Copy to clipboard
# Enforcing HTTPS
# To enforce insecure connections to Tiki, you can make Nginx redirect all traffic
# from http:// to https://. But note that:
# 1) It is important to check https configuration in tiki preferences to avoid
# conflicts. Tiki needs to allow https everywhere (it does by default).
# The most common issue in case of configuration conflict is problems to login into Tiki.
# 2) Tiki can do the equivalent of this in it's own preference (pref: session_protected)
#
#server {
# listen 80;
# server_name example.com;
# return 301 https://$server_name$request_uri;
#}
server {
listen 80; #Comment this out if enabling forced https above
# http2 allows http multiplexing and is important for performance for tiki
# that inevitably serves a lot of small files that can't be bundled together.
# And yes, it means serving over https is faster.
listen 443 ssl http2;
server_name example.com; #tiki.local is a typical choice for local development. You then add 127.0.0.1 tiki.local to /etc/hosts
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html; #Change this to where you have tiki installed
index tiki-index_raw.php index.php index.html;
location / {
# Use route.php to have SEO-friendly URLs
try_files $uri $uri/ /route.php?q=$uri&$args;
}
location ~ \.(bak|exe|inc|ini|lib|pl|py|sh|sql|tpl)$ {
deny all;
}
# Prevent browsing of .git and node_modules content
location ~ /(?:\.git|node_modules)/ {
return 403;
}
location ~ \.php$ {
#Fastcgi default nginx config https://blog.martinfjordvald.com/nginx-config-history-fastcgi_params-versus-fastcgi-conf/
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Avoid issues with HTTP header injections in PHP-FPM See https://httpoxy.org/ for more information.
fastcgi_param HTTP_PROXY "";
# With php5-cgi alone
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
# Except in recent ubuntu and debian, this path used to change for every php version, so you may have to change it
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_index index.php;
#Tiki serves huge files, and this is probably not where you want to set a lower limit
client_max_body_size 2000M;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# MIME Types. As of 2024-08-13 this is required even on very recent ubuntu to serve native esm modules with a mjs extension.
types
{
application/javascript mjs;
}
# Performance tweaks
# Gzip compression is crucial for performance, especially for css and js files
gzip on;
gzip_types text/plain text/css application/xml application/javascript image/svg+xml
}