Pazartesi, Kasım 4, 2024

MediaWiki İçin NGINX Yapılandırması

mediawiki yüksek çözünürlüklü görsel, mediawiki logo, mediawiki yapılandırma

Aşağıda yer alan Nginx kuralları /wiki/ olarak oluşturulan bir MediaWiki uygulaması üzerinde denenmiştir ve sorunsuz çalışmaktadır. Yapılandırmanızı kendinize göre değiştirmeyi ihmal etmeyiniz. Güvenlik yapılandırması yapılmamıştır.

server {
  listen                  443 ssl http2;
  listen                  [::]:443 ssl http2;
  server_name             example.com;
  set                     $base /var/www/example.com;
  root                    $base/public;

  # SSL
  ssl_certificate         /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

  # security headers
  add_header X-XSS-Protection          1; mode=block always;
  add_header X-Content-Type-Options    nosniff always;
  add_header Referrer-Policy           no-referrer-when-downgrade always;
  add_header Content-Security-Policy   default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; always;
  add_header Permissions-Policy        interest-cohort=() always;
  add_header Strict-Transport-Security max-age=31536000; includeSubDomains always;

  # . files
  location ~ /\.(?!well-known) {
      deny all;
  }

    location ~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    # Images
    location /w/images {
        # Separate location for images/ so .php execution won't apply
    }
    location /w/images/deleted {
        deny all;
    }
    location ~ ^/w/resources/(assets|lib|src) {
        try_files $uri 404;
        add_header Cache-Control public;
        expires 7d;
    }
    # Assets, scripts and styles from skins and extensions
    location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
        try_files $uri 404;
        add_header Cache-Control public;
        expires 7d;
    }
    # Favicon
    location = /favicon.ico {
        alias /w/images/6/64/Favicon.ico;
        add_header Cache-Control public;
        expires 7d;
    }

    # License and credits files
    location ~ ^/w/(COPYING|CREDITS)$ {
        default_type text/plain;
    }

    # Handling for Mediawiki REST API, see [[mw:API:REST_API]]
    location /w/rest.php/ {
        try_files $uri $uri/ /w/rest.php?$query_string;
    }

    # Handling for the article path (pretty URLs)
    location /wiki/ {
        rewrite ^/wiki/(?.*)$ /w/index.php;
    }

    location = / {
        return 301 /wiki/Main_Page;
    }

  location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
    deny all;
  }
  location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
    internal;
  }

  # favicon.ico
  location = /favicon.ico {
      log_not_found off;
      access_log    off;
  }

  # robots.txt
  location = /robots.txt {
      log_not_found off;
      access_log    off;
  }

  # assets, media
  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
      expires    7d;
      access_log off;
  }

  # svg, fonts
  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
      add_header Access-Control-Allow-Origin *;
      expires    7d;
      access_log off;
  }

  # gzip
  gzip            on;
  gzip_vary       on;
  gzip_proxied    any;
  gzip_comp_level 6;
  gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}

Temel yapılandırma yapılmıştır, SSL aktiftir ve temel rest api ile birlikte url yapılandırması yapılmıştır. Yapılandırmada kullanılan LocalSettings.php dosyası aşağıdaki gibidir.

$wgScriptPath = /w;
$wgArticlePath = /wiki/\;
$wgUsePathInfo = true;