Jump to content

Nginx:Vhost MediaWiki

From Wiki
Revision as of 17:15, 25 July 2022 by Kangtain (talk | contribs)

Tanpa SSL

server {
        listen 80;
        listen [::]:80;
        server_name your-domain.com; 

        root /var/www/mediawiki;
        index index.php;
   
        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access; 

        location / {
                try_files $uri $uri/ /index.php;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.ht {
          deny all;
         }

        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            include snippets/fastcgi-php.conf;
        }
}

SSL Origin CloudFlare

server {
        listen 80;
        listen [::]:80;
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        
        server_name your-domain.com;
        root /var/www/your-domain.com;
        index index.php;
   #Jika menggunakan ModSecurity
	modsecurity on;
	modsecurity_rules_file /etc/nginx/modsec/main.conf;

	# Add headers to serve security related headers
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;
	add_header Referrer-Policy no-referrer;
        
        ssl_certificate /etc/ssl/certs/cloudflare_your-domain.com.pem;
        ssl_certificate_key /etc/ssl/private/cloudflare_key_your-domain.com.pem;
        ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
        ssl_verify_client on;
        
        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access;
        
        location / {
                try_files $uri $uri/ /index.php;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.ht {
          deny all;
         }
         
        location /rest.php {
          try_files $uri $uri/ /rest.php?$args;
        }

	location = /robots.txt {
	  allow all;
	log_not_found off;
	access_log off;
	}

        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            include snippets/fastcgi-php.conf;
        }
}

SSL Lets Encrypt

server {
        server_name your-domain.com;

        root /var/www/your-domain.com;
        index index.php;
  
        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access;

        location / {
                try_files $uri $uri/ /index.php;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.ht {
          deny all;
         }

	location /rest.php {
	  try_files $uri $uri/ /rest.php?$args;
	}

        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            include snippets/fastcgi-php.conf;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/your-domain.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

} 
server {
    if ($host = your-domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;
        server_name kangtain.com;

        root /var/www/your-domain.com;
        index index.php;
  
        error_log /var/log/nginx/your-domain.com.error;
        access_log /var/log/nginx/your-domain.com.access;

        location / {
                try_files $uri $uri/ /index.php;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.ht {
          deny all;
         }

        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            include snippets/fastcgi-php.conf;
        }
}
Retrieved from "https://kangtain.com/wiki/index.php?title=Nginx:Vhost_MediaWiki&oldid=4810"