Nginx serve static website and kirby panel?

Discuss Advanced use case
,
1

Hello,

Here is how I wrote nginx conf to serve Kirby in my_webapp :

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.conf
#sub_path_only rewrite ^/$ / permanent;
location / {

    # Path to source
    alias /var/www/my_webapp__4/www/;


    # Default indexes and catch-all
    index index.php index.html;
    try_files $uri $uri/ /index.php?$args =404;

    # Prevent useless logs
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to hidden files and directories
    location ~ ^/(.+/|)\.(?!well-known\/) {
        deny all;
    }

    include conf.d/kirby.domain.tld.d/my_webapp__4.d/*.conf;

    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
}

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/kirby.conf
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# Block bad bots
if ($http_user_agent ~* "(BlackWidow|ChinaClaw|larbin|HTTrack|Wget|WebCopier|Go!Zilla|Zeus|EmailSiphon|EmailWolf|Express WebPictures)") {
    return 403;
}

# Disable access to hidden files except .well-known
location ~ /\.(?!well-known) {
    deny all;
}

# Restrict access to system and content files
location ~* ^/(site|kirby)/ {
    deny all;
}

location ~* ^/content/.*\.(txt|md|mdown)$ {
    deny all;
}

# Disable directory listing
autoindex off;

# Disable ETags
etag off;

# MIME and charset
include mime.types;
default_type application/octet-stream;

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.d/php.conf
# Execute and serve PHP files
location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
}
kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.d/kirby.conf
# Remove index.php from URL needed on some cms
if (!-e $request_filename) {
    rewrite ^(.*)$ /index.php?q=$1 last;
}

And that works perfectly. It serves all pages and the Kirby admin panel when I visit https://kirby.domain.tld/edition .

Now, I added a plugin to Kirby that build a static version of my website on demand in the /var/www/my_webapp__4/static/ directory.

What I would like is for nginx to serve the static website so I’d change

alias /var/www/my_webapp__4/www/;

to

alias /var/www/my_webapp__4/static/;

in /etc/nginx/conf.d/kirby.domain.tld.d/my_webapp__4.conf file (and that works)

but I want also nginx to server kirby panel when the user visit https://kirby.domain.tld/edition .

2

Here is what I wrote but doesn’t work so far :

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.somain.tld.d/my_webapp__4.conf
#sub_path_only rewrite ^/$ / permanent;
location / {

    # Path to source
    root /var/www/my_webapp__4/static/;

    # Default indexes and catch-all
    index index.php index.html;
    try_files $uri $uri/ /index.php?$args =404;

    # Prevent useless logs
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to hidden files and directories
    location ~ ^/(.+/|)\.(?!well-known\/) {
        deny all;
    }

    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
}

# redirect /edition (no slash) to /edition/
location = /edition {
    return 301 /edition/;
}

# handle /edition PHP app (top-level location)
location ^~ /edition/ {
    alias /var/www/my_webapp__4/www/;
    index index.php index.html;
    try_files $uri $uri/ /edition/index.php?$args =404;

    # Remove index.php from URL needed on some cms
    if (!-e $request_filename) {
        rewrite ^(.*)$ /index.php?q=$1 last;
    }
}

# PHP processing for files under /edition
location ~ [^/edition]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME /var/www/my_webapp__4/www$fastcgi_script_name;
}

kirby@yunohost:~$ sudo cat /etc/nginx/conf.d/kirby.domain.tld/kirby.conf
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# Block bad bots
if ($http_user_agent ~* "(BlackWidow|ChinaClaw|larbin|HTTrack|Wget|WebCopier|Go!Zilla|Zeus|EmailSiphon|EmailWolf|Express WebPictures)") {
    return 403;
}

# Disable access to hidden files except .well-known
location ~ /\.(?!well-known) {
    deny all;
}

# Restrict access to system and content files
location ~* ^/(site|kirby)/ {
    deny all;
}

location ~* ^/content/.*\.(txt|md|mdown)$ {
    deny all;
}

# Disable directory listing
autoindex off;

# Disable ETags
etag off;

# MIME and charset
include mime.types;
default_type application/octet-stream;

It does serve well the static website but when I go to /edition, my web browser download /var/www/my_webapp__4/www/index.php file instead of running it.

I’m looking for any idea

3

I tried also something like

location ^~ /edition/ {
        alias /var/www/my_webapp__4/www/;
        index index.php;
        try_files $uri $uri/ /edition/index.php?$args;
    }

    location ~ ^/edition(/.*\.php)(/.*|)$ {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param REMOTE_USER $remote_user;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param DOCUMENT_ROOT /var/www/my_webapp__4/www;

}

When I go on /edition url, it downloads index.php file instead of interpreting it.

4

I got some explanation and help from kirby’s forum, Nginx serve static website and kirby panel? - Questions - Kirby Forum, but it’s not yet working as expected.

5

Thanks to samtaylor646 in here Nginx serve static website and kirby panel? - Questions - Kirby Forum , I start having something usable :

# Static website (default)
location / {
    root /var/www/my_webapp__4/static/;
    index index.html;
    try_files $uri $uri/ =404;
    
    # Prevent useless logs
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
    
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    
# Deny access to hidden files and directories
    location ~ ^/(.+/|)\.(?!well-known\/) {
        deny all;
    }
}

# Redirect /edition to /edition/
location = /edition {
    return 301 /edition/;
}

# Handle Kirby Panel at /edition
location ^~ /edition {
    alias /var/www/my_webapp__4/www/;
    try_files $uri @kirby_panel;
    
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME /var/www/my_webapp__4/www$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

# CRITICAL: Handle Panel assets (CSS, JS, fonts)
location ^~ /assets/ {
    alias /var/www/my_webapp__4/www/assets/;
    try_files $uri =404;
    expires 1y;
    add_header Cache-Control "public, immutable";
}

# Handle Kirby media files
location ^~ /media/ {
    alias /var/www/kirby/my_webapp__4/media/;
    try_files $uri =404;
    expires 1y;
    add_header Cache-Control "public";
}

# Handle Kirby API calls
location ^~ /api/ {
    alias /var/www/my_webapp__4/www/;
    try_files $uri @kirby_panel;
    
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /var/www/my_webapp__4/www/index.php;
        fastcgi_param SCRIPT_NAME /index.php;
        fastcgi_param REQUEST_URI $request_uri;
    }
}

# Named location to handle Kirby routing
location @kirby_panel {
    fastcgi_pass unix:/var/run/php/php8.2-fpm-my_webapp__4.sock;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME /var/www/my_webapp__4/www/index.php;
    fastcgi_param SCRIPT_NAME /index.php;
    fastcgi_param REQUEST_URI $request_uri;
}

# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# Block bad bots
if ($http_user_agent ~* "(BlackWidow|ChinaClaw|larbin|HTTrack|Wget|WebCopier|Go!Zilla|Zeus|EmailSiphon|EmailWolf|Express WebPictures)") {
    return 403;
}

# Disable access to hidden files except .well-known
location ~ /\.(?!well-known) {
    deny all;
}

# Restrict access to system and content files
location ~* ^/(site|kirby)/ {
    deny all;
}

location ~* ^/content/.*\.(txt|md|mdown)$ {
    deny all;
}

# Disable directory listing
autoindex off;

# Disable ETags
etag off;

# MIME and charset
include mime.types;
default_type application/octet-stream;

Only plugins aren’t working/displaying within Kirby’s panel.