Jeremy Penner
0f4ed105cb
default.nix should continue to work, but module.nix now needs to be passed a system-agnostic reference to the php52 package.
70 lines
1.9 KiB
Nix
70 lines
1.9 KiB
Nix
pkgs: let
|
|
lib = pkgs.lib;
|
|
vhost = cfg: lib.recursiveUpdate {
|
|
extraConfig = ''
|
|
client_max_body_size 200m;
|
|
index index.php index.html index.htm;
|
|
'' + cfg.extraConfig or "";
|
|
locations = {
|
|
"/favicon.ico" = {
|
|
extraConfig = ''
|
|
log_not_found off;
|
|
access_log off;
|
|
'';
|
|
};
|
|
"/robots.txt" = {
|
|
extraConfig = ''
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
'';
|
|
};
|
|
"~ \\..*/.*\\.php$" = { return = "403"; };
|
|
"~ ^/sites/.*/private/" = { return = "403"; };
|
|
|
|
# Block access to "hidden" files and directories whose names begin with a
|
|
# period. This includes directories used by version control systems such
|
|
# as Subversion or Git to store control files.
|
|
"~ (^|/)\\.(?!well-known/)" = { return = "403"; };
|
|
"~ \\.php$" = {
|
|
extraConfig = ''
|
|
client_max_body_size 200m;
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
if (!-f $document_root$fastcgi_script_name) {
|
|
return 404;
|
|
}
|
|
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
fastcgi_index index.php;
|
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
|
fastcgi_param HTTP_PROXY "";
|
|
'';
|
|
};
|
|
"~ /\.ht" = {
|
|
extraConfig = ''
|
|
# deny access to .htaccess files, if Apache's document root
|
|
# concurs with nginx's one
|
|
deny all;
|
|
'';
|
|
};
|
|
};
|
|
} (builtins.removeAttrs cfg [ "extraConfig" ]);
|
|
vhostDrupal = cfg: vhost (lib.recursiveUpdate cfg {
|
|
locations = {
|
|
"/" = { tryFiles = "$uri @rewrite"; };
|
|
"@rewrite" = {
|
|
extraConfig = ''
|
|
# For Drupal 6 and bwlow:
|
|
# Some modules enforce no slash (/) at the end of the URL
|
|
# Else this rewrite block wouldn't be needed (GlobalRedirect)
|
|
rewrite ^/(.*)$ /index.php?q=$1;
|
|
'';
|
|
};
|
|
};
|
|
});
|
|
in
|
|
{
|
|
inherit vhost vhostDrupal;
|
|
}
|