IDE:TYPO3
composer create-project "typo3/cms-base-distribution:^13.4" /var/www/typo3
# TYPO3 13 LTS – NGINX vhost
# Datei: sudo nano /etc/nginx/conf.d//typo3.conf
server {
listen 80;
server_name example.com www.example.com;
# Composer-Setup: DocumentRoot zeigt auf das "public" Verzeichnis
root /var/www/typo3/public;
index index.php index.html;
charset utf-8;
client_max_body_size 32m;
include /etc/nginx/monitoring.conf;
index index.php index.htm index.html;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
error_log /dev/stdout info;
access_log /var/log/nginx/access.log;
# Security: Content-Security-Policy
# =================================
#
# Add CSP header for possible vulnerable files stored in fileadmin see:
# * https://typo3.org/security/advisory/typo3-psa-2019-010
# * https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/Security/GuidelinesAdministrators/ContentSecurityPolicy.html
# * https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
# matching requested *.pdf files only (strict rules block Safari showing PDF documents)
location ~ /(?:fileadmin|uploads)/.*\.pdf$ {
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;";
}
# matching anything else, using negative lookbehind pattern
location ~ /(?:fileadmin|uploads)/.*(?<!\.pdf)$ {
add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';";
# Deliver media files as WebP if available. The file as WebP must be in
# the same place (Original: "example.jpg", WebP: "example.jpg.webp").
try_files $uri$webp_suffix $uri =404;
}
# TYPO3 11 Frontend URL rewriting support
location / {
absolute_redirect off;
try_files $uri $uri/ /index.php$is_args$args;
}
# TYPO3 11 Backend URL rewriting support
location = /typo3 {
rewrite ^ /typo3/;
}
# check if /typo3/index.php exists
set $typo3_index_exists 0;
if (-f $document_root/typo3/index.php) {
set $typo3_index_exists 1;
}
location /typo3/ {
absolute_redirect off;
try_files $uri $typo3_index$is_args$args;
}
# pass the PHP scripts to FastCGI server listening on socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors off;
# fastcgi_read_timeout should match max_execution_time in php.ini
fastcgi_read_timeout 10m;
fastcgi_param SERVER_NAME $host;
fastcgi_param HTTPS $fcgi_https;
# Pass the X-Accel-* headers to facilitate testing.
fastcgi_pass_header "X-Accel-Buffering";
fastcgi_pass_header "X-Accel-Charset";
fastcgi_pass_header "X-Accel-Expires";
fastcgi_pass_header "X-Accel-Limit-Rate";
fastcgi_pass_header "X-Accel-Redirect";
}
# Compressing resource files will save bandwidth and so improve loading speed especially for users
# with slower internet connections. TYPO3 can compress the .js and .css files for you.
# *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
# *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
# config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
location ~ \.js\.gzip$ {
add_header Content-Encoding gzip;
gzip off;
types { text/javascript gzip; }
}
location ~ \.css\.gzip$ {
add_header Content-Encoding gzip;
gzip off;
types { text/css gzip; }
}
# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
deny all;
}
# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
deny all;
}
# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
deny all;
}
# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
deny all;
}
# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
deny all;
}
# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
deny all;
}
# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
deny all;
}
# TYPO3 - Block access to libaries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
deny all;
}
# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
deny all;
}
if (!-e $request_filename) {
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
include /etc/nginx/common.d/*.conf;
include /mnt/ddev_config/nginx/*.conf;
}
==Dateirechte==
<pre>
sudo chown -R www-data:www-data /var/www/typo3
sudo chmod -R 775 /var/www/typo3
sudo chown www-data:www-data /var/www/typo3/public/typo3/install.php sudo chmod 644 /var/www/typo3/public/typo3/install.php