summaryrefslogtreecommitdiff
path: root/public/nginx-mediawiki.md
blob: 92d2d39b45d18f4bb23db7f5d2a8078b33d4303f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
An Nginx configuration for MediaWiki
====================================
---
date: "2015-05-19"
---

There are [several][0] [example][1] [Nginx][2] [configurations][3]
[for][4] [MediaWiki][5] floating around the web.  Many of them don't
block the user from accessing things like `/serialized/`.  Many of
them also [don't correctly handle][faq] a wiki page named `FAQ`, since
that is a name of a file in the MediaWiki root!  In fact, the
configuration used on the official Nginx Wiki has both of those
issues!

[0]: http://wiki.nginx.org/MediaWiki
[1]: https://wiki.archlinux.org/index.php/MediaWiki#Nginx
[2]: https://www.mediawiki.org/wiki/Manual:Short_URL/wiki/Page_title_--_nginx_rewrite--root_access
[3]: https://www.mediawiki.org/wiki/Manual:Short_URL/Page_title_-_nginx,_Root_Access,_PHP_as_a_CGI_module
[4]: http://wiki.nginx.org/RHEL_5.4_%2B_Nginx_%2B_Mediawiki
[5]: http://stackoverflow.com/questions/11080666/mediawiki-on-nginx
[faq]: https://labs.parabola.nu/issues/725

This is because most of the configurations floating around basically
try to pass all requests through, and blacklist certain requests,
either denying them, or passing them through to `index.php`.

It's my view that blacklisting is inferior to whitelisting in
situations like this.  So, I developed the following configuration
that instead works by whitelisting certain paths.

	root /path/to/your/mediawiki; # obviously, change this line

	index index.php;
	location /                     { try_files /var/empty @rewrite; }
	location /images/              { try_files $uri $uri/ @rewrite; }
	location /skins/               { try_files $uri $uri/ @rewrite; }
	location /api.php              { try_files /var/empty @php; }
	location /api.php5             { try_files /var/empty @php; }
	location /img_auth.php         { try_files /var/empty @php; }
	location /img_auth.php5        { try_files /var/empty @php; }
	location /index.php            { try_files /var/empty @php; }
	location /index.php5           { try_files /var/empty @php; }
	location /load.php             { try_files /var/empty @php; }
	location /load.php5            { try_files /var/empty @php; }
	location /opensearch_desc.php  { try_files /var/empty @php; }
	location /opensearch_desc.php5 { try_files /var/empty @php; }
	location /profileinfo.php      { try_files /var/empty @php; }
	location /thumb.php            { try_files /var/empty @php; }
	location /thumb.php5           { try_files /var/empty @php; }
	location /thumb_handler.php    { try_files /var/empty @php; }
	location /thumb_handler.php5   { try_files /var/empty @php; }
	location /wiki.phtml           { try_files /var/empty @php; }

	location @rewrite {
		rewrite ^/(.*)$ /index.php?title=$1&$args;
	}

	location @php {
		# obviously, change this according to your PHP setup
		include fastcgi.conf;
		fastcgi_pass unix:/run/php-fpm/wiki.sock;
	}

We are now using this configuration on
[ParabolaWiki](https://wiki.parabola.nu/), but with an alias for
`location = /favicon.ico` to the correct file in the skin, and with
FastCGI caching for PHP.

The only thing I don't like about this is the `try_files /var/emtpy`
bits--surely there is a better way to have it go to one of the `@`
location blocks, but I couldn't figure it out.