Skip to content

Nginx Setup

Jump to bottom
Ryan edited this page Apr 25, 2025 · 8 revisions

Nginx Setup for FileRise

This guide covers how to configure Nginx for running FileRise on your server. You can use Nginx either as a standalone web server with PHP-FPM or as a reverse proxy in front of Apache. The configuration examples below assume you are running PHP-FPM.

Prerequisites

  • Nginx installed: Make sure you have Nginx installed on your system.
  • PHP-FPM installed: FileRise requires PHP 8.3+ and PHP-FPM to execute PHP files.
  • FileRise installed: Ensure FileRise is deployed on your server (e.g., in /var/www/FileRise).

Basic Nginx Configuration

Below is a sample Nginx server block configuration for serving FileRise. Adjust paths and settings as needed:

server {
    listen 80;
    server_name yourdomain.com;      # your domain or IP
    root /var/www/public;   # point at the public folder
    index index.php index.html;

    # 1) PHP-FPM for your auth check (internal only)
    location = /api/auth/auth.php {
        internal;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/api/auth/auth.php;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
    }

    # 2) Protect your API docs via auth_request
    location ~ ^/(api\.html|openapi\.json)$ {
        auth_request /api/auth/auth.php;
        error_page 401 = @login;    # redirect if not logged in
        try_files $uri =404;
    }

    # 3) Redirect to login when auth_request fails
    location @login {
        return 302 /login?redirect=$request_uri;
    }

    # 4) Main app routing: serve files or fall back to index.php
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # 5) PHP-FPM for everyone else
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
        fastcgi_index index.php;
    }

    # Deny access to dot-files and sensitive paths
    location ~* /(users\.txt|\.htaccess|\.git|metadata) {
        deny all;
    }
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Optional: cache static assets
    location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
        expires 30d;
        access_log off;
    }
}

Clone this wiki locally