1. Permission check
In check/index.php, line 859, the condition of permission check is to check directory '.':
Code
'condition' => is_writable('.'),
2. Rewrite
Since nginx doesn't support .htaccess rewrite rules, rewrite in X3 seems turned off. But even rewrite is turned off, the urls of thumbnails in panel didn't change, they looked like this:
I converted some rules in .htaccess and temporarily solved this issue, links like
https://gallery.yunzhu.li/examples/gallery/vertical/ and
https://gallery.yunzhu.li/render/w100-c ... -cream.jpg
are now working. However X3 still navigates to /?/... and I guess it's because X3 looks for the apache module 'mod_rewrite' which doesn't exist on my server.
I also found some rules that deny access to directories and files, I guess maybe this can cause potential security issues?
I hope the release version will have better support with nginx , at least not security issues.
This is the current nginx configuration for X3 on my server:
Code
# Imagevue
# Rewrite any calls to *.html, *.json, *.xml, *.atom, *.rss, *.rdf or *.txt if a folder matching * exists
if (!-f $request_filename) {
set $rule_0 1$rule_0;
}
if ($uri !~ "public/") {
set $rule_0 2$rule_0;
}
if (!-f $document_root/public/$1.$2) {
set $rule_0 3$rule_0;
}
if ($rule_0 = "321") {
rewrite /(.+).(html|json|xml|atom|rss|rdf|txt)$ /$1/ last;
}
# Rewrite any calls to /render to the image parser
if ($uri ~ "render/") {
rewrite ^/render/. /app/parsers/slir/ last;
}
# Rewrite any calls to /* or /app to the index.php file
if ($uri ~ "/app/$") {
rewrite ^/app/ /index.php last;
}
# Rewrite any calls to /* or /app to the index.php file
if (!-f $request_filename) {
set $rule_3 1$rule_3;
}
if (!-d $request_filename) {
set $rule_3 2$rule_3;
}
if ($rule_3 = "21"){
rewrite ^/(.*)/$ /index.php?/$1/ last;
}
# Rewrite any file calls to the public directory
if (!-f $request_filename) {
set $rule_4 1$rule_4;
}
if (!-d $request_filename) {
set $rule_4 2$rule_4;
}
if ($uri !~ "public/") {
set $rule_4 3$rule_4;
}
if ($rule_4 = "321"){
rewrite ^/(.+)$ /public/$1 last;
}
# Prevent access to .txt & .yml files
location ~ ".(txt|yml)$" {
deny all;
}
# Increase cookie security
# Add fastcgi_param PHP_VALUE "session.cookie_httponly true"