index index.html index.php;
server {
- listen 80;
- root /var/www/shaarli;
+ listen 80;
+ root /var/www/shaarli;
access_log /var/log/nginx/shaarli.access.log;
error_log /var/log/nginx/shaarli.error.log;
- location ~ /\. {
- # deny access to dotfiles
- access_log off;
- log_not_found off;
- deny all;
- }
-
- location ~ ~$ {
- # deny access to temp editor files, e.g. "script.php~"
- access_log off;
- log_not_found off;
- deny all;
- }
-
- location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+ location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ {
# cache static assets
expires max;
add_header Pragma public;
alias /var/www/shaarli/images/favicon.ico;
}
+ location /doc/html/ {
+ default_type "text/html";
+ try_files $uri $uri/ $uri.html =404;
+ }
+
location / {
- # Slim - rewrite URLs
- try_files $uri /index.php$is_args$args;
+ # Slim - rewrite URLs & do NOT serve static files through this location
+ try_files _ /index.php$is_args$args;
}
- location ~ (index)\.php$ {
+ location ~ index\.php$ {
# Slim - split URL path into (script_filename, path_info)
try_files $uri =404;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_split_path_info ^(index.php)(/.+)$;
# filter and proxy PHP requests to PHP-FPM
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
-
- location ~ /doc/ {
- default_type "text/html";
- try_files $uri $uri/ $uri.html =404;
- }
-
- location ~ \.php$ {
- # deny access to all other PHP scripts
- deny all;
- }
}
}
.dev
.git
.github
+.gitattributes
+.gitignore
+.travis.yml
tests
+# Docker related resources are not needed inside the container
+.dockerignore
+Dockerfile
+Dockerfile.armhf
+
# Docker Compose resources
docker-compose.yml
pagecache/*
tmp/*
+# Shaarli's docs are created during the build
+doc/html/
+
# Eclipse project files
.settings
.buildpath
# Alternative (if the 2 lines above don't work)
# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
-# REST API
+# Slim URL Redirection
# Ionos Hosting needs RewriteBase /
# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
+
# Docker
[Docker](https://docs.docker.com/get-started/overview/) is an open platform for developing, shipping, and running applications
# Download the latest version of Shaarli's docker-compose.yml
$ curl -L https://raw.githubusercontent.com/shaarli/Shaarli/latest/docker-compose.yml -o docker-compose.yml
# Create the .env file and fill in your VPS and domain information
-# (replace <MY_SHAARLI_DOMAIN> and <MY_CONTACT_EMAIL> with your actual information)
+# (replace <shaarli.mydomain.org>, <admin@mydomain.org> and <latest> with your actual information)
$ echo 'SHAARLI_VIRTUAL_HOST=shaarli.mydomain.org' > .env
$ echo 'SHAARLI_LETSENCRYPT_EMAIL=admin@mydomain.org' >> .env
+# Available Docker tags can be found at https://hub.docker.com/r/shaarli/shaarli/tags
+$ echo 'SHAARLI_DOCKER_TAG=latest' >> .env
# Pull the Docker images
$ docker-compose pull
# Run!
- [docker pull](https://docs.docker.com/engine/reference/commandline/pull/)
- [docker run](https://docs.docker.com/engine/reference/commandline/run/)
- [docker-compose logs](https://docs.docker.com/compose/reference/logs/)
-- Træfik: [Getting Started](https://docs.traefik.io/), [Docker backend](https://docs.traefik.io/configuration/backends/docker/), [Let's Encrypt](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/), [Docker image](https://hub.docker.com/_/traefik/)
\ No newline at end of file
+- Træfik: [Getting Started](https://docs.traefik.io/), [Docker backend](https://docs.traefik.io/configuration/backends/docker/), [Let's Encrypt](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/), [Docker image](https://hub.docker.com/_/traefik/)
Require all granted
</Directory>
- <LocationMatch "/\.">
- # Prevent accessing dotfiles
- RedirectMatch 404 ".*"
- </LocationMatch>
+ # BE CAREFUL: directives order matter!
- <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$">
+ <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$">
+ Require all denied
+ </FilesMatch>
+
+ <Files "index.php">
+ Require all granted
+ </Files>
+
+ <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$">
# allow client-side caching of static files
Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate"
- </LocationMatch>
+ </FilesMatch>
+
# serve the Shaarli favicon from its custom location
Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico
-
</VirtualHost>
```
location / {
# default index file when no file URI is requested
index index.php;
- try_files $uri /index.php$is_args$args;
+ try_files _ /index.php$is_args$args;
}
location ~ (index)\.php$ {
include fastcgi.conf;
}
- location ~ \.php$ {
- # deny access to all other PHP scripts
- # disable this if you host other PHP applications on the same virtualhost
- deny all;
- }
-
- location ~ /\. {
- # deny access to dotfiles
- deny all;
- }
-
- location ~ ~$ {
- # deny access to temp editor files, e.g. "script.php~"
- deny all;
- }
-
- location ~ /doc/ {
+ location ~ /doc/html/ {
default_type "text/html";
try_files $uri $uri/ $uri.html =404;
}
}
# allow client-side caching of static files
- location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+ location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
# HTTP 1.0 compatibility
add_header Pragma public;
}
-
}
```
# Shaarli - Docker Compose example configuration
#
# See:
-# - https://shaarli.readthedocs.io/en/master/docker/shaarli-images/
-# - https://shaarli.readthedocs.io/en/master/guides/install-shaarli-with-debian9-and-docker/
+# - https://shaarli.readthedocs.io/en/master/Docker/#docker-compose
#
# Environment variables:
# - SHAARLI_VIRTUAL_HOST Fully Qualified Domain Name for the Shaarli instance
# - SHAARLI_LETSENCRYPT_EMAIL Contact email for certificate renewal
+# - SHAARLI_DOCKER_TAG Shaarli docker tag to use
+# See: https://hub.docker.com/r/shaarli/shaarli/tags
version: '3'
networks:
services:
shaarli:
- image: shaarli/shaarli:master
+ image: shaarli/shaarli:${SHAARLI_DOCKER_TAG}
build: ./
networks:
- http-proxy
- "--entrypoints=Name:https Address::443 TLS"
- "--retry"
- "--docker"
- - "--docker.domain=docker.localhost"
+ - "--docker.domain=${SHAARLI_VIRTUAL_HOST}"
- "--docker.exposedbydefault=true"
- "--docker.watch=true"
- "--acme"