Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • For pretty URL's (without /index.php/ in every URI) you will need to add a custom Nginx configuration. For a community provided example configuration, please see https://www.blesta.com/forums/index.php?/topic/9320-nginx-config/ or use the following (recommended) configuration

    • Code Block
      # Redirect HTTP to HTTPS
      server {
      	listen 0.0.0.0:80 default_server ssl http2; # IPv4
          listen [::]:80 default_server ssl http2; # IPv6
      	server_name account.yourdomain.com; # Hostname	
      	return 301 https://$host$request_uri;
      
      }
      # Run Blesta on SSL
      server {
      	listen 0.0.0.0:443 default_server ssl http2; # IPv4
              listen [::]:443 default_server ssl http2; # IPv6
              server_name account.yourdomain.com; # Hostname
              root /var/www/account.yourdomain.com; # Installation directory
      	# SSL cert/key pair
              ssl_certificate /etc/ssl/certs/account.yourdomain.com.crt;
              ssl_certificate_key /etc/ssl/private/account.yourdomain.com.key;
      
      
      	# iFrame protection
              add_header X-Frame-Options SAMEORIGIN;
      
              location / {
                      try_files $uri /index.php;
                      rewrite ^(.*)/install\.php$ /$1/install/ redirect;
              }
      
              location = /index.php {
                      fastcgi_pass unix:/run/php/php7.3-fpm.sock; # PHP socket
                      fastcgi_param SCRIPT_FILENAME $document_root/index.php; # Blesta /index.php
                      fastcgi_param SCRIPT_NAME $fastcgi_script_name;
                      include fastcgi_params;
              }
      
              location ~ /\. {
                      log_not_found off;
                      return 404;
              }
      
              location ~* \.(php|pdt|txt)$ {
                      log_not_found off;
                      return 404;
              }
      }


      Expand
      titleHere's an additional configuration for systems with TLS 1.3 support (Running OpenSSL 1.1.1+)


      Code Block
      server {
          listen      80 default_server;
          listen [::]:80 default_server;
          server_name _;
      
          access_log  /path/to/.logs/access.log main;
          error_log   /path/to/.logs/errors.log warn;
      
          root /path/to/site/public;
          index index.php index.html;
      
          location / { try_files $uri $uri/ /index.php?q=$uri&$args; }
      
          error_page 500 502 503 504 /50x.html;
          location = /50x.html { root /var/lib/nginx/html; }
      
          location ~ \.php$ {
              try_files $uri =404;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_pass 127.0.0.1:9000;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              fastcgi_param SCRIPT_NAME $fastcgi_script_name;
              fastcgi_index index.php;
              include fastcgi_params;
          }
      
          location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; }
      
          if ($scheme != https) { return 307 https://domain.tld$request_uri; }
      }
      
      server {
          listen      443 ssl;
          listen [::]:443 ssl;
          server_name _;
      
          access_log  /path/to/.logs/access.log main;
          error_log   /path/to/.logs/errors.log warn;
      
          root /path/to/site/public;
          index index.php index.html;
      
          location / { try_files $uri $uri/ /index.php?q=$uri&$args; }
      
          error_page 500 502 503 504 /50x.html;
          location = /50x.html { root /var/lib/nginx/html; }
      
          location ~ \.php$ {
              try_files $uri =404;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_pass 127.0.0.1:9000;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              fastcgi_param SCRIPT_NAME $fastcgi_script_name;
              fastcgi_index index.php;
              include fastcgi_params;
          }
      
          location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; }
      
          ssl_certificate     /etc/letsencrypt/live/domain.tld/fullchain.pem;
          ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
          ssl_dhparam         /etc/letsencrypt/dhparam.pem;
      
          ssl_buffer_size 8k;
      
          ssl_protocols TLSv1.2 TLSv1.3;
          ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
          ssl_prefer_server_ciphers on;
      
          ssl_ecdh_curve secp384r1;
          ssl_session_tickets off;
      
          ssl_stapling on;
          ssl_stapling_verify on;
          resolver 8.8.8.8;
      
          add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
      
          if ($host != domain.tld) { return 307 https://domain.tld$request_uri; }
      }



  • Next, update /core/ServiceProviders/MinphpBridge.php and make the following change:

    Code Block
    // $htaccess = file_exists($rootWebDir . '.htaccess');
    $htaccess = true;


...