Eu tenho isso configurado no Apache, mas não consigo fazê-lo funcionar no nginx. Eu tenho dois sites um que cobre tudo, outro em /news/. Eles executam a mesma estrutura - Silverstripe.
Aqui está meu nginx conf:
server {
include mime.types;
default_type application/octet-stream;
client_max_body_size 0; # Manage this in php.ini
listen 80;
listen 443 ssl;
root /var/www/html/example/webroot;
server_name example.com www.example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/example/privkey.pem;
access_log /var/log/nginx/example/access.log main;
error_log /var/log/nginx/example/error.log;
# Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
if ($http_x_forwarded_host) {
return 400;
}
location ^~ /news/ {
root /var/www/html/example2/webroot;
try_files $uri /framework/main.php?url=$uri&$query_string;
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_buffers 4 32k;
fastcgi_keep_conn on;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
location / {
try_files $uri /framework/main.php?url=$uri&$query_string;
}
error_page 404 /assets/error-404.html;
error_page 500 /assets/error-500.html;
location ^~ /assets/ {
sendfile on;
try_files $uri =404;
}
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_buffers 4 32k;
fastcgi_keep_conn on;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Denials
location ~ /\.. {
deny all;
}
location ~ \.ss$ {
satisfy any;
allow 127.0.0.1;
deny all;
}
location ~ \.ya?ml$ {
deny all;
}
location ~* README.*$ {
deny all;
}
location ^~ /vendor/ {
deny all;
}
location ~* /silverstripe-cache/ {
deny all;
}
location ~* composer\.(json|lock)$ {
deny all;
}
location ~* /(cms|framework)/silverstripe_version$ {
deny all;
}
}
Eu tentei algumas outras coisas semelhantes a isso, mas sempre acaba o mesmo resultado, o servidor retornando um Moved Permanently para a mesma URL.
Graças a este passo a passo eu descobri: