From ec457491879893c8cfcc9dd6542d1593aa5c91f5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 15 Oct 2020 08:59:51 +0200 Subject: Doc: add PHP 7.4 and 8.0 as supported version --- doc/md/Server-configuration.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc/md/Server-configuration.md') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 297d7c29..14070c8a 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -40,6 +40,8 @@ Supported PHP versions: Version | Status | Shaarli compatibility :---:|:---:|:---: +8.0 | Supported | Yes +7.4 | Supported | Yes 7.3 | Supported | Yes 7.2 | Supported | Yes 7.1 | Supported | Yes @@ -53,7 +55,7 @@ Required PHP extensions: Extension | Required? | Usage ---|:---:|--- -[`openssl`](http://php.net/manual/en/book.openssl.php) | requires | OpenSSL, HTTPS +[`openssl`](http://php.net/manual/en/book.openssl.php) | required | OpenSSL, HTTPS [`php-json`](http://php.net/manual/en/book.json.php) | required | configuration parsing [`php-simplexml`](https://www.php.net/manual/en/book.simplexml.php) | required | REST API (Slim framework) [`php-mbstring`](http://php.net/manual/en/book.mbstring.php) | CentOS, Fedora, RHEL, Windows, some hosting providers | multibyte (Unicode) string support @@ -421,7 +423,7 @@ By default Shaarli already disallows indexing of your local copy of the document before = common.conf [Definition] failregex = \s-\s\s-\sLogin failed for user.*$ -ignoreregex = +ignoreregex = ``` ```ini -- cgit v1.2.3 From 7f5250421be4832b9679d8140bc4a71c8005dfa3 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 16 Oct 2020 12:47:11 +0200 Subject: Support using Shaarli without URL rewriting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Shaarli can be fully used by prefixing any URL with /index.php/ - {$base_path} used in templates already works with this configuration - Assets path (outside of theme's assets) must be prefixed with {$root_url}/ - Documentation section in « Server configuration » Fixes #1590 --- doc/md/Server-configuration.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'doc/md/Server-configuration.md') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 14070c8a..73302bc6 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -362,7 +362,23 @@ sudo systemctl reload nginx If Shaarli is hosted on a server behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) (i.e. there is a proxy server between clients and the web server hosting Shaarli), configure it accordingly. See [Reverse proxy](Reverse-proxy.md) configuration. +## Using Shaarli without URL rewriting +By default, Shaarli uses Slim framework's URL, which requires +URL rewriting. + +If you can't use URL rewriting for any reason (not supported by +your web server, shared hosting, etc.), you *can* use Shaarli +without URL rewriting. + +You just need to prefix your URL by `/index.php/`. +Example: instead of accessing `https://shaarli.mydomain.org/`, +use `https://shaarli.mydomain.org/index.php/`. + +**Recommended:** + * after installation, in the configuration page, set your header link to `/index.php/`. + * in you `config.json.php` set `general.root_url` to + `https://shaarli.mydomain.org/index.php/`. ## Allow import of large browser bookmarks export -- cgit v1.2.3 From 7836ed9b2e98e2c6898f011e431d3a58ebcfa3e5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 16 Oct 2020 19:20:45 +0200 Subject: Doc: typo --- doc/md/Server-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/md/Server-configuration.md') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 73302bc6..8cb39934 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -377,7 +377,7 @@ use `https://shaarli.mydomain.org/index.php/`. **Recommended:** * after installation, in the configuration page, set your header link to `/index.php/`. - * in you `config.json.php` set `general.root_url` to + * in your configuration file `config.json.php` set `general.root_url` to `https://shaarli.mydomain.org/index.php/`. ## Allow import of large browser bookmarks export -- cgit v1.2.3 From 2f87bfdc69052cd64e84b1d2b97a0af14991a385 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 21 Oct 2020 15:23:30 +0200 Subject: Fix: nginx - add rule to disable url-rewriting for the docs Related to #1603 --- doc/md/Server-configuration.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc/md/Server-configuration.md') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 8cb39934..4e74d80b 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -325,6 +325,11 @@ server { deny all; } + location ~ /doc/ { + default_type "text/html"; + try_files $uri $uri/ $uri.html =404; + } + location = /favicon.ico { # serve the Shaarli favicon from its custom location alias /var/www/shaarli/images/favicon.ico; -- cgit v1.2.3 From ce901a58289c72bf7f4dc3515a2be70562cd618b Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 7 Nov 2020 14:27:49 +0100 Subject: Reviewed nginx configuration Both in documentation and Docker image. For security purpose, it no longer allow to access static files through the main nginx *location*. Static files are served if their extension matches the whitelist. As a side effect, we no longer need specific restrictions, and therefore it fixes the nginx part of #1608. --- doc/md/Server-configuration.md | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) (limited to 'doc/md/Server-configuration.md') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 4e74d80b..5b8aff53 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -296,7 +296,7 @@ server { location / { # default index file when no file URI is requested index index.php; - try_files $uri /index.php$is_args$args; + try_files _ /index.php$is_args$args; } location ~ (index)\.php$ { @@ -309,23 +309,7 @@ server { include fastcgi.conf; } - location ~ \.php$ { - # deny access to all other PHP scripts - # disable this if you host other PHP applications on the same virtualhost - deny all; - } - - location ~ /\. { - # deny access to dotfiles - deny all; - } - - location ~ ~$ { - # deny access to temp editor files, e.g. "script.php~" - deny all; - } - - location ~ /doc/ { + location ~ /doc/html/ { default_type "text/html"; try_files $uri $uri/ $uri.html =404; } @@ -336,13 +320,12 @@ server { } # allow client-side caching of static files - location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { + location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ { expires max; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # HTTP 1.0 compatibility add_header Pragma public; } - } ``` -- cgit v1.2.3 From 8a9796014ce6c842095a9d031c8cbf40da761e0f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 8 Nov 2020 13:13:13 +0100 Subject: Reviewed Apache configuration (in documentation) For security purpose, block access to any static file not matching the list of allowed extensions. It allows us to remove the specific retriction on dotfiles, and fix Apache part of #1608. --- doc/md/Server-configuration.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'doc/md/Server-configuration.md') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 4e74d80b..66db8c57 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -193,19 +193,24 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf Require all granted - - # Prevent accessing dotfiles - RedirectMatch 404 ".*" - + # BE CAREFUL: directives order matter! - + + Require all denied + + + + Require all granted + + + # allow client-side caching of static files Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" - + + # serve the Shaarli favicon from its custom location Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico - ``` -- cgit v1.2.3