Jump to content

Nginx:Vhost MediaWiki: Difference between revisions

From Wiki
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
Created page with "==SSL Origin CloudFlare== server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name kangtain.com www.kangtain.com; root /var/www/kangtain.com; index index.php; modsecurity on; modsecurity_rules_file /etc/nginx/modsec/main.conf; # Add headers to serve security related headers add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1..."
 
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Tanpa SSL==
<syntaxhighlight lang="nginx" line="1">
server {
        listen 80;
        listen [::]:80;
        server_name your-domain.com;
        root /var/www/mediawiki;
        index index.php;
   
        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access;
        location / {
                try_files $uri $uri/ /index.php;
        }
        location ~ /.well-known {
            allow all;
        }
        location ~ /\.ht {
          deny all;
          }
        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            include snippets/fastcgi-php.conf;
        }
}
</syntaxhighlight>
==SSL Origin CloudFlare==
==SSL Origin CloudFlare==


server {
<syntaxhighlight lang="nginx" line="1">
server {
         listen 80;
         listen 80;
         listen [::]:80;
         listen [::]:80;
Line 7: Line 43:
         listen [::]:443 ssl http2;
         listen [::]:443 ssl http2;
          
          
         server_name kangtain.com www.kangtain.com;
         server_name your-domain.com;
         root /var/www/kangtain.com;
         root /var/www/your-domain.com;
         index index.php;
         index index.php;
    #Jika menggunakan [[ModSecurity]]
  modsecurity on;
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec/main.conf;
  modsecurity_rules_file /etc/nginx/modsec/main.conf;
Line 21: Line 58:
  add_header Referrer-Policy no-referrer;
  add_header Referrer-Policy no-referrer;
          
          
         ssl_certificate /etc/ssl/certs/cloudflare_kangtain.com.pem;
         ssl_certificate /etc/ssl/certs/cloudflare_your-domain.com.pem;
         ssl_certificate_key /etc/ssl/private/cloudflare_key_kangtain.com.pem;
         ssl_certificate_key /etc/ssl/private/cloudflare_key_your-domain.com.pem;
         ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
         ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
         ssl_verify_client on;
         ssl_verify_client on;
          
          
         error_log /var/log/nginx/kangtain.com.error;
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/kangtain.com.access;
         access_log /var/log/nginx/your-domain.com.access;
          
          
         location / {
         location / {
Line 57: Line 94:
             include snippets/fastcgi-php.conf;
             include snippets/fastcgi-php.conf;
         }
         }
}
}
</syntaxhighlight>


==SSL Lets Encrypt==
==SSL Lets Encrypt==


server {
<syntaxhighlight lang="nginx" line="1">
         server_name kangtain.com;
server {
         server_name your-domain.com;
   
   
         root /var/www/kangtain.com;
         root /var/www/your-domain.com;
         index index.php;
         index index.php;
    
    
         error_log /var/log/nginx/kangtain.com.error;
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/kangtain.com.access;
         access_log /var/log/nginx/your-domain.com.access;
   
   
         location / {
         location / {
Line 95: Line 134:
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/kangtain.com/fullchain.pem; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/kangtain.com/privkey.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Line 104: Line 143:
   
   
   
   
     ssl_trusted_certificate /etc/letsencrypt/live/kangtain.com/chain.pem; # managed by Certbot
     ssl_trusted_certificate /etc/letsencrypt/live/your-domain.com/chain.pem; # managed by Certbot
     ssl_stapling on; # managed by Certbot
     ssl_stapling on; # managed by Certbot
     ssl_stapling_verify on; # managed by Certbot
     ssl_stapling_verify on; # managed by Certbot
Line 110: Line 149:
  }  
  }  
  server {
  server {
     if ($host = kangtain.com) {
     if ($host = your-domain.com) {
         return 301 https://$host$request_uri;
         return 301 https://$host$request_uri;
     } # managed by Certbot
     } # managed by Certbot
Line 119: Line 158:
         server_name kangtain.com;
         server_name kangtain.com;
   
   
         root /var/www/kangtain.com;
         root /var/www/your-domain.com;
         index index.php;
         index index.php;
    
    
         error_log /var/log/nginx/kangtain.com.error;
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/kangtain.com.access;
         access_log /var/log/nginx/your-domain.com.access;
   
   
         location / {
         location / {
Line 143: Line 182:
             include snippets/fastcgi-php.conf;
             include snippets/fastcgi-php.conf;
         }
         }
}
}
</syntaxhighlight>
 
=== Mengatasi search tidak berfungsi<ref>[[mediawikiwiki:Topic:Wgr1qectnr965bmy|mediawiki.org]] - 404 error on rest.php on Mediawiki 1.35.1</ref> ===
<syntaxhighlight lang="nginx" line="1">
    location ~ \.php$ {
        include fastcgi_params;
        # fastcgi_index index.php;
        fastcgi_pass php_workers;
        # fastcgi_param HTTP_PROXY '';
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
 
    #Ini untuk mengatasinya
    location /rest.php {
        fastcgi_pass php_workers;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
 
</syntaxhighlight>
 
== Source ==
<references />
[[Category:Server]]
[[Category:Web Server]]
[[Category:Nginx]]
[[Category:MediaWiki]]

Latest revision as of 11:51, 31 January 2023

Tanpa SSL

server {
         listen 80;
         listen [::]:80;
         server_name your-domain.com; 
 
         root /var/www/mediawiki;
         index index.php;
    
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access; 
 
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
}

SSL Origin CloudFlare

server {
         listen 80;
         listen [::]:80;
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
         
         server_name your-domain.com;
         root /var/www/your-domain.com;
         index index.php;
    #Jika menggunakan [[ModSecurity]]
 	modsecurity on;
 	modsecurity_rules_file /etc/nginx/modsec/main.conf;
 
 	# Add headers to serve security related headers
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "1; mode=block";
 	add_header X-Robots-Tag none;
 	add_header X-Download-Options noopen;
 	add_header X-Permitted-Cross-Domain-Policies none;
 	add_header Referrer-Policy no-referrer;
         
         ssl_certificate /etc/ssl/certs/cloudflare_your-domain.com.pem;
         ssl_certificate_key /etc/ssl/private/cloudflare_key_your-domain.com.pem;
         ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
         ssl_verify_client on;
         
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access;
         
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
          
         location /rest.php {
           try_files $uri $uri/ /rest.php?$args;
         }
 
 	location = /robots.txt {
 	  allow all;
 	log_not_found off;
 	access_log off;
 	}
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
}

SSL Lets Encrypt

server {
         server_name your-domain.com;
 
         root /var/www/your-domain.com;
         index index.php;
   
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access;
 
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
 
 	location /rest.php {
 	  try_files $uri $uri/ /rest.php?$args;
 	}
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
 
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
 
     add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
 
 
     ssl_trusted_certificate /etc/letsencrypt/live/your-domain.com/chain.pem; # managed by Certbot
     ssl_stapling on; # managed by Certbot
     ssl_stapling_verify on; # managed by Certbot
 
 } 
 server {
     if ($host = your-domain.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot
 
 
         listen 80;
         listen [::]:80;
         server_name kangtain.com;
 
         root /var/www/your-domain.com;
         index index.php;
   
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access;
 
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
}

Mengatasi search tidak berfungsi<ref>mediawiki.org - 404 error on rest.php on Mediawiki 1.35.1</ref>

    location ~ \.php$ {
        include fastcgi_params;
        # fastcgi_index index.php;
        fastcgi_pass php_workers;
        # fastcgi_param HTTP_PROXY '';
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    #Ini untuk mengatasinya
    location /rest.php {
        fastcgi_pass php_workers;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

Source

<references />

Retrieved from "https://kangtain.com/wiki/index.php?title=Nginx:Vhost_MediaWiki&oldid=7855"