search

AcroMedia / ansible-role-virtual-host

Configure NGINX + PHP + SSL for a virtual host across it's complete life cycle from staging to production to decommission
GNU General Public License v3.0
0 stars 3 forks source link

mediawiki profile needs tuning #5

Open dale-c-anderson opened 4 years ago

dale-c-anderson commented 4 years ago

If someone creates a page with ".php" at the end of the title, the nginx config thinks an actual php page is being requested.

The mediawiki profile needs to explicitly handle mediawiki's php locations, and let everything else be handled by the rewrite.

Refer to https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx for locations.

dale-c-anderson commented 4 years ago

https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx at the time of this issue, 

server {
    # [...]

    # Location for wiki's entry points
    location ~ ^/w/(index|load|api|thumb|opensearch_desc)\.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
    }

    # Images
    location /w/images {
        # Separate location for images/ so .php execution won't apply
    }
    location /w/images/deleted {
        # Deny access to deleted images folder
        deny all;
    }
    # MediaWiki assets (usually images)
    location ~ ^/w/resources/(assets|lib|src) {
        try_files $uri 404;
        add_header Cache-Control "public";
        expires 7d;
    }
    # Assets, scripts and styles from skins and extensions
    location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg)$ {
        try_files $uri 404;
        add_header Cache-Control "public";
        expires 7d;
    }
    # Favicon
    location = /favicon.ico {
        alias /w/images/6/64/Favicon.ico;
        add_header Cache-Control "public";
        expires 7d;
    }

    ## Uncomment the following code if you wish to use the installer/updater
    ## installer/updater
    #location /w/mw-config/ {
    #   # Do this inside of a location so it can be negated
    #   location ~ \.php$ {
    #       include /etc/nginx/fastcgi_params;
    #       fastcgi_param SCRIPT_FILENAME $document_root/w/mw-config/$fastcgi_script_name;
    #       fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
    #   }
    #}

    # Handling for the article path (pretty URLs)
    location /wiki/ {
        rewrite ^/wiki/(?<pagename>.*)$ /w/index.php;
    }

    # Allow robots.txt in case you have one
    location = /robots.txt {
    }
    # Explicit access to the root website, redirect to main page (adapt as needed)
    location = / {
        return 301 /wiki/Main_Page;
    }

    # Every other entry point will be disallowed.
    # Add specific rules for other entry points/images as needed above this
    location / {
        return 404;
    }
}