diff options
Diffstat (limited to 'tools/nginx.html')
| -rw-r--r-- | tools/nginx.html | 256 |
1 files changed, 121 insertions, 135 deletions
diff --git a/tools/nginx.html b/tools/nginx.html index 2bddaf3..937be15 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -155,9 +155,7 @@ <h2 id="nginxconf">3. Nginx Configuration</h2> - <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>, - for more information about optimization - <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>, + <p>This is the "main" nginx configuration not the servers, the way this configuration is setup nginx will load virtual servers configuration files with extension .conf from /etc/nginx/sites-enabled/.</p> <p>Number of worker_processes must be equal or less than the number of available cpu cores. This is set to auto.</p> @@ -186,11 +184,10 @@ user www; worker_processes auto; - error_log /var/log/nginx/error.log; + error_log syslog:server=unix:/dev/log debug; pid /var/run/nginx.pid; - events { worker_connections 1024; } @@ -199,9 +196,9 @@ include mime.types; default_type application/octet-stream; - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; #tcp_nopush on; @@ -216,13 +213,8 @@ #client_header_timeout 12; client_header_timeout 24; - #client_max_body_size 10000M; - #keepalive_timeout 10000; - #client_body_timeout 10000; - #client_header_timeout 10000; send_timeout 65; - gzip on; gzip_vary on; #gzip_proxied any; @@ -234,14 +226,19 @@ include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; - } # End of file </pre> - <h2 id="server">4. Server with PHP</h2> - <p>To debug configurations check logs and;</p> + <h2 id="server">4. Virtual servers</h2> + + <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a> and + <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">configuration optimization</a>.<p> + + <p>This setup uses default virtual server as a proxy, this allows to have a clean configuration file and delegate application specific settings to other servers. Other virtual servers can run on same machine or other machines, allowing greater compartmentalization.</p> + + <p>When testing or debugging configurations is useful to run nginx with following option;</p> <pre> nginx -V @@ -270,31 +267,27 @@ /etc/php/conf.d/pdo_pgsql.ini </pre> - <h3 id="virtual-host">4.2. Setup Virtual Host</h3> - - <p>Server (virtual host) with pmwiki and flyspray, check - <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> - for more examples. Install pmwiki and flyspray;</p> + <h3 id="default-server">4.2. Setup default server</h3> - <pre> - $ sudo prt-get depinst pmwiki flyspray - </pre> - - <p> This server is configured in a way that - root serves pmwiki and /tasks serves flyspray. In order to - flyspray to link correctly change index is needed. Create /etc/nginx/sites-enabled/machine.example.org.conf;</p> + <p>Default server that acts as a proxy except for /doc, with ssl certificates (serves port 443 and 80). Each location is proxy ed to correspondent virtual server.</p> <pre> server { + #if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) { + # return 410; + #} + server_name tribu.semdestino.org; + listen 80 default_server; + listen 443 ssl default_server; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug; - listen 443 ssl; - listen 80; - server_name machine.example.org; + root /etc/nginx/html/; - # listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/machine.example.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/machine.example.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/machine.example.org/chain.pem; + ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; @@ -306,129 +299,123 @@ ssl_stapling on; ssl_stapling_verify on; - access_log /var/log/nginx/example_access.log; - error_log /var/log/nginx/example_error.log; + #proxy_redirect off; + #proxy_set_header Host $http_host; + #proxy_set_header X-Forwarded-Host $http_host; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - root /srv/www/; - - location /mirror { - #alias /usr/ports/releases; - proxy_pass http://10.0.0.3:80/; + location /doc { + alias /srv/www/doc; + index index.html; + autoindex on; } - location /builder { - rewrite ^/blog(.*) /$1 break; - proxy_pass http://10.0.0.3:80; + location /mirror { + proxy_pass http://ports.ank; + } + + location /pub { + proxy_pass http://wiki.server.ank:8080; + } + location ^~ /.well-known { + # ACME challenge + proxy_pass http://wiki.server.ank; + } + location /wiki { + proxy_pass http://wiki.server.ank:8080; + } + + location /git { + proxy_pass http://git.server.ank:8080; + } + + location /forum/ { + proxy_pass http://forum.server.ank:8080/; + } + + location /task { + proxy_pass http://task.server.ank:8080; + } + + location /shop { + proxy_pass http://shop.server.ank:8080; + } + + location /vexim/ { + proxy_pass http://vexim.server.ank:8080/; + } + + location /email { + proxy_pass http://email.server.ank:8080; + } + + location /awstats { + proxy_pass http://awstats.server.ank:8080; + } + + location /stats { + proxy_pass http://stats.server.ank:8080; + } + + location / { + proxy_pass http://frontpage.server.ank:8080/; } + } + </pre> - location /doc { - alias /srv/www/doc; - index index.html; - } + <h3 id="virtual-server">4.3. Setup virtual server</h3> - location /git/static { - # static files (png/css) served from /usr/share/gitweb/static - alias /srv/www/gitweb/static; - } + <p>Example of pmwiki virtual server, check <a href="conf/etc/nginx/sites-enabled/">/etc/nginx/sites-enabled</a> for the rest of examples mentioned <a href="#default-server">default server</a>. If wiki server is running on same machine add following to /etc/hosts;</p> - location /git { - alias /srv/www/gitweb; - index gitweb.cgi; - fastcgi_split_path_info ^/git()(/?.+)$; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; - fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; + <pre> + 127.0.0.1 wiki.c2.ank + </pre> - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.sock; - } + <p>Edit /etc/nginx/sites-enabled/wiki.c2.ank.conf;</p> - location /chat { - index index.php; - alias /srv/www/chat; - try_files $uri $uri/ index.php$is_args$args; - } + <pre> + server { + listen 8080; + server_name wiki.server.ank; - location ~ ^/chat(.+\.php)$ { ### This location block was the solution - alias /srv/www/chat; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - try_files $uri /index.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; - # fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; - } + access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu_err,nohostname debug; + root /srv/www/; - location /task { - index index.php; - alias /srv/www/flyspray; - try_files $uri $uri/ index.php$is_args$args; + location /pub { + alias /srv/www/wiki/pub; } - - location ~ ^/task(.+\.php)$ { ### This location block was the solution - alias /srv/www/flyspray; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - try_files $uri /index.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; - # fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + # ACME challenge + location ^~ /.well-known { + allow all; + alias /srv/www/wiki/pub/cert/.well-known/; + default_type "text/plain"; + try_files $uri =404; } - location /pub { - alias /srv/www/pmwiki/pub; + location @pmwiki { + rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1; } + location /wiki { - alias /srv/www/pmwiki/; index pmwiki.php; - try_files $uri $uri/ /pmwiki.php$is_args$args; + try_files $uri $uri/ @pmwiki; } - location ~ ^/wiki(.+\.php)$ { - alias /srv/www/pmwiki; + + location ~ ^\/wiki(.+\.php)$ { index pmwiki.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index pmwiki.php; try_files $uri /pmwiki.php =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_pass 127.0.0.1:9000; } - - # ACME challenge - location ^~ /.well-known { - allow all; - alias /srv/www/pmwiki/pub/cert/.well-known/; - default_type "text/plain"; - try_files $uri =404; - } - - location / { - alias /srv/www/frontpage/; - index index.html; - try_files $uri $uri/ /index.html$is_args$args; - } - } </pre> - <p>Change /srv/www/default/flyspray/index.php to;</p> - - <pre> - <?php - /* - This is the main script that everything else is included - in. Mostly what it does is check the user permissions - to see what they have access to. - */ - define('IN_FS', true); - $_SERVER['SCRIPT_NAME'] = "/bug/index.php"; - require_once(dirname(__FILE__).'/header.php'); - </pre> - <h2 id="userdir">5. User Directory</h2> <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> @@ -452,17 +439,16 @@ <h2 id="logs">6. Logs</h2> <pre> - $ sudo grep "login" /var/log/nginx/access.log - $ sudo grep "etc/passwd" /var/log/nginx/access.log - $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log + $ sudo grep "login" /var/log/nginx/vhost_access + $ sudo grep "etc/passwd" /var/log/nginx/vhost_access + $ sudo egrep -i "denied|error|warn" /var/log/nginx_error </pre> - <a href="index.html">Tools Index</a> - <p>This is part of the Hive System Documentation. - Copyright (C) 2018 - Hive Team. + <p>This is part of the Tribu System Documentation. + Copyright (C) 2020 + Tribu Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> </body> |