...
- For pretty URL's (without /index.php/ in every URI) you will need to add a custom Nginx configuration. For a community provided example configuration, please see https://www.blesta.com/forums/index.php?/topic/9320-nginx-config/ or use the following (recommended) configuration
Code Block # Redirect HTTP to HTTPS server { listen 0.0.0.0:80 default_server ssl http2; # IPv4 listen [::]:80 default_server ssl http2; # IPv6 server_name account.yourdomain.com; # Hostname return 301 https://$host$request_uri; } # Run Blesta on SSL server { listen 0.0.0.0:443 default_server ssl http2; # IPv4 listen [::]:443 default_server ssl http2; # IPv6 server_name account.yourdomain.com; # Hostname root /var/www/account.yourdomain.com; # Installation directory # SSL cert/key pair ssl_certificate /etc/ssl/certs/account.yourdomain.com.crt; ssl_certificate_key /etc/ssl/private/account.yourdomain.com.key; # iFrame protection add_header X-Frame-Options SAMEORIGIN; location / { try_files $uri /index.php; rewrite ^(.*)/install\.php$ /$1/install/ redirect; } location = /index.php { fastcgi_pass unix:/run/php/php7.3-fpm.sock; # PHP socket fastcgi_param SCRIPT_FILENAME $document_root/index.php; # Blesta /index.php fastcgi_param SCRIPT_NAME $fastcgi_script_name; include fastcgi_params; } location ~ /\. { log_not_found off; return 404; } location ~* \.(php|pdt|txt)$ { log_not_found off; return 404; } }Expand title Here's an additional configuration for systems with TLS 1.3 support (Running OpenSSL 1.1.1+) Code Block server { listen 80 default_server; listen [::]:80 default_server; server_name _; access_log /path/to/.logs/access.log main; error_log /path/to/.logs/errors.log warn; root /path/to/site/public; index index.php index.html; location / { try_files $uri $uri/ /index.php?q=$uri&$args; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/lib/nginx/html; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; include fastcgi_params; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; } if ($scheme != https) { return 307 https://domain.tld$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name _; access_log /path/to/.logs/access.log main; error_log /path/to/.logs/errors.log warn; root /path/to/site/public; index index.php index.html; location / { try_files $uri $uri/ /index.php?q=$uri&$args; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/lib/nginx/html; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; include fastcgi_params; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; } ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; ssl_dhparam /etc/letsencrypt/dhparam.pem; ssl_buffer_size 8k; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp384r1; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; if ($host != domain.tld) { return 307 https://domain.tld$request_uri; } }
Next, update /core/ServiceProviders/MinphpBridge.php and make the following change:
Code Block // $htaccess = file_exists($rootWebDir . '.htaccess'); $htaccess = true;
...