Hi,
I’m having trouble with nginx config for k3.
I am following the cookbook example:
server {
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name SERVER_NAME;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = SERVER_NAME) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name SERVER_NAME;
return 404; # managed by Certbot
}
This results in the following route behaviour:
/ downloads the index.php file
/anyroute correct behaviour, rendered page
/panel downloads the index.php file
/panel/site correct behaviour, rendered page
In addition, files in the content and site folder are accessible. For instance:
/site/blueprints/pages/default.yml will download the blueprint file.
How can I fix the file download behaviour on the / the /panel routes and how can I block access to the system folders?