I manage two different blogs, but want them served on a single webserver as subsites. Think of it as the following structure:
family.org <- will give a simple html table with the overview & links to subsites
family.org/student1blog <- will be one person’s grav site
family.org/student2blog <- contains another persons grav site
each of the students blogs is one grav entity.
Note that for conceptual and historical reasons, I’d like to avoid switching to a “student1.family.org” logic.
I have trouble getting the nginx config right. I admit I’m new to nginx; in fact I’ve all this working for apache but would like to switch.
- Do I have to move the subsites to “locations” or separate “servers”?
- I keep getting “403”'s . Are Security settings an issue?
Thanks in advance!
user my_user;
worker_processes auto;
worker_rlimit_nofile 8192; # should be bigger than worker_connections
#pid logs/nginx.pid;
#pid /run/nginx.pid;
events {
use epoll;
worker_connections 8000;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
server_tokens off;
# maximum file upload size
# update 'upload_max_filesize' & 'post_max_size' in /etc/php/fpm/php.ini accordingly
client_max_body_size 32m;
# client_body_timeout 60s; # increase for very long file uploads
# set default index file (can be overwritten for each site individually)
index index.html;
# load MIME types
include mime.types; # get this file from https://github.com/h5bp/server-configs-nginx
default_type application/octet-stream; # set default MIME type
# logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# turn on gzip compression
# [as in the default example]
# disable content type sniffing for more security
add_header "X-Content-Type-Options" "nosniff";
# force the latest IE version
add_header "X-UA-Compatible" "IE=Edge";
# enable anti-cross-site scripting filter built into IE 8+
add_header "X-XSS-Protection" "1; mode=block";
# include virtual host configs
include sites-enabled/*;
# redirect http to non-www https
server {
listen [::]:80;
listen 80;
## Begin - Server Info
root <basefolder>;
server_name family.org www.family.org;
## End - Server Info
## Begin - Index
# for subfolders, simply adjust:
# `location /subfolder {`
# and the rewrite to use `/subfolder/index.php`
location / {
index index.html index.htm;
}
location /student1 {
alias <basefolder>/student1;
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
location ~ \.php$ {
# Choose either a socket or TCP/IP address
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy
# fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP
}
location /student2 {
alias <basefolder>/student2;
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
location ~ \.php$ {
# Choose either a socket or TCP/IP address
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy
# fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP
}
location /share {
autoindex on;
}
## End - Index
}
}