diff options
Diffstat (limited to 'doc/md/Server-configuration.md')
| -rw-r--r-- | doc/md/Server-configuration.md | 63 |
1 files changed, 37 insertions, 26 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 297d7c29..a49b6033 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md | |||
| @@ -40,6 +40,8 @@ Supported PHP versions: | |||
| 40 | 40 | ||
| 41 | Version | Status | Shaarli compatibility | 41 | Version | Status | Shaarli compatibility |
| 42 | :---:|:---:|:---: | 42 | :---:|:---:|:---: |
| 43 | 8.0 | Supported | Yes | ||
| 44 | 7.4 | Supported | Yes | ||
| 43 | 7.3 | Supported | Yes | 45 | 7.3 | Supported | Yes |
| 44 | 7.2 | Supported | Yes | 46 | 7.2 | Supported | Yes |
| 45 | 7.1 | Supported | Yes | 47 | 7.1 | Supported | Yes |
| @@ -53,7 +55,7 @@ Required PHP extensions: | |||
| 53 | 55 | ||
| 54 | Extension | Required? | Usage | 56 | Extension | Required? | Usage |
| 55 | ---|:---:|--- | 57 | ---|:---:|--- |
| 56 | [`openssl`](http://php.net/manual/en/book.openssl.php) | requires | OpenSSL, HTTPS | 58 | [`openssl`](http://php.net/manual/en/book.openssl.php) | required | OpenSSL, HTTPS |
| 57 | [`php-json`](http://php.net/manual/en/book.json.php) | required | configuration parsing | 59 | [`php-json`](http://php.net/manual/en/book.json.php) | required | configuration parsing |
| 58 | [`php-simplexml`](https://www.php.net/manual/en/book.simplexml.php) | required | REST API (Slim framework) | 60 | [`php-simplexml`](https://www.php.net/manual/en/book.simplexml.php) | required | REST API (Slim framework) |
| 59 | [`php-mbstring`](http://php.net/manual/en/book.mbstring.php) | CentOS, Fedora, RHEL, Windows, some hosting providers | multibyte (Unicode) string support | 61 | [`php-mbstring`](http://php.net/manual/en/book.mbstring.php) | CentOS, Fedora, RHEL, Windows, some hosting providers | multibyte (Unicode) string support |
| @@ -191,19 +193,24 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
| 191 | Require all granted | 193 | Require all granted |
| 192 | </Directory> | 194 | </Directory> |
| 193 | 195 | ||
| 194 | <LocationMatch "/\."> | 196 | # BE CAREFUL: directives order matter! |
| 195 | # Prevent accessing dotfiles | ||
| 196 | RedirectMatch 404 ".*" | ||
| 197 | </LocationMatch> | ||
| 198 | 197 | ||
| 199 | <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$"> | 198 | <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$"> |
| 199 | Require all denied | ||
| 200 | </FilesMatch> | ||
| 201 | |||
| 202 | <Files "index.php"> | ||
| 203 | Require all granted | ||
| 204 | </Files> | ||
| 205 | |||
| 206 | <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$"> | ||
| 200 | # allow client-side caching of static files | 207 | # allow client-side caching of static files |
| 201 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" | 208 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" |
| 202 | </LocationMatch> | 209 | </FilesMatch> |
| 210 | |||
| 203 | 211 | ||
| 204 | # serve the Shaarli favicon from its custom location | 212 | # serve the Shaarli favicon from its custom location |
| 205 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico | 213 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico |
| 206 | |||
| 207 | </VirtualHost> | 214 | </VirtualHost> |
| 208 | ``` | 215 | ``` |
| 209 | 216 | ||
| @@ -294,7 +301,7 @@ server { | |||
| 294 | location / { | 301 | location / { |
| 295 | # default index file when no file URI is requested | 302 | # default index file when no file URI is requested |
| 296 | index index.php; | 303 | index index.php; |
| 297 | try_files $uri /index.php$is_args$args; | 304 | try_files _ /index.php$is_args$args; |
| 298 | } | 305 | } |
| 299 | 306 | ||
| 300 | location ~ (index)\.php$ { | 307 | location ~ (index)\.php$ { |
| @@ -307,20 +314,9 @@ server { | |||
| 307 | include fastcgi.conf; | 314 | include fastcgi.conf; |
| 308 | } | 315 | } |
| 309 | 316 | ||
| 310 | location ~ \.php$ { | 317 | location ~ /doc/html/ { |
| 311 | # deny access to all other PHP scripts | 318 | default_type "text/html"; |
| 312 | # disable this if you host other PHP applications on the same virtualhost | 319 | try_files $uri $uri/ $uri.html =404; |
| 313 | deny all; | ||
| 314 | } | ||
| 315 | |||
| 316 | location ~ /\. { | ||
| 317 | # deny access to dotfiles | ||
| 318 | deny all; | ||
| 319 | } | ||
| 320 | |||
| 321 | location ~ ~$ { | ||
| 322 | # deny access to temp editor files, e.g. "script.php~" | ||
| 323 | deny all; | ||
| 324 | } | 320 | } |
| 325 | 321 | ||
| 326 | location = /favicon.ico { | 322 | location = /favicon.ico { |
| @@ -329,13 +325,12 @@ server { | |||
| 329 | } | 325 | } |
| 330 | 326 | ||
| 331 | # allow client-side caching of static files | 327 | # allow client-side caching of static files |
| 332 | location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | 328 | location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ { |
| 333 | expires max; | 329 | expires max; |
| 334 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | 330 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; |
| 335 | # HTTP 1.0 compatibility | 331 | # HTTP 1.0 compatibility |
| 336 | add_header Pragma public; | 332 | add_header Pragma public; |
| 337 | } | 333 | } |
| 338 | |||
| 339 | } | 334 | } |
| 340 | ``` | 335 | ``` |
| 341 | 336 | ||
| @@ -360,7 +355,23 @@ sudo systemctl reload nginx | |||
| 360 | 355 | ||
| 361 | If Shaarli is hosted on a server behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) (i.e. there is a proxy server between clients and the web server hosting Shaarli), configure it accordingly. See [Reverse proxy](Reverse-proxy.md) configuration. | 356 | If Shaarli is hosted on a server behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) (i.e. there is a proxy server between clients and the web server hosting Shaarli), configure it accordingly. See [Reverse proxy](Reverse-proxy.md) configuration. |
| 362 | 357 | ||
| 358 | ## Using Shaarli without URL rewriting | ||
| 359 | |||
| 360 | By default, Shaarli uses Slim framework's URL, which requires | ||
| 361 | URL rewriting. | ||
| 362 | |||
| 363 | If you can't use URL rewriting for any reason (not supported by | ||
| 364 | your web server, shared hosting, etc.), you *can* use Shaarli | ||
| 365 | without URL rewriting. | ||
| 366 | |||
| 367 | You just need to prefix your URL by `/index.php/`. | ||
| 368 | Example: instead of accessing `https://shaarli.mydomain.org/`, | ||
| 369 | use `https://shaarli.mydomain.org/index.php/`. | ||
| 363 | 370 | ||
| 371 | **Recommended:** | ||
| 372 | * after installation, in the configuration page, set your header link to `/index.php/`. | ||
| 373 | * in your configuration file `config.json.php` set `general.root_url` to | ||
| 374 | `https://shaarli.mydomain.org/index.php/`. | ||
| 364 | 375 | ||
| 365 | ## Allow import of large browser bookmarks export | 376 | ## Allow import of large browser bookmarks export |
| 366 | 377 | ||
| @@ -421,7 +432,7 @@ By default Shaarli already disallows indexing of your local copy of the document | |||
| 421 | before = common.conf | 432 | before = common.conf |
| 422 | [Definition] | 433 | [Definition] |
| 423 | failregex = \s-\s<HOST>\s-\sLogin failed for user.*$ | 434 | failregex = \s-\s<HOST>\s-\sLogin failed for user.*$ |
| 424 | ignoreregex = | 435 | ignoreregex = |
| 425 | ``` | 436 | ``` |
| 426 | 437 | ||
| 427 | ```ini | 438 | ```ini |