Welcome! Log In Create A New Profile

Advanced

Re: dokuwiki not in root problem of regexp

Previous Message Next Message
Forum List Message List New Topic Print View
Jiff
July 01, 2012 11:37AM
myserver.org_dokuwiki_http_https_main.conf
==================================

# DOKUWIKI NOT-ON-ROOT MAIN FILE: BROWSE HTTP + DANGEROUS AREAS HTTPS
#====================================================================

# 2012-07-01 - Author: Jean-Yves F. Barbier - lazyvirus<at]gmx{dot)com

# File: myserver.org_dokuwiki_http_https_main.conf

# MOD'OP: Just symlink this file into /etc/nginx/sites-enabled

# Works on Debian squeeze + backports:
# nginx-full 1.2.1-1~dotdeb.0
# php5 5.3.14-1~dotdeb.0
# php5-fpm 5.3.14-1~dotdeb.0
# Works under Debian sid.

# Solutions mostly coming from:
# http://wiki.nginx.org
# http://agentzh.org/misc/nginx/agentzh-nginx-tutorials-enuk.html
# http://blog.slucas.fr/en/oss/dokuwiki-nginx-config
# http://www.dokuwiki.org/install:nginx?s[]=nginx
# http://www.dokuwiki.org/tips:httpslogin#nginx

# With this conf, leave parm 'securecookie' enabled.

# No tested w/ clean URL (but who cares?)

# CAUTION: MANY TIME WASTED: DW DON'T SET 'useacl' to 1 WHEN INSTALLING,
# WHICH ALLOW TO LOGIN BUT SEND A 'Permission denied' ASA YOU
# MAKE ANY MODIFICATION!
# SOLT: Install, then manually edit /conf/dokuwiki.php to set it to 1.

# NB: You can also redirect sensitive areas to localhost (unencrypted).

#============================================================================= HTTP/HTTPS DISCRIMINATOR

# In case of redirection to localhost, comment this line
# (and the one using this VAR in the common file).
map $scheme $php_https { default off; https on; }

#============================================================================= HTTP

server {
listen 80;
server_name myserver.org;
root /var/www;
index index.html index.php doku.php;

access_log /var/log/nginx/dokuwiki.http.access.log;
error_log /var/log/nginx/dokuwiki.http.error.log;
rewrite_log on; # TEST ONLY (logs all rewrites)

#-------------------------------------------------------------

# Enforce HTTPS for /log…, /admin…, & /profile…

if ($args ~ do=(log|admin|profile)) {
rewrite ^ https://$host$request_uri? redirect;
# locahost (unencrypted) version
### rewrite ^ http://localhost$request_uri? redirect;
}

# Common conf file

include /etc/nginx/sites-available/myserver.org_dokuwiki_http_https_common.conf;
}

#============================================================================= HTTPS


server {
listen 443 ssl;
server_name myserver.org;
root /var/www;
index index.html index.php doku.php;

ssl_certificate /etc/nginx/SSL/nginx.crt;
ssl_certificate_key /etc/nginx/SSL/nginx-insecure.key;

access_log /var/log/nginx/dokuwiki.https.access.log;
error_log /var/log/nginx/dokuwiki.https.error.log;
rewrite_log on; # TEST ONLY (log all rewrites)

#-------------------------------------------------------------

# CAUTION: DON'T enforce HTTP for normal requests (do=show|^$), this
# renders any modification in DW worthless!

# Common conf file

include /etc/nginx/sites-available/myserver.org_dokuwiki_http_https_common.conf;
}

#============================================================================= EOF


myserver.org_dokuwiki_http_https_common.conf
====================================

# DOKUWIKI NOT-ON-ROOT COMMON FILE: BROWSE HTTP + DANGEROUS AREAS HTTPS
#======================================================================

# 2012-07-01 - Author: Jean-Yves F. Barbier - lazyvirus<at]gmx{dot)com

# File: myserver.org_dokuwiki_http_https_common.conf

# As DW is not on the HTTP/S svr root, redirect any root query toward it
# from: http://myserver.org/ to: http://myserver.org/dokuwiki
# (until other services being available).

location = / {
error_page 403 = http://$host/dokuwiki;
}

#-------------------------------------------------------------

location /dokuwiki {
try_files $uri $uri/ @dw;
}

location @dw {
rewrite ^/dokuwiki/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/dokuwiki/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/dokuwiki/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/dokuwiki/(.*) /doku.php?id=$1&$args last;
}

#-------------------------------------------------------------

location ~ \.php$ {
if (!-f $request_filename) {
return 404;
}

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Comment the line below if redirecting to localhost (unencrypted)
fastcgi_param HTTPS $php_https; # DW checks $_SERVER['HTTPS']
# Gain the TCP/IP overhead: use socket instead
fastcgi_pass unix:/var/run/php5-fpm.socket;
}

#-------------------------------------------------------------

# For security reasons (http://www.dokuwiki.org/security) some
# directories must not be reachable from the outside. But a
# 'deny all' isn't a good solution, as it returns a 403 which
# is visible by the client. The solution comes from a nginx
# special extension: the 444 error that returns no information
# to the client and closes its connection. Useful as a deterrent
# for malware as it is silent:)

location ~ ^/dokuwiki/(bin|conf|data|inc)/ {
return 444;
}

#-------------------------------------------------------------

# Force a long expiration delay on static files

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
access_log off;
log_not_found off;
}

# This location serves static files

location ~ ^/dokuwiki/lib/ {
expires 30d;
}

#-------------------------------------------------------------

# As of nginx wiki this should go to /etc/nginx/conf.d/drop.conf,
# but I like to have everything on sight.

# NTS: It is normal not to see the pink icon about
# "data directory not properly secured": this is
# when I can see it that there's something wrong:)

location = /dokuwiki/robots.txt {
access_log off;
log_not_found off;
}

location = /dokuwiki/favicon.ico {
access_log off;
log_not_found off;
}

# Silently protect all Linux hidden files (but log get attempts)
location ~ /\. {
return 444;
}

# I spent some time to understand what this block was meant for:
# http://kbeezie.com/view/nginx-configuration-examples/
# This block is mainly for people who use vim, or any other command line
# editor that creates a backup copy of a file being worked on with a file
# name ending in ~.
# Hiding this prevents someone from accessing a backup copy of a file you
# have been working on.
location ~ ~$ {
access_log off;
log_not_found off;
return 444;
}

#============================================================================= EOF
Reply Quote
RSS
Subject Author Posted

dokuwiki not in root problem of regexp

Jiff June 29, 2012 09:32PM

Re: dokuwiki not in root problem of regexp

Francis Daly June 30, 2012 08:14AM

Re: dokuwiki not in root problem of regexp

Jiff June 30, 2012 10:25AM

Re: dokuwiki not in root problem of regexp

Francis Daly June 30, 2012 11:44AM

Re: dokuwiki not in root problem of regexp

Jiff July 01, 2012 12:01AM

Re: dokuwiki not in root problem of regexp

Francis Daly July 01, 2012 06:12AM

Re: dokuwiki not in root problem of regexp

Jiff July 01, 2012 11:37AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 321
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready