diff options
| author | Silvino Silva <silvino@bk.ru> | 2016-10-03 22:48:38 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2016-10-03 22:49:20 +0100 |
| commit | c30b14dbcfb60418a0d7fd050a096c9bc20a380b (patch) | |
| tree | 0aa945da5a98a0a1d837ff55338800d0a46db820 /tools/nginx.html | |
| parent | cf0657e1b62b59e2f54bc0cb88870c4db1e36769 (diff) | |
| parent | e6d81cddaba6e3a1583a193ddf1b7405fbdd9889 (diff) | |
| download | doc-c30b14dbcfb60418a0d7fd050a096c9bc20a380b.tar.gz | |
Release 0.2.3
Diffstat (limited to 'tools/nginx.html')
| -rw-r--r-- | tools/nginx.html | 291 |
1 files changed, 167 insertions, 124 deletions
diff --git a/tools/nginx.html b/tools/nginx.html index 8fe632e..0ded2b6 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -7,9 +7,9 @@ <body> <a href="index.html">Tools Index</a> - <h1>1. Nginx</h1> + <h1>Nginx</h1> - <h2 id="install">1.1. Install Nginx</h2> + <h2 id="install">1. Install Nginx</h2> <pre> $ prt-get depinst nginx @@ -21,17 +21,16 @@ UID=xxxxx-xxx-xxx-xxx-xxxxxxxx /srv/www ext4 defaults,nosuid,noexec,nodev,noatime 1 2 </pre> - <p>Remove nginx user or group, system defines www user and group;</p> + <p>Add user nginx to www group;</p> <pre> - # userdel nginx - # groupdel nginx + # usermod -a -G www nginx </pre> - <p>Change default home directory of www user;</p> + <p>Change default home directory of nginx user;</p> <pre> - # usermod -m -d /srv/www www + # usermod -m -d /srv/www nginx </pre> <p>Create configuration directory's for better organization;</p> @@ -42,44 +41,11 @@ $ sudo mkdir /etc/nginx/sites </pre> - <h2 id="logs">1.2. Logs</h2> - - <pre> - $ sudo grep "login" /var/log/nginx/access.log - $ sudo grep "etc/passwd" /var/log/nginx/access.log - $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log - </pre> - - <h2 id="userdir">1.3. User Directory</h2> - - <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> - - <pre> - location ~ ^/~(.+?)(/.*)?$ { - alias /home/$1/public_html$2; - index index.html index.htm; - autoindex on; - } - </pre> - - <p>Directories should have 644 or 664 and - files chmod 755 or 775;</p> - - <pre> - $ sudo find . -type f -print0 | xargs -0 chmod 644 - $ sudo find . -type d -print0 | xargs -0 chmod 755 - </pre> - - <h2 id="certs">1.4. Certificates</h2> + <h2 id="certs">2. Certificates</h2> <p>Certificates allow a more secure connection. Lets create self-signed certificate;</p> - <pre> - $ sudo mkdir /etc/nginx/ssl - $ sudo cd /etc/nginx/ssl - </pre> - <p>Create private key;</p> <pre> @@ -108,11 +74,11 @@ If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:PT - State or Province Name (full name) [Some-State]:Porto + State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: - Common Name (e.g. server FQDN or YOUR name) []:c13.nark.biz.tm + Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net Email Address []: Please enter the following 'extra' attributes @@ -122,38 +88,54 @@ $ </pre> + <p>Having password is a good idea, but requires it every + time nginx is restarted. To remove;</p> + + <pre> + $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass + $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key + </pre> + + <pre> + Enter pass phrase for /etc/ssl/keys/nginx.key.pass: + writing RSA key + </pre> + + <pre> + $ sudo chown nginx /etc/ssl/keys/nginx.key* + $ sudo chmod 0600 /etc/ssl/keys/nginx.key* + # chmod 644 /etc/ssl/certs/exim.cert + </pre> + <p>Sign SSL cetificate;</p> <pre> - $ sudo openssl x509 -req -days 365 -in /etc/ssl/certs/nginx.csr -signkey /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.crt + $ sudo openssl x509 -req -days 365 \ + -in /etc/ssl/certs/nginx.csr \ + -signkey /etc/ssl/keys/nginx.key \ + -out /etc/ssl/certs/nginx.crt + </pre> + Signature ok - subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=c13.nark.biz.tm + subject=/C=PT/ST=Some-State/O=Internet Widgits Pty Ltd/CN=core.privat-network.net Getting Private key Enter pass phrase for /etc/ssl/keys/nginx.key: - $ </pre> - <h3>Remove Password</h3> - - <p>Having password is a good idea, but requires it every - time nginx is restarted. To remove;</p> - <pre> - $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.org - $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.org -out /etc/ssl/keys/nginx.key - Enter pass phrase for /etc/ssl/keys/nginx.key.org: - writing RSA key - $ + $ sudo chown nginx:nginx /etc/ssl/keys/nginx.key* + $ sudo chmod 0600 /etc/ssl/keys/nginx.key* + $ sudo chmod 644 /etc/ssl/certs/nginx.cert </pre> - <h2 id="nginxconf">1.5. Nginx Configuration</h2> + <h2 id="nginxconf">3. Nginx Configuration</h2> - <p><a href="http://wiki.nginx.org/Pitfalls">READ NGINX PITFALLS</a>, + <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>, for more information about optimization <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>, <p>Number of worker_processes must be equal or less than - the number of available cpu cores</p> + the number of available cpu cores. This is set to auto.</p> <pre> $ nproc @@ -168,36 +150,30 @@ 1024 </pre> - <p>Example of http block with ssl configured;</p> + <p>Example of http block with ssl configured;</p> <pre> # - # /etc/nginx/nginx.conf + # /etc/nginx/nginx.conf - nginx server configuration # - user www; - worker_processes 2; - error_log /var/log/nginx/error.log info; + user nginx; + worker_processes auto; + + error_log /var/log/nginx/error.log; + + pid /var/run/nginx.pid; + events { worker_connections 1024; } - http { - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - sendfile on; - #tcp_nopush on; - #keepalive_timeout 620; - keepalive_timeout 65; - client_body_timeout 12; - client_header_timeout 12; - # send_timeout 620; - send_timeout 65; + http { + include mime.types; + default_type application/octet-stream; ## # SSL Settings @@ -209,25 +185,25 @@ ssl_certificate /etc/ssl/certs/nginx.crt; ssl_certificate_key /etc/ssl/keys/nginx.key; - ## - # Logging Settings - ## #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log combined; - error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; - ## - # Gzip Settings - ## + sendfile on; + #tcp_nopush on; - gzip on; - gzip_disable "msie6"; + keepalive_timeout 65; + client_body_timeout 12; + client_header_timeout 12; + send_timeout 65; + + gzip on; gzip_vary on; - gzip_proxied any; + #gzip_proxied any; gzip_comp_level 9; # gzip_buffers 16 8k; # gzip_http_version 1.1; @@ -245,83 +221,150 @@ include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; + } - # End of file </pre> + # End of file + </pre> + + <h2 id="server">4. Server with PHP</h2> + <p>To debug configurations check logs and;</p> - <h2 id="server">1.6. Server with PHP</h2> + <pre> + nginx -V + </pre> - check <a href "../conf/etc/nginx/">configuration directory</a> - for more examples. Install php and composer that is required - by Laravel;</p> + <h3>4.1. Setup PHP</h3> - <h3>1.6.1. Setup PHP</h3> + <p> Install php and setup php.ini as development mode;</p> <pre> - $ prt-get depinst php php-fpm php-gd php-pdo-pgsql composer + $ sudo prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql </pre> <p>Setup php ini in development mode;<p/> <pre> - $ sudo cp /etc/php/php.ini-development php.ini + $ sudo cp /etc/php/php.ini-development /etc/php/php.ini + </pre> + + <pre> $ php --ini Configuration File (php.ini) Path: /etc/php Loaded Configuration File: /etc/php/php.ini Scan for additional .ini files in: /etc/php/conf.d Additional .ini files parsed: /etc/php/conf.d/extensions.ini, /etc/php/conf.d/pdo_pgsql.ini - - $ </pre> - <h3>1.6.2. Setup Virtual Host</h3> + <h3>4.2. Setup Virtual Host</h3> + + <p>Server (virtual host) with pmwiki and flyspray, check + <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> + for more examples. Install pmwiki and flyspray;</p> + + <pre> + $ sudo prt-get depinst pmwiki flyspray + </pre> - <p>Server (virtual host) with Laravel, - /etc/nginx/sites/<a href="../conf/etc/nginx/sites/laravel.conf">laravel.conf</a>;</p> + <p> This server is configured in a way that + root serves pmwiki and /tasks serves flyspray. In order to + flyspray to link correctly change index is needed;</p> <pre> server { listen 443 ssl; - listen [::]:443 ssl; + # listen [::]:443 ssl; - root /srv/www/atom/public; - server_name c13.nark.biz.tm; - index index.html index.htm index.php; + server_name c9.core; - charset utf-8; + root /srv/www/default; - location / { - try_files $uri $uri/ /index.php$is_args$args; + location /distfiles { + alias /usr/ports/distfiles; } - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - access_log off; - error_log /var/log/nginx/c13-nark-biz-tm-error.log error; - sendfile off; + location /tasks { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } - client_max_body_size 100m; + location ~ ^/tasks(.+\.php)$ { + alias /srv/www/default/flyspray; - location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; } - location ~ /\.ht { - deny all; + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; } } </pre> + <p>Change /srv/www/default/flyspray/index.php to;</p> + + <pre> + <?php + /* + This is the main script that everything else is included + in. Mostly what it does is check the user permissions + to see what they have access to. + */ + define('IN_FS', true); + $_SERVER['SCRIPT_NAME'] = "/bug/index.php"; + require_once(dirname(__FILE__).'/header.php'); + </pre> + + <h2 id="userdir">5. User Directory</h2> + + <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> + + <pre> + location ~ ^/~(.+?)(/.*)?$ { + alias /home/$1/public_html$2; + index index.html index.htm; + autoindex on; + } + </pre> + + <p>Directories should have 644 or 664 and + files chmod 755 or 775;</p> + + <pre> + $ sudo find . -type f -print0 | xargs -0 chmod 644 + $ sudo find . -type d -print0 | xargs -0 chmod 755 + </pre> + + <h2 id="logs">6. Logs</h2> + + <pre> + $ sudo grep "login" /var/log/nginx/access.log + $ sudo grep "etc/passwd" /var/log/nginx/access.log + $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log + </pre> + + <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. |