about summary refs log tree commit diff stats
path: root/tools/nginx.html
diff options
context:
space:
mode:
Diffstat (limited to 'tools/nginx.html')
-rw-r--r--tools/nginx.html291
1 files changed, 167 insertions, 124 deletions
diff --git a/tools/nginx.html b/tools/nginx.html
index 8fe632e..0ded2b6 100644
--- a/tools/nginx.html
+++ b/tools/nginx.html
@@ -7,9 +7,9 @@
     <body>
         <a href="index.html">Tools Index</a>
 
-        <h1>1. Nginx</h1>
+        <h1>Nginx</h1>
 
-        <h2 id="install">1.1. Install Nginx</h2>
+        <h2 id="install">1. Install Nginx</h2>
 
         <pre>
         $  prt-get depinst nginx
@@ -21,17 +21,16 @@
         UID=xxxxx-xxx-xxx-xxx-xxxxxxxx  /srv/www                ext4 defaults,nosuid,noexec,nodev,noatime       1 2
         </pre>
 
-        <p>Remove nginx user or group, system defines www user and group;</p>
+        <p>Add user nginx to www group;</p>
 
         <pre>
-        # userdel nginx
-        # groupdel nginx
+        # usermod -a -G www nginx
         </pre>
 
-        <p>Change default home directory of www user;</p>
+        <p>Change default home directory of nginx user;</p>
 
         <pre>
-        # usermod -m -d /srv/www www
+        # usermod -m -d /srv/www nginx
         </pre>
 
         <p>Create configuration directory's for better organization;</p>
@@ -42,44 +41,11 @@
         $ sudo mkdir /etc/nginx/sites
         </pre>
 
-        <h2 id="logs">1.2. Logs</h2>
-
-        <pre>
-        $ sudo grep "login" /var/log/nginx/access.log
-        $ sudo grep "etc/passwd" /var/log/nginx/access.log
-        $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log
-        </pre>
-
-        <h2 id="userdir">1.3. User Directory</h2>
-
-        <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p>
-
-        <pre>
-         location ~ ^/~(.+?)(/.*)?$ {
-            alias /home/$1/public_html$2;
-            index  index.html index.htm;
-            autoindex on;
-         }
-        </pre>
-
-        <p>Directories should have 644 or 664 and
-        files chmod 755 or 775;</p>
-
-        <pre>
-        $ sudo find . -type f -print0 | xargs -0 chmod 644
-        $ sudo find . -type d -print0 | xargs -0 chmod 755
-        </pre>
-
-        <h2 id="certs">1.4. Certificates</h2>
+        <h2 id="certs">2. Certificates</h2>
 
         <p>Certificates allow a more secure connection. Lets create
         self-signed certificate;</p>
 
-        <pre>
-        $ sudo mkdir /etc/nginx/ssl
-        $ sudo cd /etc/nginx/ssl
-        </pre>
-
         <p>Create private key;</p>
 
         <pre>
@@ -108,11 +74,11 @@
         If you enter '.', the field will be left blank.
         -----
         Country Name (2 letter code) [AU]:PT
-        State or Province Name (full name) [Some-State]:Porto
+        State or Province Name (full name) [Some-State]:
         Locality Name (eg, city) []:
         Organization Name (eg, company) [Internet Widgits Pty Ltd]:
         Organizational Unit Name (eg, section) []:
-        Common Name (e.g. server FQDN or YOUR name) []:c13.nark.biz.tm
+        Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net
         Email Address []:
 
         Please enter the following 'extra' attributes
@@ -122,38 +88,54 @@
         $
         </pre>
 
+        <p>Having password is a good idea, but requires it every
+        time nginx is restarted. To remove;</p>
+
+        <pre>
+        $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass
+        $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key
+        </pre>
+
+        <pre>
+        Enter pass phrase for /etc/ssl/keys/nginx.key.pass:
+        writing RSA key
+        </pre>
+
+        <pre>
+        $ sudo chown nginx /etc/ssl/keys/nginx.key*
+        $ sudo chmod 0600 /etc/ssl/keys/nginx.key*
+	# chmod 644 /etc/ssl/certs/exim.cert
+        </pre>
+
         <p>Sign SSL cetificate;</p>
 
         <pre>
-        $ sudo openssl x509 -req -days 365 -in /etc/ssl/certs/nginx.csr -signkey /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.crt
+        $ sudo openssl x509 -req -days 365 \
+            -in /etc/ssl/certs/nginx.csr \
+            -signkey /etc/ssl/keys/nginx.key \
+            -out /etc/ssl/certs/nginx.crt
+        </pre>
+
         Signature ok
-        subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=c13.nark.biz.tm
+        subject=/C=PT/ST=Some-State/O=Internet Widgits Pty Ltd/CN=core.privat-network.net
         Getting Private key
         Enter pass phrase for /etc/ssl/keys/nginx.key:
-        $
         </pre>
 
-        <h3>Remove Password</h3>
-
-        <p>Having password is a good idea, but requires it every
-        time nginx is restarted. To remove;</p>
-
         <pre>
-        $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.org
-        $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.org -out /etc/ssl/keys/nginx.key
-        Enter pass phrase for /etc/ssl/keys/nginx.key.org:
-        writing RSA key
-        $
+        $ sudo chown nginx:nginx /etc/ssl/keys/nginx.key*
+        $ sudo chmod 0600 /etc/ssl/keys/nginx.key*
+	$ sudo chmod 644 /etc/ssl/certs/nginx.cert
         </pre>
 
-        <h2 id="nginxconf">1.5. Nginx Configuration</h2>
+        <h2 id="nginxconf">3. Nginx Configuration</h2>
 
-        <p><a href="http://wiki.nginx.org/Pitfalls">READ NGINX PITFALLS</a>,
+        <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>,
         for more information about optimization
         <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>,
 
         <p>Number of worker_processes must be equal or less than
-        the number of available cpu cores</p>
+       the number of available cpu cores. This is set to auto.</p>
 
         <pre>
         $ nproc
@@ -168,36 +150,30 @@
         1024
         </pre>
 
-        <p>Example of http block with ssl configured;</p>
+       <p>Example of http block with ssl configured;</p>
 
         <pre>
         #
-        # /etc/nginx/nginx.conf
+        # /etc/nginx/nginx.conf - nginx server configuration
         #
 
-        user www;
-        worker_processes  2;
 
-        error_log  /var/log/nginx/error.log  info;
+        user nginx;
+        worker_processes auto;
+
+        error_log /var/log/nginx/error.log;
+
+        pid /var/run/nginx.pid;
+
 
         events {
             worker_connections  1024;
         }
 
-        http {
-
-            include             /etc/nginx/mime.types;
-            default_type	application/octet-stream;
-
-            sendfile        on;
-            #tcp_nopush     on;
 
-            #keepalive_timeout 620;
-            keepalive_timeout  65;
-            client_body_timeout 12;
-            client_header_timeout 12;
-            # send_timeout 620;
-            send_timeout 65;
+        http {
+            include       mime.types;
+            default_type  application/octet-stream;
 
             ##
             # SSL Settings
@@ -209,25 +185,25 @@
             ssl_certificate /etc/ssl/certs/nginx.crt;
             ssl_certificate_key /etc/ssl/keys/nginx.key;
 
-            ##
-            # Logging Settings
-            ##
             #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
             #                  '$status $body_bytes_sent "$http_referer" '
             #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
-            access_log		/var/log/nginx/access.log  combined;
-            error_log		/var/log/nginx/error.log;
+            access_log /var/log/nginx/access.log;
+            error_log  /var/log/nginx/error.log;
 
-            ##
-            # Gzip Settings
-            ##
+            sendfile        on;
+            #tcp_nopush     on;
 
-            gzip on;
-            gzip_disable "msie6";
+            keepalive_timeout  65;
+            client_body_timeout 12;
+            client_header_timeout 12;
+            send_timeout 65;
 
+
+            gzip  on;
             gzip_vary on;
-            gzip_proxied any;
+            #gzip_proxied any;
             gzip_comp_level 9;
             # gzip_buffers 16 8k;
             # gzip_http_version 1.1;
@@ -245,83 +221,150 @@
 
             include /etc/nginx/conf.d/*.conf;
             include /etc/nginx/sites-enabled/*.conf;
+
         }
-        # End of file        </pre>
+        # End of file
+        </pre>
+
 
+        <h2 id="server">4. Server with PHP</h2>
+        <p>To debug configurations check logs and;</p>
 
-        <h2 id="server">1.6. Server with PHP</h2>
+        <pre>
+        nginx -V
+        </pre>
 
-        check <a href "../conf/etc/nginx/">configuration directory</a>
-        for more examples. Install php and composer that is required
-        by Laravel;</p>
+        <h3>4.1. Setup PHP</h3>
 
-        <h3>1.6.1. Setup PHP</h3>
+        <p> Install php and setup php.ini as development mode;</p>
 
         <pre>
-        $ prt-get depinst php php-fpm php-gd php-pdo-pgsql composer
+        $ sudo prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql
         </pre>
 
         <p>Setup php ini in development mode;<p/>
 
         <pre>
-        $ sudo cp /etc/php/php.ini-development php.ini
+        $ sudo cp /etc/php/php.ini-development /etc/php/php.ini
+        </pre>
+
+        <pre>
         $ php --ini
         Configuration File (php.ini) Path: /etc/php
         Loaded Configuration File:         /etc/php/php.ini
         Scan for additional .ini files in: /etc/php/conf.d
         Additional .ini files parsed:      /etc/php/conf.d/extensions.ini,
         /etc/php/conf.d/pdo_pgsql.ini
-
-        $
         </pre>
 
-        <h3>1.6.2. Setup Virtual Host</h3>
+        <h3>4.2. Setup Virtual Host</h3>
+
+        <p>Server (virtual host) with pmwiki and flyspray, check
+        <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a>
+        for more examples. Install pmwiki and flyspray;</p>
+
+        <pre>
+        $ sudo prt-get depinst pmwiki flyspray
+        </pre>
 
-        <p>Server (virtual host) with Laravel,
-                /etc/nginx/sites/<a href="../conf/etc/nginx/sites/laravel.conf">laravel.conf</a>;</p>
+        <p> This server is configured in a way that
+        root serves pmwiki and /tasks serves flyspray. In order to
+        flyspray to link correctly change index is needed;</p>
 
         <pre>
         server {
             listen 443 ssl;
-            listen [::]:443 ssl;
+            # listen [::]:443 ssl;
 
-            root /srv/www/atom/public;
-            server_name c13.nark.biz.tm;
-            index index.html index.htm index.php;
+            server_name c9.core;
 
-            charset utf-8;
+            root /srv/www/default;
 
-            location / {
-                try_files $uri $uri/ /index.php$is_args$args;
+            location /distfiles {
+                alias /usr/ports/distfiles;
             }
 
-            location = /favicon.ico { access_log off; log_not_found off; }
-            location = /robots.txt  { access_log off; log_not_found off; }
-
-            access_log off;
-            error_log  /var/log/nginx/c13-nark-biz-tm-error.log error;
 
-            sendfile off;
+            location /tasks {
+                index index.php;
+                alias /srv/www/default/flyspray;
+                try_files $uri $uri/ index.php$is_args$args;
+            }
 
-            client_max_body_size 100m;
+            location ~  ^/tasks(.+\.php)$ {
+                alias /srv/www/default/flyspray;
 
-            location ~ \.php$ {
                 fastcgi_split_path_info ^(.+\.php)(/.+)$;
-                fastcgi_pass 127.0.0.1:9000;
                 fastcgi_index index.php;
-                include fastcgi_params;
-                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-                fastcgi_intercept_errors off;
-                fastcgi_buffer_size 16k;
-                fastcgi_buffers 4 16k;
+                try_files $uri /index.php =404;
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root$1;
+                # fastcgi_pass unix:/var/run/php5-fpm.sock;
+                fastcgi_pass 127.0.0.1:9000;
             }
 
-            location ~ /\.ht {
-                deny all;
+            location / {
+                alias /srv/www/default/pmwiki/;
+                index pmwiki.php
+                try_files $uri $uri/ /pmwiki.php$is_args$args;
+            }
+
+            location ~ \.php$ {
+                alias /srv/www/default/pmwiki;
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                fastcgi_index pmwiki.php;
+                try_files $uri /pmwiki.php =404;
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                # fastcgi_pass unix:/var/run/php5-fpm.sock;
+                fastcgi_pass 127.0.0.1:9000;
             }
         }
         </pre>
 
+        <p>Change /srv/www/default/flyspray/index.php to;</p>
+
+        <pre>
+        &lt?php
+        /*
+           This is the main script that everything else is included
+           in.  Mostly what it does is check the user permissions
+           to see what they have access to.
+        */
+        define('IN_FS', true);
+        $_SERVER['SCRIPT_NAME'] = "/bug/index.php";
+        require_once(dirname(__FILE__).'/header.php');
+        </pre>
+
+        <h2 id="userdir">5. User Directory</h2>
+
+        <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p>
+
+        <pre>
+         location ~ ^/~(.+?)(/.*)?$ {
+            alias /home/$1/public_html$2;
+            index  index.html index.htm;
+            autoindex on;
+         }
+        </pre>
+
+        <p>Directories should have 644 or 664 and
+        files chmod 755 or 775;</p>
+
+        <pre>
+        $ sudo find . -type f -print0 | xargs -0 chmod 644
+        $ sudo find . -type d -print0 | xargs -0 chmod 755
+        </pre>
+
+        <h2 id="logs">6. Logs</h2>
+
+        <pre>
+        $ sudo grep "login" /var/log/nginx/access.log
+        $ sudo grep "etc/passwd" /var/log/nginx/access.log
+        $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log
+        </pre>
+
+
         <a href="index.html">Tools Index</a>
 
         <p>This is part of the c9-doc Manual.