diff options
Diffstat (limited to 'tools/nginx.html')
| -rw-r--r-- | tools/nginx.html | 205 |
1 files changed, 93 insertions, 112 deletions
diff --git a/tools/nginx.html b/tools/nginx.html index 0420e70..21abb90 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -155,9 +155,7 @@ <h2 id="nginxconf">3. Nginx Configuration</h2> - <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>, - for more information about optimization - <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>, + <p>This is the "main" nginx configuration not the servers, the way this configuration is setup nginx will load virtual servers configuration files with extension .conf from /etc/nginx/sites-enabled/.</p> <p>Number of worker_processes must be equal or less than the number of available cpu cores. This is set to auto.</p> @@ -186,11 +184,10 @@ user www; worker_processes auto; - error_log /var/log/nginx/error.log; + error_log syslog:server=unix:/dev/log debug; pid /var/run/nginx.pid; - events { worker_connections 1024; } @@ -199,9 +196,9 @@ include mime.types; default_type application/octet-stream; - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; #tcp_nopush on; @@ -216,13 +213,8 @@ #client_header_timeout 12; client_header_timeout 24; - #client_max_body_size 10000M; - #keepalive_timeout 10000; - #client_body_timeout 10000; - #client_header_timeout 10000; send_timeout 65; - gzip on; gzip_vary on; #gzip_proxied any; @@ -234,14 +226,19 @@ include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; - } # End of file </pre> - <h2 id="server">4. Server with PHP</h2> - <p>To debug configurations check logs and;</p> + <h2 id="server">4. Virtual servers</h2> + + <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a> and + <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">configuration optimization</a>.<p> + + <p>This setup uses default virtual server as a proxy, this allows to have a clean configuration file and delegate application specific settings to other servers. Other virtual servers can run on same machine or other machines, allowing greater compartmentalization.</p> + + <p>When testing or debugging configurations is useful to run nginx with following option;</p> <pre> nginx -V @@ -270,31 +267,19 @@ /etc/php/conf.d/pdo_pgsql.ini </pre> - <h3 id="virtual-host">4.2. Setup Virtual Host</h3> - - <p>Server (virtual host) with pmwiki and flyspray, check - <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> - for more examples. Install pmwiki and flyspray;</p> - - <pre> - $ sudo prt-get depinst pmwiki flyspray - </pre> + <h3 id="default-server">4.2. Setup default server</h3> - <p> This server is configured in a way that - root serves pmwiki and /tasks serves flyspray. In order to - flyspray to link correctly change index is needed. Create /etc/nginx/sites-enabled/machine.example.org.conf;</p> + <p>Default server that acts as a proxy except for /doc, with ssl certificates (serves port 443 and 80). Each location is proxy ed to correspondent virtual server.</p> <pre> server { + listen 80 default_server; + server_name tribu.semdestino.org; - listen 443 ssl; - listen 80; - server_name machine.example.org; - - # listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/machine.example.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/machine.example.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/machine.example.org/chain.pem; + listen 443 ssl default_server; + ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; @@ -306,112 +291,109 @@ ssl_stapling on; ssl_stapling_verify on; - access_log /var/log/nginx/example_access.log; - error_log /var/log/nginx/example_error.log; - - root /srv/www/; + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug; - location /mirror { - #alias /usr/ports/releases; - proxy_pass http://10.0.0.3:80/; - } - - location /builder { - rewrite ^/blog(.*) /$1 break; - proxy_pass http://10.0.0.3:80; - } + root /etc/html/; location /doc { alias /srv/www/doc; index index.html; } - location /git/static { - # static files (png/css) served from /usr/share/gitweb/static - alias /srv/www/gitweb/static; + location /pub { + proxy_pass http://wiki.c2.ank:8080; + } + + location /wiki { + proxy_pass http://wiki.c2.ank:8080; } location /git { - alias /srv/www/gitweb; - index gitweb.cgi; - fastcgi_split_path_info ^/git()(/?.+)$; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; - fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; - - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.sock; + proxy_pass http://git.c2.ank:8080; } - location /chat { - index index.php; - alias /srv/www/chat; - try_files $uri $uri/ index.php$is_args$args; + location /forum { + proxy_pass http://forum.c2.ank:8080; } - location ~ ^/chat(.+\.php)$ { ### This location block was the solution - alias /srv/www/chat; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - try_files $uri /index.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; - # fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + location /task { + proxy_pass http://task.c2.ank:8080; } + location /shop { + proxy_pass http://shop.c2.ank:8080; + } - location /task { - index index.php; - alias /srv/www/flyspray; - try_files $uri $uri/ index.php$is_args$args; + location /email { + proxy_pass http://email.c2.ank:8080; } - location ~ ^/task(.+\.php)$ { ### This location block was the solution - alias /srv/www/flyspray; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - try_files $uri /index.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; - # fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + location /mirror { + proxy_pass http://c1.ank; } - location /pub { - alias /srv/www/pmwiki/pub; + # ACME challenge + location ^~ /.well-known { + proxy_pass http://wiki.c2.ank; } - location /wiki { - alias /srv/www/pmwiki/; - index pmwiki.php; - try_files $uri $uri/ /pmwiki.php$is_args$args; + + location / { + proxy_pass http://frontpage.c2.ank; } - location ~ ^/wiki(.+\.php)$ { - alias /srv/www/pmwiki; - index pmwiki.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index pmwiki.php; - try_files $uri /pmwiki.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + } + </pre> + + <h3 id="virtual-server">4.3. Setup virtual server</h3> + + <p>Example of pmwiki virtual server, check <a href="conf/etc/nginx/sites-enabled/">/etc/nginx/sites-enabled</a> for the rest of examples mentioned <a href="#default-server">default server</a>. If wiki server is running on same machine add following to /etc/hosts;</p> + + <pre> + 127.0.0.1 wiki.c2.ank + </pre> + + <p>Edit /etc/nginx/sites-enabled/wiki.c2.ank.conf;</p> + + <pre> + server { + listen 8080; + server_name wiki.c2.ank; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_wiki,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_wiki_err,nohostname debug; + + root /srv/www/; + + location /pub { + alias /srv/www/wiki/pub; } # ACME challenge location ^~ /.well-known { allow all; - alias /srv/www/pmwiki/pub/cert/.well-known/; + alias /srv/www/wiki/pub/cert/.well-known/; default_type "text/plain"; try_files $uri =404; } - location / { - alias /srv/www/frontpage/; - index index.html; - try_files $uri $uri/ /index.html$is_args$args; + location @pmwiki { + rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1; + } + + location /wiki { + index pmwiki.php; + try_files $uri $uri/ @pmwiki; } + location ~ ^\/wiki(.+\.php)$ { + index pmwiki.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; + } } </pre> @@ -452,12 +434,11 @@ <h2 id="logs">6. Logs</h2> <pre> - $ sudo grep "login" /var/log/nginx/access.log - $ sudo grep "etc/passwd" /var/log/nginx/access.log - $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log + $ sudo grep "login" /var/log/nginx/vhost_access + $ sudo grep "etc/passwd" /var/log/nginx/vhost_access + $ sudo egrep -i "denied|error|warn" /var/log/nginx_error </pre> - <a href="index.html">Tools Index</a> <p>This is part of the Tribu System Documentation. |