server { listen 80; listen [::]:80; server_name lingualibre.org; location / { return 302 https://$host$request_uri; } location /.well-known { root /var/www/lingualibre.org; try_files $uri =404; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name lingualibre.org; ssl_certificate /etc/letsencrypt/live/lingualibre.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/lingualibre.org/privkey.pem; root /opt/mediawiki/1.35; client_max_body_size 5m; client_body_timeout 60; # Gzip compression gzip on; gzip_min_length 1024; gzip_types text/plain text/css text/javascript font/eot font/otf font/ttf application/octet-stream image/svg+xml; gzip_vary on; gzip_proxied any; location ~ ^/images/ { root /var/www/lingualibre.org; try_files $uri =404; } location ~ ^/demo/ { root /opt/LinguaRecorder; try_files $uri =404; } location / { try_files $uri @rewrite; } location =/robots.txt { alias /var/www/lingualibre.org/robots.txt; } location /datasets/ { proxy_pass http://10.42.3.50:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; break; } location ~ ^/bigdata/ { if ($http_cookie ~* "lingua_libre_v2_session=([^;]+)(?:;|$)") { rewrite /(.*) /auth/$1 last; } send_timeout 65s; proxy_read_timeout 60s; proxy_pass http://10.42.3.50:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; break; } location = /sparql { send_timeout 65s; proxy_read_timeout 60s; proxy_pass http://10.42.3.50:9000/bigdata/namespace/wdq; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; break; } location ~ ^/auth/bigdata/ { internal; send_timeout 305s; proxy_read_timeout 300s; rewrite /auth/(.*) /$1 break; proxy_pass http://10.42.3.50:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; break; } location @rewrite { rewrite ^/entity/(Q\d+)$ /wiki/$1 permanent; rewrite ^/entity/(P\d+)$ /wiki/Property:$1 permanent; rewrite ^/$ /wiki/ permanent; rewrite ^/(wiki/)?(.*)$ /index.php?title=$1&$args; } #location = /w/api.php { # rewrite ^/w/api\.php$ /api.php$is_args$args redirect; #} location /maintenance/ { return 403; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { try_files $uri /index.php; expires max; log_not_found off; } location = /_.gif { expires max; empty_gif; } location ^~ /cache/ { deny all; } location /dumps { root /var/www/mediawiki/local; autoindex on; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } # Mitigate https://httpoxy.org/ vulnerabilities fastcgi_param HTTP_PROXY ""; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_index index.php; # include the fastcgi_param setting include fastcgi_params; # SCRIPT_FILENAME parameter is used for PHP FPM determining # the script name. If it is not set in fastcgi_params file, # i.e. /etc/nginx/fastcgi_params or in the parent contexts, # please comment off following line: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location /.well-known { root /var/www/lingualibre.org; try_files $uri =404; } error_log /var/log/nginx/lingualibre_error.log; access_log /var/log/nginx/lingualibre_access.log; }