I've setup private wiki with DokuWiki. But I've found that if I don't log in, favicon(that displayed next to tab name) and logo(that displayed next to wiki name) aren't shown.
I inspected my wiki while logged out. It had something related to favicon like this:
<link rel="shortcut icon" href="https://redacted.com/_media/favicon.ico">
<link rel="apple-touch-icon" href="https://redacted.com/lib/tpl/mindthedark/images/apple-touch-icon.png">
but when I manually typed https://redacted.com/_media/favicon.ico
in url bar, it gave me 'Forbidden' text only.
This applies to https://redacted.com/_media/logo.png
which refers to logo. This also gives me 'Forbidden' text.
I think I should do something with .htaccess
or redacted.com.conf
(in /etc/nginx/conf.d
) but don't sure what to edit.
Here is my configurations.
.htaccess
## You should disable Indexes and MultiViews either here or in the
## global config. Symlinks maybe needed for URL rewriting.
#Options -Indexes -MultiViews +FollowSymLinks
## make sure nobody gets the htaccess, README, COPYING or VERSION files
<Files ~ "^([\._]ht|README$|VERSION$|COPYING$)">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</Files>
## Don't allow access to git directories
<IfModule alias_module>
RedirectMatch 404 /\.git
</IfModule>
## Uncomment these rules if you want to have nice URLs using
## $conf['userewrite'] = 1 - not needed for rewrite mode 2
RewriteEngine on
RewriteBase /
RewriteRule ^_media/(.*) lib/exe/fetch.php?media=$1 [QSA,L]
RewriteRule ^_detail/(.*) lib/exe/detail.php?media=$1 [QSA,L]
RewriteRule ^_export/([^/]+)/(.*) doku.php?do=export_$1&id=$2 [QSA,L]
RewriteRule ^$ doku.php [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) doku.php?id=$1 [QSA,L]
RewriteRule ^index.php$ doku.php
#
## Not all installations will require the following line. If you do,
## change "/dokuwiki" to the path to your dokuwiki directory relative
## to your document root.
#RewriteBase /dokuwiki
#
## If you enable DokuWikis XML-RPC interface, you should consider to
## restrict access to it over HTTPS only! Uncomment the following two
## rules if your server setup allows HTTPS.
#RewriteCond %{HTTPS} !=on
#RewriteRule ^lib/exe/xmlrpc.php$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
redacted.com.conf
server {
server_name redacted.com;
root /var/www/dokuwiki;
index index.php;
#client_max_body 5M;
#client_body_buffer_size 128k;
location / { try_files $uri $uri/ @dokuwiki; }
location @dokuwiki {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /(conf|bin|inc|vendor)/ {
deny all;
}
location ~ /data/ {
internal;
}
fastcgi_param HTTPS on;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = redacted.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
server_name redacted.com;
return 404; # managed by Certbot
}