--- title: Grav --- > [Official Documentation](https://learn.getgrav.org/17) {.is-info} ## Requirements `# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip` ### Download grav Make sure the directory you want to use is owned by your webserver user. (www-data on debian) `# chown www-data:www-data -R /var/www` **With included admin client** `sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32` ## Nginx config ``` server { server_name DOMAIN_NAME; # Security / XSS Mitigation Headers add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; listen *:443 ssl http2; #set ipv6 address ssl_certificate_key /etc/acme-sh/DOMAIN_NAME/key.pem; ssl_certificate /etc/acme-sh/DOMAIN_NAME/cert.pem; index index.html index.php; ## Begin - Server Info root /var/www/grav-admin; ## End - Server Info ## Begin - Index # for subfolders, simply adjust: # `location /subfolder {` # and the rewrite to use `/subfolder/index.php` location / { try_files $uri $uri/ /index.php?$query_string; } ## End - Index ## Begin - Security # deny all direct access for these folders location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } # deny running scripts inside core system folders location ~* /(system|vendor)/.*\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny running scripts inside user folder location ~* /user/.*\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny access to specific files in the root folder location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } ## End - Security ## Begin - PHP location ~ \.php$ { # Choose either a socket or TCP/IP address fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy # fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } ## End - PHP } server { if ($host = DOMAIN_NAME) { return 301 https://$host$request_uri; } listen *:80; #set ipv6 address server_name DOMAIN_NAME; return 404; } ```