aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMikael Nordfeldth <mmn@hethane.se>2015-12-27 23:58:10 +0100
committerMikael Nordfeldth <mmn@hethane.se>2015-12-27 23:58:10 +0100
commit7f4b51e246262d021b992394e2b63ffbae0fed5c (patch)
tree1661699f345a280c0d8dc222615f66cea6e30276
parent4bc0b374bc24a9ef53775faf91c653e2a5a31311 (diff)
downloadgnu-social-7f4b51e246262d021b992394e2b63ffbae0fed5c.tar
gnu-social-7f4b51e246262d021b992394e2b63ffbae0fed5c.zip
minor tuning to nginx example config
for example we really do wish to force people to use HTTPS ;)
-rw-r--r--nginx.conf.sample37
1 files changed, 26 insertions, 11 deletions
diff --git a/nginx.conf.sample b/nginx.conf.sample
index d05c676bc1..baeecb7757 100644
--- a/nginx.conf.sample
+++ b/nginx.conf.sample
@@ -1,20 +1,28 @@
server {
- # Ports
listen 80;
- # Uncomment the following line
- # to enable HTTPS
- #listen 443 ssl;
+ listen [::]:80;
+
+ # FIXME: change domain name here (and also make sure you do the same in the next 'server' section)
+ server_name social.example.org;
+
+ # redirect all traffic to HTTPS
+ rewrite ^ https://$server_name$request_uri? permanent;
+}
+
+server {
+ # Use HTTPS. Seriously. Set it up with a cert (any cert) before you run the install.
+ listen 443 ssl;
# Server name
- # Change "example.org" to your domain name
- server_name example.org;
+ # Change "social.example.org" to your site's domain name
+ server_name social.example.org;
# SSL
# Uncomment and change the paths to setup
# your SSL key/cert. See https://cipherli.st/
# for more information
- #ssl_certificate /path/to/ssl.cert;
- #ssl_certificate_key /path/to/ssl.key;
+ ssl_certificate ssl/certs/social.example.org.crt;
+ ssl_certificate_key ssl/private/social.example.org.key;
# Logs
# Uncomment and change the paths to setup
@@ -32,12 +40,14 @@ server {
# PHP
location ~ \.php {
- fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+ include snippets/fastcgi-php.conf;
+
+ # This should be the same value as in your (optional) /etc/php5/fpm/pool.d/$server.conf
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+
# Remove the "fastcgi_pass" line above and uncomment
# the one below to use TCP sockets instead of Unix sockets
#fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include fastcgi.conf;
}
# Location
@@ -49,5 +59,10 @@ server {
location @gnusocial {
rewrite ^(.*)$ /index.php?p=$1 last;
}
+
+ # Restrict access that is unnecessary anyway
+ location ~ /\.(ht|git) {
+ deny all;
+ }
}