Nginx sample config must be updated

getgrav / grav

Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig, and Symfony

https://getgrav.org

MIT License

14.5k stars 1.4k forks source link

Open u07 opened 11 months ago

u07 commented 11 months ago

Seems it hasn't been updated for a while. At least this rule from apache config is missing in nginx:

# Block all direct access to files and folders beginning with a dot
RewriteRule (^|/)\.(?!well-known) - [F]

Just checked, /.phan/config.php is available directly.

u07 commented 11 months ago

For nginx it will be

location ~ /\. {  return 403;   }

or mixed with existing Grav rules (at the end):

location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess|\.) { return 403; }

u07 commented 11 months ago

Also I would suggest changing location ~ \.php$ (any .php) to just location /index.php (a single .php) because Grav has only one executable php.

10corp commented 9 months ago

Add Nginx supported.

rhukster commented 5 months ago

How about provding a Pull Request?