Add instructions for nginx

diff --git a/README.md b/README.md
index a41a4ea0e126c6b6f25465d976b860355362702b..648a85a71904aae15711c6874f4f6cc6ed2059d2 100644 (file)
--- a/README.md
+++ b/README.md
@@ -64,10 +64,19 @@ You have several options:
 - Move var folder to a place on your server which can't be directly accessed
 - Disable automatic listing on your web server config or place a index.html in var's sub-directory (this is a limited solution)
 
-If you are using Apache, you can add the following lineto your configuration to prevent people to access to your ```var``` folder:
+If you are using Apache, you can add the following line to your configuration to prevent people to access to your ```var``` folder:
 
 ```RedirectMatch 301 ^/var-.* http://my.service.jirafeau ```
 
+If you are using nginx, you can add the following to your $vhost.conf:
+
+```nginx
+location ~ /var-.* {
+    deny all;
+    return 404;
+}
+```
+
 You should also remove un-necessessary write access once the installation is done (ex: configuration file).
 An other obvious basic security is to let access users to the site by HTTPS.
 
@@ -168,6 +177,18 @@ Simply go to ```/script.php``` with your web browser.
 
 Be sure your PHP installation is not using safe mode, it may cause timeouts.
 
+If you're using nginx, you might need to increase `client_max_body_size` or remove the restriction altogether. In your nginx.conf:
+
+```nginx
+http {
+    # disable max upload size
+    client_max_body_size 0;
+    # add timeouts for very large uploads
+    client_header_timeout 30m;
+    client_body_timeout 30m;
+}
+```
+
 ### How can I monitor the use of my Jirafeau instance?
 
 You may use Munin and simple scripts to collect the number of files in the Jirafeau instance as well as the disk space occupied by all the files. You can consult this [web page](https://blog.bandinelli.net/index.php?post/2016/05/15/Scripts-Munin-pour-Jirafeau).