Xibo on Nginx - rewrite rules with SSL and Let's Encrypt (FYI)

User Stories and Project Showcase Guides
1

Not sure whether these can be taken into some sort of manual or guide for people. As you may know, nginx does not support .htaccess rules. I’ll be refining some of these in the future:

server {
listen 10.0.3.11:443 ssl;
server_name xibo.example.com www.xibo.example.com;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/your_domain.crt;
ssl_certificate_key /etc/ssl/your_domain.key;
ssl_client_certificate /etc/ssl/your_CA.pem;

    # Let's Encrypt

include /etc/nginx/acme.conf;
access_log /var/log/xibo-access.log combined;
error_log /var/log/xibo-error.log error;
root /var/www/xibo/web; # This is the subdirectory web in the main Xibo directory
index index.php index.html index.htm;

location / {
try_files $uri $uri/ @rewrites;
}

location @rewrites {
rewrite ^ /index.php last;
rewrite ^./authorize/.$ /api/authorize/index.php break;
rewrite ^./api/.$ /api/index.php break;
rewrite ^./install/.$ /install/index.php break;
rewrite ^./maint/.$ /maint/index.php break;
}

location /webalizer {
alias /var/www/webalizer;
auth_basic “Restricted Area”;
auth_basic_user_file /etc/nginx/htpasswd/3-ac5e073ff0c37321e7fe2c18dcb78cff.htpasswd;
}

location ~ ^(.+?.php)(/.*)?$ {
try_files /ef3564600e8aa66fe350b8cab98ee48d.htm @php;
}

location @php {
try_files $1 = 404;

  include /etc/nginx/fastcgi_params;
  fastcgi_split_path_info ^(.+\.php)(/.+)\$;
  fastcgi_param SCRIPT_FILENAME $document_root$1;
  fastcgi_param PATH_INFO $2;
  fastcgi_param HTTPS on;
  fastcgi_pass unix:/var/lib/fastcgi/xibo-php-fpm.socket;
  fastcgi_index index.php;
        # This is for a proper working of WSDL clients
  if ($request_method = 'OPTIONS') {
  	add_header 'Access-Control-Allow-Origin' "$http_origin";
  	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  	#
  	# Custom headers and headers various browsers *should* be OK with but aren't
  	#
  	add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,MessageType,SOAPAction';
  	#
  	# Tell client that this pre-flight info is valid for 20 days
  	#
  	add_header 'Access-Control-Max-Age' 1728000;
  	add_header 'Content-Type' 'text/plain charset=UTF-8';
  	add_header 'Content-Length' 0;
  	return 204;
  }

  if ($request_method = 'POST') {
  	add_header 'Access-Control-Allow-Origin' '*';
  	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  	add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
  }

  if ($request_method = 'GET') {
  	add_header 'Access-Control-Allow-Origin' '*';
  	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  	add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
  }

}
# To enable nginx direct file downloads
location /download {
internal;
alias /var/www/xibo/library;
}
}

1 Like
2

Nice! (20 Characters)