Nginx webserver configuration

<%- if @topic_view.topic.tags.present? %>
<%= t 'js.tagging.tags' %>: <%- @topic_view.topic.tags.each do |t| %> <%= t %> <%- end %>
<% end %>

Moving this from to a more community maintained location


The prerequisite is that you have already installed Nginx and you are
able to run PHP files via the FastCGI-wrapper from Nginx.

Now you need to set up a virtual host in Nginx with configuration settings
that are similar to those shown below.

If you don't fully understand the configuration presented here, consult the [nginx documentation](

Especially be aware of accidental php-execution when extending the configuration.

Caveats about the sample configuration below

  • It does not cover serving securely over HTTPS.
  • It uses the new filesystem layout (with public directory) introduced in SilverStripe 4.1.0 (see upgrading guide)
  • The regular expression for allowed file types must be manually updated if the File.allowed_extensions list is updated.
  • The error pages for 502 (Bad Gateway) and 503 (Service Unavailable) need to be manually created and published in the CMS (assuming use of the silverstripe/errorpage module).
server {
  include mime.types;
  default_type  application/octet-stream;
  client_max_body_size 0; # Manage this in php.ini (upload_max_filesize & post_max_size)
  listen 80;
  root /path/to/ss/folder/public;

  # Defend against SS-2015-013 --
  if ($http_x_forwarded_host) {
    return 400;

  location / {
      try_files $uri /index.php?$query_string;

  error_page 404 /assets/error-404.html;
  error_page 500 /assets/error-500.html;

  # See caveats
  error_page 502 /assets/error-500.html;
  error_page 503 /assets/error-500.html;

  # Support assets & resources #

  # Never serve .gitignore, .htaccess, or .method
  location ~ /\.(gitignore|htaccess|method)$ {
      return 403;

  # Protect the .protected folder
  location ~ ^/assets/.protected/ {
      return 403;

  # Handle allowed file types (see caveats)
  # Pass unfound files to SilverStripe to check draft images
  location ~ ^/assets/.*\.(?i:css|js|ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|csv|dmg|doc|docx|dotx|flv|gif|gpx|gz|hqx|ico|jpeg|jpg|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|zip|zipx)$ {
      sendfile on;
      try_files $uri /index.php?$query_string;

  # Allow the error pages. Fail with 404 Not found.
  location ~ ^/assets/error-\d\d\d\.html$ {
      try_files $uri =404;

  # Fail all other assets requests as 404 Not found
  # Could also use 403 Forbidden or 444 (nginx drops the connection)
  location ~ ^/assets/ {
      return 404;

  # End of assets & resources support #

  location /index.php {
    fastcgi_buffer_size 32k;
    fastcgi_busy_buffers_size 64k;
    fastcgi_buffers 4 32k;
    fastcgi_keep_conn on;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;

The above configuration sets up a virtual host with
rewrite rules suited for SilverStripe. The location block for index.php
passes the php script to the FastCGI-wrapper via a TCP socket.

Now you can proceed with the SilverStripe installation normally.

NOTE: Nginx does not support .htaccess files. Any .htaccess requirements of SilverStripe will need to be manually converted into Nginx configurations instead.