nixos-module/invoiceninja.nix: update nginx to work with Invoice Ninja

2026-05-25 19:09:49 -04:00
parent 808b9a7fe9
commit 878134dd4b
1 changed files with 30 additions and 17 deletions
@@ -498,11 +498,35 @@ in
          addSSL = lib.mkForce (if (cfg.hostname == "localhost") then false else true);
          enableACME = lib.mkForce (if (cfg.hostname == "localhost") then false else true);
          locations = {
+            # Handle Laravel Routes
            "/".tryFiles = "$uri $uri/ /index.php?$query_string";
-            "/".extraConfig = ''
+
+            # PHP Processing
+            "~ \\.php$".extraConfig = ''
+              include ${config.services.nginx.package}/conf/fastcgi_params;
+              fastcgi_param SCRIPT_FILENAME $request_filename;
+              fastcgi_split_path_info ^(.+\.php)(/.+)$;
+              fastcgi_pass unix:${config.services.phpfpm.pools.invoiceninja.socket};
+              fastcgi_index index.php;
+            '';
+
+            # Security: Deny access to hidden files
+            "~ /\\.ht".extraConfig = "deny all;";
+
+            # Static Files Caching
+            "~* \\.(jpg|jpeg|png|gif|ico|css|js)$".extraConfig = ''
+              expires 1y;
+              add_header Cache-Control "public, immutable";
+            '';
+          };
+          extraConfig = ''
+            index index.php index.html index.htm;
+            error_page 404 /index.php;
+
            if (!-e $request_filename) {
-                rewrite ^(.+)$ /index.php?q=$1 last;
+              rewrite ^(.+)$ /index.php?q= last;
            }
+
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' '*';
            add_header 'Access-Control-Max-Age' 0;
@@ -511,16 +535,6 @@ in
            add_header 'Access-Control-Expose-Headers' 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE';
            add_header 'Access-Control-Allow-Credentials' false;
          '';
-            "~ \\.php$".extraConfig = "return 403;";
-            "= /index.php".extraConfig = ''
-              fastcgi_pass unix:${config.services.phpfpm.pools.invoiceninja.socket};
-            '';
-            "~ /\\.ht".extraConfig = "deny all;";
-          };
-          extraConfig = ''
-            index index.html index.htm index.php;
-            error_page 404 /index.php;
-          '';
        }
        (lib.mkIf (cfg.hostname != "localhost") {
          forceSSL = lib.mkDefault true;
@@ -553,9 +567,8 @@ in
            hostName = lib.mkForce proto_hostname;
            extraConfig = ''
              encode zstd gzip
-              root * ${invoiceninja}/public
+              root ${invoiceninja}/public
              php_fastcgi unix/${config.services.phpfpm.pools.invoiceninja.socket}
-              try_files {path} /index.html
              header {
                Access-Control-Allow-Origin "*"
                Access-Control-Allow-Methods "*"