diff --git a/README.md b/README.md
index 348f032..753a57c 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,28 @@
A lightweight, HTML-only status feed for self-hosted personal websites. Written in PHP. Heavily inspired by [status.cafe](https://status.cafe).
-
+## Screenshots
+
+### Mobile
+
+
+
+
+### Desktop
+
+
+
+
+
+
## Features
@@ -11,6 +32,8 @@ A lightweight, HTML-only status feed for self-hosted personal websites. Written
* CSS uploads for custom theming
* Custom emoji to personalize moods (unicode only)
+I'm trying to make sure that the HTML is both semantically valid and accessible, but I have a lot to learn about both. If you see something I should fix, please let me know!
+
## Prerequisites
* A web server with PHP support, such as:
@@ -27,18 +50,25 @@ A lightweight, HTML-only status feed for self-hosted personal websites. Written
1. Copy the `tkr` directory to the location you want to serve it from
* on debian-based systems, `/var/www/tkr` is recommended
1. Make the `storage` directory writable by the web server account.
- * For example, on nginx on debian-based distributions:
```sh
chown www-data:www-data /path/to/tkr/storage
+ chmod 0770 /path/to/tkr/storage
```
-1. Add the necessary web server configuration
- * Examples for common deployment scenarios, including documentation, are in the examples directory.
+1. Add the necessary web server configuration.
+ * Examples for common scenarios can be found in the [examples](./examples) directory.
+ * Apache VPS, subdomain (e.g. `https://tkr.your-domain.com`): [examples/apache/vps/root](./examples/apache/vps/root)
+ * Apache VPS, subfolder (e.g. `https://your-domain.com/tkr`): [examples/apache/vps/subfolder](./examples/apache/vps/subfolder)
+ * Nginx VPS, subdomain (e.g. `https://tkr.your-domain.com`): [examples/nginx/root](./examples/nginx/root)
+ * Nginx VPS, subfolder (e.g. `https://your-domain.com/tkr`): [examples/nginx/subfolder](./examples/nginx/subfolder)
+ * Any values that need to be configured for your environment are labeled with `CONFIG`.
+ * The SSL configurations are basic, but should work. For more robust SSL configurations, see https://ssl-config.mozilla.org
-## From git
+
+### From git
If you'd prefer to install from git:
-1. Clone this directoryand copy the `/tkr` directory to your web server.
+1. Clone this directory and copy the `/tkr` directory to your web server.
* Required subdirectories are:
1. `config`
1. `public`
@@ -46,7 +76,7 @@ If you'd prefer to install from git:
1. `storage`
1. `templates`
* Exclude the other directories
-2. Follow the main installation from step 2.
+2. Follow the main installation from step 4.
## Initial configuration
@@ -71,7 +101,7 @@ The document root should be `/PATH/TO/tkr/public`. This will ensure that only th
There is an `.htaccess` file in the `tkr/` root directory. It's designed for the following installation scenario:
* shared hosting
-* `tkr/` is deployed installed to `tkr/` under your web root. (e.g. `public_html/tkr`).
+* `tkr/` is installed to `tkr/` under your web root. (e.g. `public_html/tkr`).
* `tkr/public` is the document root
* The other application directories are blocked both by `tkr/.htaccess` and by `.htaccess` files in the directories themselves. These are:
* `tkr/config`
@@ -80,16 +110,12 @@ There is an `.htaccess` file in the `tkr/` root directory. It's designed for the
* `tkr/storage`
* `tkr/templates`
-There are example configurations for other common scenarios in the [examples](./examples) directory.
-
-* Apache VPS, subdomain (e.g. `https://tkr.your-domain.com`): [examples/apache/vps/root](./examples/apache/vps/subdomain)
-* Apache VPS, subfolder (e.g. `https://your-domain.com/tkr`): [examples/apache/vps/subfolder](./examples/apache/vps/subfolder)
-* Nginx VPS, subdomain (e.g. `https://tkr.your-domain.com`): [examples/nginx/root](./examples/nginx/subfolder)
-* Nginx VPS, subfolder (e.g. `https://your-domain.com/tkr`): [examples/nginx/subfolder](./examples/nginx/subfolder)
### Docker compose
-The example directories contain docker-compose.yml files for the different configurations. To run tkr locally on your machine, copy the docker-compose file you're interested in to `tkr/` and run `docker compose up`.
+The [docker](./docker) directory contains docker-compose.yml files and web server configs for some different server configurations. For simplicity, these do not use SSL.
+
+To run tkr locally on your machine, copy the docker-compose file you're interested in to `tkr/` and run `docker compose up`.
## Storage
@@ -109,7 +135,7 @@ For illustration, here's a sample from the file `/tkr/storage/ticks/2025/05/25`
### SQLite Database
-tkr stores profile information, custom emojis, and uploaded css metadata in a SQLite database located at `tkr/storage/db`.
+tkr stores profile information, custom emojis, and uploaded css metadata in a SQLite database located at `tkr/storage/db/tkr.sqlite`.
You don't have to do any database setup. The database is automatically created and initialized on first run.
diff --git a/docker/apache/shared-hosting/.htaccess b/docker/apache/shared-hosting/.htaccess
new file mode 100644
index 0000000..9fd4083
--- /dev/null
+++ b/docker/apache/shared-hosting/.htaccess
@@ -0,0 +1,49 @@
+# Example Apache VirtualHost
+# for serving tkr as a subdirectory path
+# on shared hosting via .htaccess
+#
+# e.g. http://www.my-domain.com/tkr
+#
+# This should work without modification if you extract the app
+# to /tkr from your web document root
+
+# Enable mod_rewrite
+RewriteEngine On
+
+# Security headers
+Header always set X-Frame-Options "SAMEORIGIN"
+Header always set X-XSS-Protection "1; mode=block"
+Header always set X-Content-Type-Options "nosniff"
+
+# Directory index
+DirectoryIndex public/index.php
+
+# Security: Block direct access to .php files (except through rewrites)
+RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
+RewriteRule ^.*$ - [R=404,L]
+
+# Security: Block access to sensitive directories
+RewriteRule ^(storage|src|templates|examples|config)(/.*)?$ - [F,L]
+
+# Security: Block access to hidden files
+RewriteRule ^\..*$ - [F,L]
+
+# Cache CSS files for 1 hour
+
+ Header set Cache-Control "public, max-age=3600"
+
+
+# Serve the one static file that exists: css/tkr.css
+# (Pass requests to css/custom/ through to the PHP app)
+RewriteCond %{REQUEST_URI} !^/css/custom/
+RewriteRule ^css/tkr\.css$ public/css/tkr.css [L]
+
+# 404 all other static files (images, js, fonts, etc.)
+# so those requests don't hit the PHP app
+# (this is to reduce load on the PHP app from bots and scanners)
+RewriteRule \.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$ - [R=404,L]
+
+# Everything else goes to the front controller
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ public/index.php [L]
diff --git a/examples/apache/shared-hosting/docker-compose.yml b/docker/apache/shared-hosting/docker-compose.yml
similarity index 87%
rename from examples/apache/shared-hosting/docker-compose.yml
rename to docker/apache/shared-hosting/docker-compose.yml
index 9bb3ef7..0c5e22d 100644
--- a/examples/apache/shared-hosting/docker-compose.yml
+++ b/docker/apache/shared-hosting/docker-compose.yml
@@ -10,7 +10,7 @@ services:
- ./src:/var/www/html/tkr/src
- ./storage:/var/www/html/tkr/storage
- ./templates:/var/www/html/tkr/templates
- - ./examples/apache/shared-hosting/.htaccess:/var/www/html/tkr/.htaccess
+ - ./docker/apache/shared-hosting/.htaccess:/var/www/html/tkr/.htaccess
command: >
bash -c "a2enmod rewrite headers expires &&
apache2-foreground &&
diff --git a/examples/apache/vps/root/docker-compose.yml b/docker/apache/vps/root/docker-compose.yml
similarity index 82%
rename from examples/apache/vps/root/docker-compose.yml
rename to docker/apache/vps/root/docker-compose.yml
index 2bcfff3..a7d1d9e 100644
--- a/examples/apache/vps/root/docker-compose.yml
+++ b/docker/apache/vps/root/docker-compose.yml
@@ -10,7 +10,7 @@ services:
- ./src:/var/www/tkr/src
- ./storage:/var/www/tkr/storage
- ./templates:/var/www/tkr/templates
- - ./examples/apache/vps/root/tkr.my-domain.com.conf:/etc/apache2/sites-enabled/tkr.my-domain.com.conf
+ - ./docker/apache/vps/root/tkr.my-domain.com.conf:/etc/apache2/sites-enabled/tkr.my-domain.com.conf
command: >
bash -c "a2enmod rewrite headers expires &&
apache2-foreground &&
diff --git a/examples/apache/vps/root/tkr.my-domain.com.ssl.conf b/docker/apache/vps/root/tkr.my-domain.com.conf
similarity index 74%
rename from examples/apache/vps/root/tkr.my-domain.com.ssl.conf
rename to docker/apache/vps/root/tkr.my-domain.com.conf
index eb07edb..e699adf 100644
--- a/examples/apache/vps/root/tkr.my-domain.com.ssl.conf
+++ b/docker/apache/vps/root/tkr.my-domain.com.conf
@@ -1,29 +1,13 @@
# Example Apache VirtualHost
-# for serving tkr as a subdomain root with SSL
-# e.g. https://tkr.my-domain.com/
+# for serving tkr as a subdomain root without SSL
+# e.g. http://tkr.my-domain.com/
#
-# Use SSL in production.
-# This is a minimal SSL confiuration
-# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
+# NOTE: Do not use in production.
+# This is provided for docker compose
+# (The included docker-compose file will mount it in the container image)
- # Replace localhost with your subdomain, e.g. tkr.my-domain.com
ServerName localhost
DocumentRoot /var/www/tkr/public
- # Redirect HTTP to HTTPS
- Redirect permanent / https://tkr.my-domain.com/
-
-
-
- ServerName localhost
- DocumentRoot /var/www/tkr/public
-
- # SSL Configuration
- SSLEngine on
-
- # Assumes you're using letsencrypt for cert generation
- # Replace with the actual paths to your cert and key
- SSLCertificateFile /etc/letsencrypt/live/tkr.my-domain.com/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/tkr.my-domain.com/privkey.pem
# Security headers
Header always set X-Frame-Options "SAMEORIGIN"
diff --git a/examples/apache/vps/subfolder/docker-compose.yml b/docker/apache/vps/subfolder/docker-compose.yml
similarity index 83%
rename from examples/apache/vps/subfolder/docker-compose.yml
rename to docker/apache/vps/subfolder/docker-compose.yml
index 2316f26..b227422 100644
--- a/examples/apache/vps/subfolder/docker-compose.yml
+++ b/docker/apache/vps/subfolder/docker-compose.yml
@@ -10,7 +10,7 @@ services:
- ./src:/var/www/tkr/src
- ./storage:/var/www/tkr/storage
- ./templates:/var/www/tkr/templates
- - ./examples/apache/vps/subfolder/my-domain.com.conf:/etc/apache2/sites-enabled/my-domain.com.conf
+ - ./docker/apache/vps/subfolder/my-domain.com.conf:/etc/apache2/sites-enabled/my-domain.com.conf
command: >
bash -c "a2enmod rewrite headers expires &&
a2dissite 000-default &&
diff --git a/examples/apache/vps/subfolder/my-domain.com.ssl.conf b/docker/apache/vps/subfolder/my-domain.com.conf
similarity index 72%
rename from examples/apache/vps/subfolder/my-domain.com.ssl.conf
rename to docker/apache/vps/subfolder/my-domain.com.conf
index 53ff1c1..b1b40d7 100644
--- a/examples/apache/vps/subfolder/my-domain.com.ssl.conf
+++ b/docker/apache/vps/subfolder/my-domain.com.conf
@@ -1,30 +1,13 @@
# Example Apache VirtualHost
-# for serving tkr as a subdirectory path with SSL
-# e.g. https://www.my-domain.com/tkr
+# for serving tkr as a subdirectory path without SSL
+# e.g. http://www.my-domain.com/tkr
#
-# Use SSL in production.
-# This is a minimal SSL confiuration
-# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
+# NOTE: Do not use in production.
+# This is provided for docker compose
+# (The included docker-compose file will mount it in the container image)
- # Replace localhost with your subdomain, e.g. tkr.my-domain.com
ServerName localhost
DocumentRoot /var/www/html
- # Redirect HTTP to HTTPS
- Redirect permanent / https://my-domain.com/
-
-
-
- # Replace localhost with your subdomain, e.g. tkr.my-domain.com
- ServerName localhost
- DocumentRoot /var/www/html
-
- # SSL Configuration
- SSLEngine on
-
- # Assumes you're using letsencrypt for cert generation
- # Replace with the actual paths to your cert and key
- SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
# Security headers
Header always set X-Frame-Options "SAMEORIGIN"
diff --git a/examples/nginx/root/docker-compose.yml b/docker/nginx/root/docker-compose.yml
similarity index 88%
rename from examples/nginx/root/docker-compose.yml
rename to docker/nginx/root/docker-compose.yml
index 6d614f4..0d0d9ab 100644
--- a/examples/nginx/root/docker-compose.yml
+++ b/docker/nginx/root/docker-compose.yml
@@ -6,7 +6,7 @@ services:
- "80:80"
volumes:
- ./public:/var/www/tkr/public
- - ./examples/nginx/root/nginx.conf:/etc/nginx/conf.d/default.conf
+ - ./docker/nginx/root/nginx.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
restart: unless-stopped
diff --git a/examples/nginx/root/nginx.ssl.conf b/docker/nginx/root/nginx.conf
similarity index 78%
rename from examples/nginx/root/nginx.ssl.conf
rename to docker/nginx/root/nginx.conf
index c680602..8d01eef 100644
--- a/examples/nginx/root/nginx.ssl.conf
+++ b/docker/nginx/root/nginx.conf
@@ -1,23 +1,14 @@
# Example nginx config
-# for serving tkr as a subdomain with SSL
-# e.g. https://tkr.my-domain.com/
+# for serving tkr as a subdomain without SSL
+# e.g. http://tkr.my-domain.com/
#
-# Use SSL in production.
-# This is a minimal SSL confiuration
-# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
+# NOTE: Do not use in production.
+# This is provided for docker compose
+# (The included docker-compose file will mount it in the container image)
server {
- listen 443 ssl;
- listen [::]:443 ssl;
-
- # replace localhost with your subdomain
- # e.g. tkr.my-domain.com
+ listen 80;
server_name localhost;
- # Assumes you're using letsencrypt for cert generation
- # Replace with the actual paths to your cert and key
- ssl_certificate /etc/letsencrypt/live/tkr.my-domain.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/tkr.my-domain.com/privkey.pem;
-
root /var/www/tkr/public;
index index.php;
@@ -44,7 +35,16 @@ server {
# I've excluded /css/custom so that requests for uploaded css can be handled by the PHP app.
# That lets me store uploaded content outside of the document root,
# so it isn't served directly.
- location ~* ^/(?!css/custom/).+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+
+ # CSS files - 1 hour cache
+ location ~* ^/(?!css/custom/).+\.css$ {
+ expires 1h;
+ add_header Cache-Control "public";
+ try_files $uri =404;
+ }
+
+ # Other static assets - 1 year cache
+ location ~* ^/.+\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
try_files $uri =404;
@@ -98,10 +98,3 @@ server {
return 404;
}
}
-
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
-
- return 301 https://$host$request_uri;
-}
diff --git a/examples/nginx/subfolder/docker-compose.yml b/docker/nginx/subfolder/docker-compose.yml
similarity index 87%
rename from examples/nginx/subfolder/docker-compose.yml
rename to docker/nginx/subfolder/docker-compose.yml
index a5ed1c2..a7cedaf 100644
--- a/examples/nginx/subfolder/docker-compose.yml
+++ b/docker/nginx/subfolder/docker-compose.yml
@@ -6,7 +6,7 @@ services:
- "80:80"
volumes:
- ./public:/var/www/tkr/public
- - ./examples/nginx/subfolder/nginx.conf:/etc/nginx/conf.d/default.conf
+ - ./docker/nginx/subfolder/nginx.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
restart: unless-stopped
diff --git a/examples/nginx/subfolder/nginx.ssl.conf b/docker/nginx/subfolder/nginx.conf
similarity index 81%
rename from examples/nginx/subfolder/nginx.ssl.conf
rename to docker/nginx/subfolder/nginx.conf
index 71718a8..b6f8d84 100644
--- a/examples/nginx/subfolder/nginx.ssl.conf
+++ b/docker/nginx/subfolder/nginx.conf
@@ -1,16 +1,16 @@
# Example nginx config
-# for serving tkr as a subdfolder with SSL
-# e.g. https://my-domain.com/tkr
+# for serving tkr as a subdfolder without SSL
+# e.g. http://my-domain.com/tkr
#
-# Use SSL in production.
-# This is a minimal SSL confiuration
-# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
+# NOTE: Do not use in production.
+# This is provided for docker compose
+# (The included docker-compose file will mount it in the container image)
server {
- listen 443 ssl;
- listen [::]:443 ssl;
+ listen 80 default_server;
+ listen [::]:80 default_server;
- # Replace localhost with your domain
- # e.g. my-domain.com
+ # replace localhost with your subdomain
+ # e.g. tkr.my-domain.com
server_name localhost;
root /var/www/html;
@@ -42,7 +42,16 @@ server {
# I've excluded /css/custom so that requests for uploaded css can be handled by the PHP app.
# That lets me store uploaded content outside of the document root,
# so it isn't served directly.
- location ~* ^/tkr/(?!css/custom/).+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+
+ # CSS files - 1 hour cache
+ location ~* ^/tkr/(?!css/custom/).+\.css$ {
+ expires 1h;
+ add_header Cache-Control "public";
+ try_files $uri =404;
+ }
+
+ # Other static assets - 1 year cache
+ location ~* ^/tkr/.+\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
try_files $uri =404;
@@ -89,11 +98,4 @@ server {
deny all;
return 404;
}
-}
-
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
-
- return 301 https://$host$request_uri;
-}
+}
\ No newline at end of file
diff --git a/examples/apache/vps/root/tkr.my-domain.com.conf b/examples/apache/vps/root/tkr.my-domain.com.conf
index afd8c06..753a7af 100644
--- a/examples/apache/vps/root/tkr.my-domain.com.conf
+++ b/examples/apache/vps/root/tkr.my-domain.com.conf
@@ -1,14 +1,32 @@
# Example Apache VirtualHost
-# for serving tkr as a subdomain root without SSL
-# e.g. http://tkr.my-domain.com/
+# for serving tkr as a subdomain root with SSL
+# e.g. https://tkr.my-domain.com/
#
-# NOTE: Do not use in production.
-# This is provided for docker compose
-# (The included docker-compose file will mount it in the container image)
+# Use SSL in production.
+# This is a minimal SSL confiuration
+# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
- # Replace localhost with your subdomain, e.g. tkr.my-domain.com
+ # CONFIG: Replace localhost with your subdomain, e.g. tkr.my-domain.com
ServerName localhost
+ # CONFIG: Replace localhost with your subdomain, e.g. tkr.my-domain.com
DocumentRoot /var/www/tkr/public
+ # Redirect HTTP to HTTPS
+ Redirect permanent / https://tkr.my-domain.com/
+
+
+
+ # CONFIG: Replace localhost with your subdomain, e.g. tkr.my-domain.com
+ ServerName localhost
+ # CONFIG: Replace localhost with your subdomain, e.g. tkr.my-domain.com
+ DocumentRoot /var/www/tkr/public
+
+ # SSL Configuration
+ SSLEngine on
+
+ # Assumes you're using letsencrypt for cert generation
+ # Replace with the actual paths to your cert and key
+ SSLCertificateFile /etc/letsencrypt/live/tkr.my-domain.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/tkr.my-domain.com/privkey.pem
# Security headers
Header always set X-Frame-Options "SAMEORIGIN"
diff --git a/examples/apache/vps/subfolder/my-domain.com.conf b/examples/apache/vps/subfolder/my-domain.com.conf
index a7287f9..b2d42ea 100644
--- a/examples/apache/vps/subfolder/my-domain.com.conf
+++ b/examples/apache/vps/subfolder/my-domain.com.conf
@@ -1,14 +1,32 @@
# Example Apache VirtualHost
-# for serving tkr as a subdirectory path without SSL
-# e.g. http://www.my-domain.com/tkr
+# for serving tkr as a subdirectory path with SSL
+# e.g. https://www.my-domain.com/tkr
#
-# NOTE: Do not use in production.
-# This is provided for docker compose
-# (The included docker-compose file will mount it in the container image)
+# Use SSL in production.
+# This is a minimal SSL confiuration
+# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
- # Replace localhost with your subdomain, e.g. tkr.my-domain.com
+ # CONFIG: Replace localhost with your subdomain, e.g. tkr.my-domain.com
ServerName localhost
- DocumentRoot /var/www/html
+ # CONFIG: Replace with your subdomain, e.g. tkr.my-domain.com
+ DocumentRoot /var/www/tkr
+ # Redirect HTTP to HTTPS
+ Redirect permanent / https://my-domain.com/
+
+
+
+ # CONFIG: Replace localhost with your subdomain, e.g. tkr.my-domain.com
+ ServerName localhost
+ # CONFIG: Replace with your subdomain, e.g. tkr.my-domain.com
+ DocumentRoot /var/www/tkr/
+
+ # SSL Configuration
+ SSLEngine on
+
+ # Assumes you're using letsencrypt for cert generation
+ # Replace with the actual paths to your cert and key
+ SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
# Security headers
Header always set X-Frame-Options "SAMEORIGIN"
diff --git a/examples/nginx/root/nginx.conf b/examples/nginx/root/nginx.conf
index 2282843..c7855a1 100644
--- a/examples/nginx/root/nginx.conf
+++ b/examples/nginx/root/nginx.conf
@@ -1,19 +1,28 @@
# Example nginx config
-# for serving tkr as a subdomain without SSL
-# e.g. http://tkr.my-domain.com/
+# for serving tkr as a subdomain with SSL
+# e.g. https://tkr.my-domain.com/
#
-# NOTE: Do not use in production.
-# This is provided for docker compose
-# (The included docker-compose file will mount it in the container image)
+# Use SSL in production.
+# This is a minimal SSL confiuration
+# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
server {
- listen 80;
- # replace localhost with your subdomain
- # e.g. tkr.my-domain.com
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ # CONFIG: replace "localhost" with your subdomain (e.g. tkr.my-domain.com)
server_name localhost;
+ # CONFIG:
+ # replace "/var/www/tkr" with the directory you extracted the .zip file to (if different)
root /var/www/tkr/public;
index index.php;
+ # CONFIG:
+ # Assumes you're using letsencrypt for cert generation
+ # Replace with the actual paths to your cert and key
+ ssl_certificate /etc/letsencrypt/live/tkr.my-domain.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/tkr.my-domain.com/privkey.pem;
+
# Security headers
# The first rule is to prevent including in a frame on a different domain.
# Remove it if you want to do that.
@@ -37,16 +46,7 @@ server {
# I've excluded /css/custom so that requests for uploaded css can be handled by the PHP app.
# That lets me store uploaded content outside of the document root,
# so it isn't served directly.
-
- # CSS files - 1 hour cache
- location ~* ^/(?!css/custom/).+\.css$ {
- expires 1h;
- add_header Cache-Control "public";
- try_files $uri =404;
- }
-
- # Other static assets - 1 year cache
- location ~* ^/.+\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+ location ~* ^/(?!css/custom/).+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
try_files $uri =404;
@@ -57,10 +57,14 @@ server {
# But if someone tries to directly access index.php, that file will throw a 404
# so bots and scanners can't tell this is a php app
location = /index.php {
+ # CONFIG:
# If you're running php-fpm on the same server as nginx,
# then change this to the local php-fpm socket
# e.g. fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_pass php:9000;
+
+ # CONFIG:
+ # replace "/var/www/tkr" with the directory you extracted the .zip file to (if different)
fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
@@ -82,10 +86,14 @@ server {
# Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
location @tkr_fallback {
+ # CONFIG:
# If you're running php-fpm on the same server as nginx,
# then change this to the local php-fpm socket
# e.g. fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_pass php:9000;
+
+ # CONFIG:
+ # replace "/var/www/tkr" with the directory you extracted the .zip file to (if different)
fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
@@ -100,3 +108,10 @@ server {
return 404;
}
}
+
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ return 301 https://$host$request_uri;
+}
diff --git a/examples/nginx/subfolder/nginx.conf b/examples/nginx/subfolder/nginx.conf
index b6f8d84..3095e2b 100644
--- a/examples/nginx/subfolder/nginx.conf
+++ b/examples/nginx/subfolder/nginx.conf
@@ -1,20 +1,22 @@
# Example nginx config
-# for serving tkr as a subdfolder without SSL
-# e.g. http://my-domain.com/tkr
+# for serving tkr as a subdfolder with SSL
+# e.g. https://my-domain.com/tkr
#
-# NOTE: Do not use in production.
-# This is provided for docker compose
-# (The included docker-compose file will mount it in the container image)
+# Use SSL in production.
+# This is a minimal SSL confiuration
+# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
server {
- listen 80 default_server;
- listen [::]:80 default_server;
+ listen 443 ssl;
+ listen [::]:443 ssl;
- # replace localhost with your subdomain
- # e.g. tkr.my-domain.com
+ # CONFIG: Replace localhost with your domain e.g. my-domain.com
server_name localhost;
- root /var/www/html;
- index index.html;
+ # CONFIG:
+ # Assumes you're using letsencrypt for cert generation
+ # Replace with the actual paths to your cert and key
+ ssl_certificate /etc/letsencrypt/live/my-domain.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/my-domain.com/privkey.pem;
# Security headers
# The first rule is to prevent including in a frame on a different domain.
@@ -32,6 +34,8 @@ server {
# PHP routing - everything under /tkr goes through index.php
location /tkr {
+ # CONFIG:
+ # replace "/var/www/tkr" with the directory you extracted the .zip file to (if different)
alias /var/www/tkr/public;
index index.php;
@@ -42,16 +46,7 @@ server {
# I've excluded /css/custom so that requests for uploaded css can be handled by the PHP app.
# That lets me store uploaded content outside of the document root,
# so it isn't served directly.
-
- # CSS files - 1 hour cache
- location ~* ^/tkr/(?!css/custom/).+\.css$ {
- expires 1h;
- add_header Cache-Control "public";
- try_files $uri =404;
- }
-
- # Other static assets - 1 year cache
- location ~* ^/tkr/.+\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+ location ~* ^/tkr/(?!css/custom/).+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
try_files $uri =404;
@@ -62,7 +57,14 @@ server {
# But if someone tries to directly access index.php, that file will throw a 404
# so bots and scanners can't tell this is a php app
location = /tkr/index.php {
+ # CONFIG:
+ # If you're running php-fpm on the same server as nginx,
+ # then change this to the local php-fpm socket
+ # e.g. fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_pass php:9000;
+
+ # CONFIG:
+ # replace "/var/www/tkr" with the directory you extracted the .zip file to (if different)
fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
@@ -84,7 +86,15 @@ server {
# Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
location @tkr_fallback {
+ # CONFIG:
+ # If you're running php-fpm on the same server as nginx,
+ # then change this to the local php-fpm socket
+ # e.g. fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_pass php:9000;
+
+ # CONFIG:
+ # replace "/var/www/tkr" with the directory you extracted the .zip file to (if different)
+ fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
@@ -98,4 +108,11 @@ server {
deny all;
return 404;
}
-}
\ No newline at end of file
+}
+
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ return 301 https://$host$request_uri;
+}