Nginx

The Nginx configuration could look something like.

server {
    listen 80;
    listen [::]:80;

    server_name sulu.lo;
    root /var/www/sulu.lo/public;

    error_log /var/log/nginx/sulu.lo.error.log;
    access_log /var/log/nginx/sulu.lo.at.access.log;

        # recommended security headers
    add_header X-Frame-Options sameorigin;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    location / {
        # try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;
    }

    # expire
    location ~* \.(?:ico|css|js|gif|webp|jpe?g|png|svg|woff|woff2|eot|ttf|mp4)$ {
        # try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;
        access_log off;
        expires 1y;
        add_header Pragma public;
        add_header Cache-Control "public, immutable";
    }

    # pass the PHP scripts to FastCGI server from upstream phpfcgi
    location ~ ^/(index|config)\.php(/|$) {
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        internal;
    }
}

In your /etc/nginx/nginx.conf we recommend to enable gzip:

gzip on;

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
        # text/html is always compressed by HttpGzipModule
        # Source: https://github.com/google/ngx_brotli#sample-configuration
        application/atom+xml
        application/javascript
        application/json
        application/rss+xml
        application/vnd.ms-fontobject
        application/x-font-opentype
        application/x-font-truetype
        application/x-font-ttf
        application/x-javascript
        application/xhtml+xml
        application/xml
        font/eot
        font/opentype
        font/otf
        font/truetype
        image/svg+xml
        image/vnd.microsoft.icon
        image/x-icon
        image/x-win-bitmap
        text/css
        text/javascript
        text/plain
        text/xml

        # Additional:
        application/xml+rss
        font/ttf
        text/x-component
    ;

# if your nginx supports brotli you can do same for brotli
# see: https://github.com/google/ngx_brotli#sample-configuration

Warning

Be sure to also configure your local host-file, if running Sulu locally.

File upload

By default nginx has a file limit of 2MB when uploading files. To increase this add the following to your nginx.conf:

# ...

http {
    client_max_body_size 512m;

    # ...
}

Don’t forget to also increase the post_max_size and upload_max_filesize in your php.ini.

File Permissions

Finally, we need to fix the permissions of our project so that the web server is able to read and write them.

Linux

Run the following commands on Linux:

HTTPDUSER=`ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX var public/uploads
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX var public/uploads

Mac OSX

Or these commands for Mac OSX:

HTTPDUSER=`ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`
sudo chmod +a "$HTTPDUSER allow delete,write,append,file_inherit,directory_inherit" var public/uploads
sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" var public/uploads

Windows

Or these commands for Windows (with IIS web server):

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @("IUSR","FullControl","ObjectInherit, ContainerInherit","None","Allow")
$folders = "var", "public\uploads"
foreach ($f in $folders) { $acl = Get-Acl $f; $acl.SetAccessRule($rule); Set-Acl $f $acl; }