"Idiomatic" Gallery3 configuration

Hello world,

I’ve looked around the net for quite some time to find a suitable
configuration for nginx that allows me to run Gallery3 with php-fpm.
Unfortunately, the search results weren’t that helpful. So I carefully
read through the official documentation for “location” and
“try_files”, and I think I managed to get something that could serve
as a basis. Since I still lack experience with nginx, I’d really
appreciate any help you could give me with cleaning up that

To recap, what needs to be achieved is (examples only):

  1. /lib/images/logo.png -> pass through
  2. /Controller?param -> /index.php?kohana_uri=Controller?param
  3. /index.php/Controller?param -> /index.php?kohana_uri=Controller?param
  4. /var/(albums|thumbs|resizes) -> /file_proxy/$1 (continue with #2)
  5. deny access to /var/(logs|tmp|tmp) and /bin
  6. deny access to .htaccess, config.inc.php and so on
  7. set “Expires” headers to static content (to make YSlow happy :slight_smile:

The configuration I’ve come up with is:

is that outer location block actually needed?

location / {
location ~ /(index.php/)?(.+)$ {
try_files $uri /index.php?kohana_uri=$2&$args;

# is it possible/desirable to consolidate access control to
# special files within one regexp (and not three?)
location ~ /\.(ht|tpl(\.php?)|sql|inc\.php|db)$ {
  deny all;
# see previous comment
location ~ /var/(uploads|tmp|logs) {
  deny all;
# see previous comment
location ~ /bin {
  deny all;

location ~ /var/(albums|thumbs|resizes) {
  # instead of repeating "albums|thumbs..", can I use $1 here? and
  # will $2 still be a valid capture then? Something like
  # "rewrite ^/var/$1/(.*)$ /file_proxy/$2 last; perhaps?"

  # furthermore, is this a legitimate use of "rewrite"?
  rewrite ^/var/(albums|thumbs|resizes)/(.*)$ /file_proxy/$2 last;

location ~* \.(js|css|png|jpg|jpeg|gif|ico|ttf)$ {
  try_files $uri /index.php?kohana_uri=$uri&$args;
  expires 30d;

location = /index.php {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/vhost-3222.sock;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;

There are a couple of things I’m unsure about and a few other things
that I’m unhappy with - I’ve outlined them with comments:

  1. Is the outer “location /” block actually needed?
  2. As you can see, I’m using three regexps to protect special
    directories. Is it desirable to consolidate those into one
  3. The location block protecting “/var/(albums|…)” already captures
    a part of the URL - can I refer to “$1” in the “rewrite” clause? If
    so, can I still refer to “$2”? What would be the proper way to
    handle this?
  4. From reading through a lot of threads, I get the impression that
    the use of “rewrite” is actually frowned upon. Is my use of
    “rewrite” a “legitimate” one?

Furthermore, I’d like to make the configuration a bit more “generic”.
As of now, it is assumed that the application is actually installed in
the server’s root directory. Could I use a variable to store the
actual installation root and refer to this within the “location”

I’d appreciate any and all insights you could share with me. Please
don’t hesitate to tell me when I need to read certain parts of the
documentation again :slight_smile:


As far as I can tell, this looks good to me, and it’s better to use
than “if”, which is what (sadly) the Gallery3 wiki still shows.

My current issue is that album thumbnails, which use an URL ending in
.album.jpg?.. (a dot before the album name, a query with a
mark after .jpg) doesn’t seem to be caught by these rules and throws a
I wonder why, because rewrite ^/var/(albums|thumbs|resizes)/(.*)$
/file_proxy/$2 last;
should catch it.

Maybe it needs another rewrite rule, e.g.

rewrite ^/var/(albums|thumbs|resizes)/(.)?(.)$ /file_proxy/$2?$3

I haven’t tested it out, though. I’m still very shaky with nginx

Thanks for posting this. I’m glad to see that there are plenty of people
using Gallery3 with nginx. It makes a lot of sense, since images can be
accessed directly by nginx and served immediately without the need to go
through the PHP processor…

Posted at Nginx Forum: