Mautic Nginx Configuration

README.md

Mautic Nginx Configuration

These files allow you to configure Mautic using Nginx.

nginx-mautic.conf

server {
        listen 443 ssl; # managed by Certbot
        server_name   your.mautic.location;
        root /your/mautic/path ;
        server_tokens off;
	      add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';


 
	client_max_body_size 64M;
 
        gzip on;
	gzip_disable "msie6";
        gzip_min_length 256;

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
        gzip_types
            font/truetype
            font/opentype
            font/woff2
            text/plain
            text/css
            text/js
            text/xml
            text/javascript
            application/javascript
            application/x-javascript
            application/json
            application/xml
            application/rss+xml
            image/svg+xml;
       
            error_page 404 /index.php;


    # redirect index.php to root
    rewrite ^/index.php/(.*) /$1  permanent;

    #######################################
    ##  Start Mautic Specific config #####
    #######################################

    # redirect some entire folders
    rewrite ^/(vendor|translations|build)/.* /index.php break;

    location / {

		# First attempt to serve request as file, then
		# as directory, then fall back to index.html
        # one option: try_files $uri $uri/ /index.php$is_args$args;
        try_files $uri /index.php$is_args$args;
 		# Uncomment to enable naxsi on this location
		# include /etc/nginx/naxsi.rules
	}

    # Deny everything else in /app folder except Assets folder in bundles
    location ~ /app/bundles/.*/Assets/ {
        allow all;
        access_log off;
    }
    location ~ /app/ { deny all; }

    # Deny everything else in /addons or /plugins folder except Assets folder in bundles
    location ~ /(addons|plugins)/.*/Assets/ {
        allow all;
        access_log off;
    }
    # location ~ /(addons|plugins)/ { deny all; }

    # Deny all php files in themes folder
    location ~* ^/themes/(.*)\.php {
        deny all;
    }

    # Don't log favicon
    location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    }

    # Don't log robots
    location = /robots.txt  {
    	access_log off;
    	log_not_found off;
    }

    # Deny yml, twig, markdown, init file access
    location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, composer files
    location ~* (Gruntfile|package|composer)\.(js|json)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    #######################################
    ##  End Mautic Specific config #####
    #######################################

        location ~*  \.(jpg|jpeg|png|ico|pdf)$ {
                expires 15d;
        }

	# Deny access to any files with a .php extension in the uploads directory
        location ~* /(?:uploads|files)/.*\.php$ {
                deny all;
        }

        # Solve email tracking pixel not found
        location ~ email/(.*).gif {
        try_files $uri /index.php?$args;
        }
        # Solve JS Loading 404 Error
        location ~ (.*).js {
        try_files $uri /index.php?$args;
        }
 
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_index index.php;
                fastcgi_pass  127.0.0.1:9003;
                fastcgi_param   SCRIPT_FILENAME
                                $document_root$fastcgi_script_name;
                include       fastcgi_params;
        }
    ssl_certificate /etc/letsencrypt/live/<TLS SERVER NAME>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<TLS SERVER NAME>/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

php-fpm-mautic.conf

[mautic]
user = apache
group = apache
listen = 127.0.0.1:9003
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
slowlog = /var/log/php-fpm/mautic-slow.log
php_admin_value[error_log] = /var/log/php-fpm/mautic-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
php_admin_value[open_basedir] = /your/path/to/mautic

Hello sir, I am using above configuration for my mautic server, running well, but getting an error: Access to XMLHttpRequest at 'https://mautic.saa9vi.com/mtc/event' from origin 'https://www.saa9vi.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Any suggestion, Thanks in advance

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin has good documentation on what this error message means and how to fix it.

I'm not using this code anymore, so I don't have anything to hand to demonstrate the exact fix, but a quick google reveals quite a few answers to the problem so hopefully the above will help.