Aşağıda yer alan Nginx kuralları /wiki/ olarak oluşturulan bir MediaWiki uygulaması üzerinde denenmiştir ve sorunsuz çalışmaktadır. Yapılandırmanızı kendinize göre değiştirmeyi ihmal etmeyiniz. Güvenlik yapılandırması yapılmamıştır.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
set $base /var/www/example.com;
root $base/public;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# security headers
add_header X-XSS-Protection 1; mode=block always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy no-referrer-when-downgrade always;
add_header Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; always;
add_header Permissions-Policy interest-cohort=() always;
add_header Strict-Transport-Security max-age=31536000; includeSubDomains always;
# . files
location ~ /\.(?!well-known) {
deny all;
}
location ~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
# Images
location /w/images {
# Separate location for images/ so .php execution won't apply
}
location /w/images/deleted {
deny all;
}
location ~ ^/w/resources/(assets|lib|src) {
try_files $uri 404;
add_header Cache-Control public;
expires 7d;
}
# Assets, scripts and styles from skins and extensions
location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
try_files $uri 404;
add_header Cache-Control public;
expires 7d;
}
# Favicon
location = /favicon.ico {
alias /w/images/6/64/Favicon.ico;
add_header Cache-Control public;
expires 7d;
}
# License and credits files
location ~ ^/w/(COPYING|CREDITS)$ {
default_type text/plain;
}
# Handling for Mediawiki REST API, see [[mw:API:REST_API]]
location /w/rest.php/ {
try_files $uri $uri/ /w/rest.php?$query_string;
}
# Handling for the article path (pretty URLs)
location /wiki/ {
rewrite ^/wiki/(?.*)$ /w/index.php;
}
location = / {
return 301 /wiki/Main_Page;
}
location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
deny all;
}
location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
internal;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin *;
expires 7d;
access_log off;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
} Temel yapılandırma yapılmıştır, SSL aktiftir ve temel rest api ile birlikte url yapılandırması yapılmıştır. Yapılandırmada kullanılan LocalSettings.php dosyası aşağıdaki gibidir.
$wgScriptPath = /w;
$wgArticlePath = /wiki/$1;
$wgUsePathInfo = true;