
# obviously, change this according to your PHP setup
include fastcgi.conf;
fastcgi_pass unix:/run/php-fpm/wiki.sock;
}</code></pre>
<p>We are now using this configuration on <a href="https://wiki.parabola.nu/">ParabolaWiki</a>, but with an alias for <code>location = /favicon.ico</code> to the correct file in the skin, and with FastCGI caching for PHP.</p>
<p>The only thing I don't like about this is the <code>try_files /var/emtpy</code> bits--surely there is a better way to have it go to one of the <code>@</code> location blocks, but I couldn't figure it out.</p>
</article>
<footer>
<p>The content of this page is Copyright © 2015 <a href="mailto:lukeshu@sbcglobal.net">Luke Shumaker</a>.</p>
<p>This page is licensed under the <a href="https://creativecommons.org/licenses/by-sa/3.0/">CC BY-SA-3.0</a> license.</p>
</footer>
</body>
</html>
|