bastille_templates/mediawiki/nginx_site/mediawiki.conf

server {
  listen ${WEBSITE.PORT};
  root /usr/local/www/${WEBSITE.NAME};
  index index.php;

	# Location for wiki's entry points
	location ~ ^/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
          # Mitigate https://httpoxy.org/ vulnerabilities
          fastcgi_param HTTP_PROXY "";
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_index index.php;                                                                                                                                                                                                                                                                                
	  # include the fastcgi_param setting
	  include fastcgi_params;    
	  # SCRIPT_FILENAME parameter is used for PHP FPM determining 
	  #  the script name. If it is not set in fastcgi_params file,
	  # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
	  # please comment off following line:
	  fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;                                                                      
	}
	
	# Images
	location /images {
		# Separate location for images/ so .php execution won't apply
	}
	location /images/deleted {
		# Deny access to deleted images folder
		deny all;
	}
	# MediaWiki assets (usually images)
	location ~ ^/resources/(assets|lib|src) {
		try_files $uri 404;
		add_header Cache-Control "public";
		expires 7d;
	}
	# Assets, scripts and styles from skins and extensions
	location ~ ^/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
		try_files $uri 404;
		add_header Cache-Control "public";
		expires 7d;
	}
	# Favicon
	location = /favicon.ico {
		alias /images/6/64/Favicon.ico;
		add_header Cache-Control "public";
		expires 7d;
	}

	# License and credits files
	location ~ ^/(COPYING|CREDITS)$ {
		default_type text/plain;
	}
	
	## Uncomment the following code if you wish to use the installer/updater
	## installer/updater
	location /mw-config/ {
		# Do this inside of a location so it can be negated
	location ~ \.php$ {
			include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
			fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
		}
	}
	
	# Handling for Mediawiki REST API, see [[mw:API:REST_API]]
	location /rest.php/ {
		try_files $uri $uri/ /rest.php?$query_string;
	}

	## Uncomment the following code for handling image authentication
	## Also add "deny all;" in the location for /w/images above
	#location /w/img_auth.php/ {
	#	try_files $uri $uri/ /w/img_auth.php?$query_string;
	#}


	# Allow robots.txt in case you have one
	location = /robots.txt {
	}
	# Explicit access to the root website, redirect to main page (adapt as needed)
	location = / {
		return 301 /index.php;
	}

	# Every other entry point will be disallowed.
	# Add specific rules for other entry points/images as needed above this
	location / {
		return 404;
	}
}