Nginx serve static website and kirby panel?

Thatoo · April 24, 2026, 1:00pm

Hello,

Here is how I wrote nginx conf to serve Kirby in my_webapp :

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.conf
#sub_path_only rewrite ^/$ / permanent;
location / {

    # Path to source
    alias /var/www/my_webapp__4/www/;


    # Default indexes and catch-all
    index index.php index.html;
    try_files $uri $uri/ /index.php?$args =404;

    # Prevent useless logs
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to hidden files and directories
    location ~ ^/(.+/|)\.(?!well-known\/) {
        deny all;
    }

    include conf.d/kirby.domain.tld.d/my_webapp__4.d/*.conf;

    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
}

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/kirby.conf
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# Block bad bots
if ($http_user_agent ~* "(BlackWidow|ChinaClaw|larbin|HTTrack|Wget|WebCopier|Go!Zilla|Zeus|EmailSiphon|EmailWolf|Express WebPictures)") {
    return 403;
}

# Disable access to hidden files except .well-known
location ~ /\.(?!well-known) {
    deny all;
}

# Restrict access to system and content files
location ~* ^/(site|kirby)/ {
    deny all;
}

location ~* ^/content/.*\.(txt|md|mdown)$ {
    deny all;
}

# Disable directory listing
autoindex off;

# Disable ETags
etag off;

# MIME and charset
include mime.types;
default_type application/octet-stream;

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.d/php.conf
# Execute and serve PHP files
location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
}
kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.d/kirby.conf
# Remove index.php from URL needed on some cms
if (!-e $request_filename) {
    rewrite ^(.*)$ /index.php?q=$1 last;
}

And that works perfectly. It serves all pages and the Kirby admin panel when I visit https://kirby.domain.tld/edition .

Now, I added a plugin to Kirby that build a static version of my website on demand in the /var/www/my_webapp__4/static/ directory.

What I would like is for nginx to serve the static website so I’d change

alias /var/www/my_webapp__4/www/;

to

alias /var/www/my_webapp__4/static/;

in /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.conf file (and that works)

but I want also nginx to server kirby panel when the user visit https://kirby.domain.tld/edition .

Thatoo · April 24, 2026, 1:06pm

Here is what I wrote but doesn’t work so far :

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.somain.tld.d/my_webapp__4.conf
#sub_path_only rewrite ^/$ / permanent;
location / {

    # Path to source
    root /var/www/my_webapp__4/static/;

    # Default indexes and catch-all
    index index.php index.html;
    try_files $uri $uri/ /index.php?$args =404;

    # Prevent useless logs
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to hidden files and directories
    location ~ ^/(.+/|)\.(?!well-known\/) {
        deny all;
    }

    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
}

# redirect /edition (no slash) to /edition/
location = /edition {
    return 301 /edition/;
}

# handle /edition PHP app (top-level location)
location ^~ /edition/ {
    alias /var/www/my_webapp__4/www/;
    index index.php index.html;
    try_files $uri $uri/ /edition/index.php?$args =404;

    # Remove index.php from URL needed on some cms
    if (!-e $request_filename) {
        rewrite ^(.*)$ /index.php?q=$1 last;
    }
}

# PHP processing for files under /edition
location ~ [^/edition]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME /var/www/my_webapp__4/www$fastcgi_script_name;;
}

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld/kirby.conf
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# Block bad bots
if ($http_user_agent ~* "(BlackWidow|ChinaClaw|larbin|HTTrack|Wget|WebCopier|Go!Zilla|Zeus|EmailSiphon|EmailWolf|Express WebPictures)") {
    return 403;
}

# Disable access to hidden files except .well-known
location ~ /\.(?!well-known) {
    deny all;
}

# Restrict access to system and content files
location ~* ^/(site|kirby)/ {
    deny all;
}

location ~* ^/content/.*\.(txt|md|mdown)$ {
    deny all;
}

# Disable directory listing
autoindex off;

# Disable ETags
etag off;

# MIME and charset
include mime.types;
default_type application/octet-stream;

It does serve well the static website but when I go to /edition, my web browser download /var/www/my_webapp__4/www/index.php file instead of running it.

I’m looking for any idea