82 lines
2.6 KiB
Markdown
Raw Normal View History

---
title: Grav
---
> [Official Documentation](https://learn.getgrav.org/17)
{.is-info}
## Requirements
`# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip`
### Download grav
Make sure the directory you want to use is owned by your webserver user. (www-data on debian)
`# chown www-data:www-data -R /var/www`
**With included admin client**
`sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32`
## Nginx config
```
server {
server_name DOMAIN_NAME;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
listen *:443 ssl http2; #set ipv6 address
ssl_certificate_key /etc/acme-sh/DOMAIN_NAME/key.pem;
ssl_certificate /etc/acme-sh/DOMAIN_NAME/cert.pem;
index index.html index.php;
## Begin - Server Info
root /var/www/grav-admin;
## End - Server Info
## Begin - Index
# for subfolders, simply adjust:
# `location /subfolder {`
# and the rewrite to use `/subfolder/index.php`
location / {
try_files $uri $uri/ /index.php?$query_string;
}
## End - Index
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
location ~ \.php$ {
# Choose either a socket or TCP/IP address
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy
# fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP
}
server {
if ($host = DOMAIN_NAME) {
return 301 https://$host$request_uri;
}
listen *:80; #set ipv6 address
server_name DOMAIN_NAME;
return 404;
}
```