Last active
November 25, 2025 14:47
-
-
Save millipedia/c0f7eb00a198a66c14eb063bb3659698 to your computer and use it in GitHub Desktop.
nginx conf tweaks for PW on Ploi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## begin custom config | |
| # mostly from jacmaes setup in the PW forum. | |
| location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ { | |
| add_header Access-Control-Allow-Origin "*"; | |
| expires 48h; | |
| access_log off; | |
| try_files $uri $uri/ /index.php?it=$uri&$args; | |
| } | |
| # Block access to ProcessWire system files | |
| location ~ \.(inc|info|module|sh|sql)$ { | |
| deny all; | |
| } | |
| # Block access to protected assets directories | |
| location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) { | |
| deny all; | |
| } | |
| # Block acceess to the /site/install/ directory | |
| location ~ ^/(site|site-[^/]+)/install($|/.*$) { | |
| deny all; | |
| } | |
| # Block dirs in /site/assets/ dirs that start with a hyphen | |
| location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* { | |
| deny all; | |
| } | |
| # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php | |
| location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ { | |
| deny all; | |
| } | |
| # Block access to any PHP-based files in /templates-admin/ | |
| location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ { | |
| deny all; | |
| } | |
| # Block access to any PHP or markup files in /site/templates/ | |
| location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ { | |
| deny all; | |
| } | |
| # Block access to any PHP files in /site/assets/ | |
| location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ { | |
| deny all; | |
| } | |
| # Block access to any PHP files in core or core module directories | |
| location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ { | |
| deny all; | |
| } | |
| # Block access to any PHP files in /site/modules/ | |
| location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ { | |
| deny all; | |
| } | |
| # Block access to any software identifying txt files | |
| location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ { | |
| deny all; | |
| } | |
| # ProCache Rules | |
| set $cache_uri $request_uri; | |
| if ($request_method = POST) { | |
| set $cache_uri 'nocache'; | |
| } | |
| if ($request_method = HX_REQUEST) { | |
| set $cache_uri 'nocache'; | |
| } | |
| if ($http_cookie ~* "wires_challenge") { | |
| set $cache_uri 'nocache'; | |
| } | |
| if ($http_cookie ~* "persist") { | |
| set $cache_uri 'nocache'; | |
| } | |
| # ----------------------------------------------------------------------------------------------- | |
| # This location processes all other requests. If the request is for a file or directory that | |
| # physically exists on the server, then load the file. Else give control to ProcessWire. | |
| # ----------------------------------------------------------------------------------------------- | |
| location / { | |
| # WireRequestBlocker | |
| # Check if blocking files exist for the client IP | |
| if (-f $document_root/site/assets/.WireRequestBlocker/$remote_addr.xt) { | |
| return 403; | |
| } | |
| if (-f $document_root/site/assets/.WireRequestBlocker/$remote_addr.xp) { | |
| return 403; | |
| } | |
| expires -1; | |
| try_files /site/assets/ProCache-xxxxxxxxxxxxxyourxprocachekeyxxxx/$cache_uri/index.html $uri $uri/ /index.php?it=$uri&$args; | |
| } | |
| ######## end our custom bits. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment