Nginx

MediaWiki İçin NGINX Yapılandırması2 min read

Eyl 19, 2021

MediaWiki İçin NGINX Yapılandırması2 min read

Aşağıda yer alan Nginx kuralları /wiki/ olarak oluşturulan bir MediaWiki uygulaması üzerinde denenmiştir ve sorunsuz çalışmaktadır. Yapılandırmanızı kendinize göre değiştirmeyi ihmal etmeyiniz. Güvenlik yapılandırması yapılmamıştır.

server {
  listen                  443 ssl http2;
  listen                  [::]:443 ssl http2;
  server_name             example.com;
  set                     $base /var/www/example.com;
  root                    $base/public;

  # SSL
  ssl_certificate         /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

  # security headers
  add_header X-XSS-Protection          "1; mode=block" always;
  add_header X-Content-Type-Options    "nosniff" always;
  add_header Referrer-Policy           "no-referrer-when-downgrade" always;
  add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
  add_header Permissions-Policy        "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  # . files
  location ~ /\.(?!well-known) {
      deny all;
  }

	location ~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
		include /etc/nginx/fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	}
	
	# Images
	location /w/images {
		# Separate location for images/ so .php execution won't apply
	}
	location /w/images/deleted {
		deny all;
	}
	location ~ ^/w/resources/(assets|lib|src) {
		try_files $uri 404;
		add_header Cache-Control "public";
		expires 7d;
	}
	# Assets, scripts and styles from skins and extensions
	location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
		try_files $uri 404;
		add_header Cache-Control "public";
		expires 7d;
	}
	# Favicon
	location = /favicon.ico {
		alias /w/images/6/64/Favicon.ico;
		add_header Cache-Control "public";
		expires 7d;
	}

	# License and credits files
	location ~ ^/w/(COPYING|CREDITS)$ {
		default_type text/plain;
	}

	# Handling for Mediawiki REST API, see [[mw:API:REST_API]]
	location /w/rest.php/ {
		try_files $uri $uri/ /w/rest.php?$query_string;
	}

	# Handling for the article path (pretty URLs)
	location /wiki/ {
		rewrite ^/wiki/(?<pagename>.*)$ /w/index.php;
	}

	location = / {
		return 301 /wiki/Main_Page;
	}

  location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
    deny all;
  }
  location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
    internal;
  }

  # favicon.ico
  location = /favicon.ico {
      log_not_found off;
      access_log    off;
  }

  # robots.txt
  location = /robots.txt {
      log_not_found off;
      access_log    off;
  }

  # assets, media
  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
      expires    7d;
      access_log off;
  }

  # svg, fonts
  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
      add_header Access-Control-Allow-Origin "*";
      expires    7d;
      access_log off;
  }

  # gzip
  gzip            on;
  gzip_vary       on;
  gzip_proxied    any;
  gzip_comp_level 6;
  gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}

Temel yapılandırma yapılmıştır, SSL aktiftir ve temel rest api ile birlikte url yapılandırması yapılmıştır. Yapılandırmada kullanılan LocalSettings.php dosyası aşağıdaki gibidir.

$wgScriptPath = "/w";
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;

https://www.nginx.com/resources/wiki/start/topics/recipes/mediawiki/

https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx

blank

Sistem Uzmanı, Linux Hacısı, El-Kernel