Nginx server block for Flarum

JasonHacks

Recently, I decided to try my hand using Nginx after using Apache for 15+ years. Through some trial and error, I think I finally came up with a solid starting point for a Nginx server block file when using Flarum.

This first block will listen on port 80 for all HTTP requests, and redirect them to HTTPS. Notice how it sends them to the www. domain as well. This is what we want.

server {
	listen 80;
	listen [::]:80;

	server_name example.com www.example.com;
	return 301 https://www.example.com$request_uri;
}

Next, we have a server block that handles HTTPS requests, but only those that don't have www. in the domain. We want to force users to use www. for consistency reasons.

server {
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name example.com;
	return 301 https://www.example.com$request_uri;

	# We need to include our SSL certs every time we have a separate
	# HTTPS server block
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

Now, finally we get to send everything off to Flarum to handle. Here is where we set a custom client_max_body_size var so that we can upload files larger than the default of 1M!

server {
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name www.example.com;
	root /var/www/public;
	index index.php index.html;

	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

	# Flarum .nginx.conf
	include /var/www/flarum/.nginx.conf;

	# Increase client_max_body_size for uploads
	client_max_body_size 150M;

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php8.3-fpm.sock;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
	}
}

Hopefully this helps anyone looking to set this up for themselves! And also, if you have any suggestions or comments, please let me know! Always looking to learn.

KBExit

JasonHacks might be personal preference or maybe not. But I think consistency matters, it's universal to force everyone to NOT use the www and just push to raw https

JasonHacks

KBExit I think it boils down to personal preference. I've had my servers set up to force www for years. Either one works, however I prefer to see www for consistency reasons as I also have several subdomains.

I'm also slightly OCD about how my domains look in the address bar 😅

KBExit

JasonHacks I mean it makes sense. When I was a kid EVERYTHING was www.
Like double u double u double u dot club penguin dot com

But lately, there's been a shift lol

JasonHacks

KBExit Agreed. I think the shift started with URL shorteners because of Twitter's character limit. The days of http://j.mp/ and http://bit.ly and such lol

KBExit

JasonHacks the days of 50/50 virus or true 🤣