MediaWiki on Nginx - shawfdong/hyades GitHub Wiki

Here we document the configurations for our web server [pleiades.ucsc.edu]. The objectives are:

  1. to serve static contents via http
  2. to serve the Hyades wiki, running MediaWiki, via https
  3. to redirect http://pleiades.ucsc.edu/hyades/ to https://pleiades.ucsc.edu/hyades/
  4. to redirect both http://pleiades.ucsc.edu/ and https://pleiades.ucsc.edu/ to https://pleiades.ucsc.edu/hyades/Shawfeng_Dong
Nginx is my web server of choice. Here is the configuration for the http server (/etc/nginx/conf.d/default.conf): 
server {
    listen       80;
    server_name  pleiades.ucsc.edu;
    root         /var/www/html;
    index        index.html;
    autoindex    off;

    # Prevent access to any file starting with a dot
    location ~ /\. { access_log off; log_not_found off; deny all; }

    # Prevent access to any files ending with a ~
    location ~ ~$ { access_log off; log_not_found off; deny all; }

    # Do not log access to robots.txt, to keep the logs cleaner
    location = /robots.txt { access_log off; log_not_found off; }

    # Do not log access to the favicon, to keep the logs cleaner
    location = /favicon.ico { access_log off; log_not_found off; }

    # Keep images and CSS around in browser cache for as long as possible
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }

    location = /_.gif {
        expires max;
        empty_gif;
    }

    location /centos {
        autoindex  on;
    }

    location /epel {
        autoindex  on;
    }

    location /dell {
        autoindex  on;
    }

    location /doc {
        autoindex  on;
    }

    location /codes {
        autoindex  on;
    }

    location ^~ /hyades {
        return 301 https://$server_name$request_uri;
    }

    error_page  403 404          /_.gif;
    error_page  500 502 503 504  /_.gif;
}

Here is the configuration for the https server (/etc/nginx/conf.d/ssl.conf): 

server {
    listen       443 ssl;
    server_name  pleiades.ucsc.edu;

    ssl_certificate      /etc/ssl/pleiades.crt;
    ssl_certificate_key  /etc/ssl/pleiades.key;

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout  10m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    # ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    root         /var/www/ssl;
    index        index.html index.php;
    autoindex    off;

    # Prevent access to any file starting with a dot
    location ~ /\. { access_log off; log_not_found off; deny all; }

    # Prevent access to any files ending with a ~
    location ~ ~$ { access_log off; log_not_found off; deny all; }

    # Do not log access to robots.txt, to keep the logs cleaner
    location = /robots.txt { access_log off; log_not_found off; }

    # Do not log access to the favicon, to keep the logs cleaner
    location = /favicon.ico { access_log off; log_not_found off; }

    location = /_.gif {
        expires max;
        empty_gif;
    }
 
    location /hyades {
        index index.php;
        try_files $uri $uri/ @hyades;
    }

    location @hyades {
        rewrite ^/hyades/([^?]*)(?:\?(.*))? /hyades/index.php?title=$1&$2 last;
    }

    location ^~ /hyades/cache/ { deny all; }
    location ^~ /hyades/docs/ { internal; }
    location ^~ /hyades/extensions/ { internal; }
    location ^~ /hyades/includes/ { internal; }
    location ^~ /hyades/maintenance/ { internal; }
    location ^~ /hyades/mw-config/ { internal; } #Uncomment after installation
    location ^~ /hyades/resources/ { internal; }
    location ^~ /hyades/serialized/ { internal; }

    location ~* ^/hyades/images/.*\.(html|htm|shtml|php)$ {
        types { }
        default_type text/plain;
    }

    location ^~ ^/hyades/images/ {
        try_files $uri /hyades/index.php;
    }

    error_page  403 404          /_.gif;
    error_page  500 502 503 504  /_.gif;

    location ~ \.php$ {
    	try_files $uri =404;
	fastcgi_pass   unix:/var/lib/php-fpm/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

Here nginx acts as a reverse proxy server, passing requests to the FastCGI server PHP-FPM. PHP-FPM can listen either on a TCP/IP socket or on a UNIX socket – the latter is slightly faster. To switch from the default TCP/IP socket to UNIX socket, replace the following line in /etc/php-fpm.d/www.conf: 

listen = 127.0.0.1:9000
with 
listen = /var/lib/php-fpm/php-fpm.sock

Lastly we redirect both http://pleiades.ucsc.edu/ and https://pleiades.ucsc.edu/ to https://pleiades.ucsc.edu/hyades/Shawfeng_Dong, using the following index.html: 

<!DOCTYPE HTML>
<html lang="en-US">
  <head>
    <meta charset="UTF-8">
    <meta http-equiv="refresh" content="0;url=https://pleiades.ucsc.edu/hyades/Shawfeng_Dong">
    <script type="text/javascript">
      window.location.href = "https://pleiades.ucsc.edu/hyades/Shawfeng_Dong"
    </script>
    <title>Shawfeng Dong</title>
  </head>
  <body>
    If you are not redirected automatically, follow the link
    <a href='https://pleiades.ucsc.edu/hyades/Shawfeng_Dong'>
    https://pleiades.ucsc.edu/hyades/Shawfeng_Dong</a>.
  </body>
</html>

See Also

⚠️ **GitHub.com Fallback** ⚠️