How to alias directories in nginx?
The location directive matches against the uri in the request. The root directive and alias directives are both used to indicate where in the filesystem to serve resources from, the difference being that when using root
, the entire URI is still appended to the root; whereas when using alias
, the location part is dropped. See the answer to https://stackoverflow.com/questions/10631933/nginx-static-file-serving-confusion-with-root-alias
So in your case, what you want probably looks like:
server {
listen 80;
server_name myserver.com;
root /var/www;
index index.php;
...
location /vimbadmin/ {
return 404;
}
location /mail2admin/ {
alias /var/www/vimbadmin/public;
try_files $uri $uri/ /index.php?$args;
}
...
}
This prevents anyone from going to myserver.com/vimbadmin/, but if they go to myserver.com/mail2admin/, nginx maps to /var/www/vimbadmin/public
(if you used root /var/www/vimbadmin/public
, nginx would be trying to serve the files from /var/www/vimbadmin/public/mail2admin
, which is not what you want).
Generally speaking however trivial url obfuscation like this should not be considered any kind of defence against hackers. If you want to keep this admin panel safe you should rely on authentication of some kind, and potentially lock it down so it only allows access from approved IPs if that's viable for you. The application itself might offer some user authentication, and you can always add basic http auth. SSL would also be recommended (self-signed if it's something you're only using yourself, or now easy to do for free with LetsEncrypt.org if you want it to be trusted by other people's browsers in the general case).