TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/wikioasis/salt/llms.txt
Use this file to discover all available pages before exploring further.
nginx state installs and configures Nginx as the web server on all mw* and apps* servers. Rather than maintaining individual per-wiki vhost files, WikiOasis uses a two-part template system: a shared mediawiki-common.conf snippet that contains all location blocks, FastCGI configuration, and security headers, and a mediawiki-vhosts.conf that iterates over nginx:server_blocks to emit one server {} block per set of hostnames. A third template, custom-domains.conf, handles wikis that have been mapped to external domain names, serving ACME challenge tokens alongside the normal MediaWiki config.
What gets installed and configured
Package
Installs the
nginx package via apt and removes the default sites-enabled/default vhost.Snippets directory
Creates
/etc/nginx/snippets/ and places mediawiki-common.conf there for inclusion by all server blocks.MediaWiki vhosts
Writes
/etc/nginx/conf.d/mediawiki-vhosts.conf from server_blocks pillar entries.Custom domains
Writes
/etc/nginx/conf.d/custom_domains.conf from nginx:custom_domains pillar entries. Removes legacy custom_domains and custom_domains_include.conf paths.reload: True, meaning configuration changes trigger a graceful reload rather than a full restart.
Pillar keys
| Key | Default | Description |
|---|---|---|
nginx:doc_root | /srv/mediawiki | Document root passed to the mediawiki-common.conf snippet |
nginx:csp_header | (empty) | Full Content-Security-Policy header value |
nginx:permission_policy_header | (empty) | Permissions-Policy header value |
nginx:server_blocks | [] | List of server block definitions for mediawiki-vhosts.conf |
nginx:custom_domains | {} | Map of wiki slug → custom domain configuration |
php:version | 8.3 | PHP version; used to derive the FPM socket path |
php:fpm:listen | (derived) | FPM listen address; defaults to unix:/run/php/php<version>-fpm.sock |
mediawiki-common.conf snippet
The snippet at/etc/nginx/snippets/mediawiki-common.conf is included by every MediaWiki server block. It sets the document root, configures all MediaWiki URL patterns, and emits security headers.
| Pattern | Behaviour |
|---|---|
= /robots.txt | Tries static file, falls back to /w/config/robots.php |
= /sitemap.xml | Rewrites to /w/sitemap.php |
~ ^/images/(.*)$ | Returns 301 to static.wikioasis.org/$1 |
/ | Tries static file, falls back to /w/index.php |
/wiki/ | Rewrites to /w/index.php?title=... |
~ /w/.*\.php$ | FastCGI to PHP-FPM with MW_ENV production |
~ ^/w/rest\.php | REST API — FastCGI to PHP-FPM |
~ ^/w/(includes|vendor|...) | Deny all (protects internals) |
mediawiki-vhosts.conf
Generated fromnginx:server_blocks pillar. Each entry in the list becomes one server {} block that includes the shared mediawiki-common.conf snippet:
Production server_blocks pillar
CSP header
Thenginx:csp_header pillar value is a multi-directive Content Security Policy string. Because the policy is long and spans many origins, it is defined in pillar as a YAML block scalar:
The CSP is currently emitted in Report-Only mode (
report-uri only) via an external reporting endpoint. Violations are sent to wikioasis.report-uri.com for review before enforcement is tightened.Custom domains
Wikis that use external domain names (e.g.www.drawing.wiki mapped to drawingwiki) are declared under nginx:custom_domains. Each entry produces a dedicated server {} block that includes mediawiki-common.conf and also serves an ACME challenge token at /.well-known/acme-challenge/<location>.
Custom domain pillar structure
| Key | Description |
|---|---|
server_name | The external domain (e.g. www.drawing.wiki) |
listen | Port to listen on (default: 80) |
location | The ACME challenge token path component |
return | The full ACME challenge response body |
database_name | The wiki’s internal database name for sitemap routing |