1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NGINX

Discussion in 'Server Configuration and Hosting' started by Tracy Perry, Mar 17, 2013.

  1. Tracy Perry

    Tracy Perry Well-Known Member

    Anybody nice enough to post a sample site enabled file. I've tried setting it up for port 8080, but I think my iptables may be blocking it (even tho' I have it set to pass that port through I thought). It looks like you define the ports in the site files, and not in nginx config file, but the reset is a little much to wrap my head around quickly. :eek:
     
  2. MattW

    MattW Well-Known Member

    This is one of my site config files:

    Code:
    server {
      server_name dev.z22se.com www.dev.z22se.com;
     
      # limit_conn limit_per_ip 16;
      # ssi  on;
     
      access_log /home/nginx/domains/dev.z22se.com/log/access.log combined buffer=32k;
      error_log /home/nginx/domains/dev.z22se.com/log/error.log;
     
      root /home/nginx/domains/dev.z22se.com/public;
     
      location / {
     
      # Enables directory listings when index file not found
      #autoindex  on;
     
      # Shows file listing times as local time
      #autoindex_localtime on;
     
      # Enable for vBulletin usage WITHOUT vbSEO installed
      #try_files            / /index.php;
     
      }
     
      location /xenforo/ {
          index index.php index.html index.htm;
          try_files $uri $uri/ /xenforo/index.php?$uri&$args;
      }
     
      location ~ ^/xenforo/(internal_data|library)/ {
      internal;
      allow 127.0.0.1;
      deny all;
      }
     
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
    }
     
    Goblom and SneakyDave like this.
  3. Tracy Perry

    Tracy Perry Well-Known Member

    Thanks!

    I'm assuming since it doesn't have the
    listen 80;
    listen [::]:80 iptables -A INPUT -p icmp -j ACCEPT0 default_server;

    In it it knows to listen in on port 80 by default?
     
  4. Tracy Perry

    Tracy Perry Well-Known Member

    Played with it some, but keep getting a 403 error, and I KNOW that the permissions are right as I just went through a boondoggle when I was not able to change avatars. I guess I can play with it late at night when it will minimally impact the system. I need to do more research on how to make sure php is enabled (I noticed the reference to a php.conf in your example).
     
  5. Ghan_04

    Ghan_04 Active Member

    If you're using php-fpm, make sure PHP is running as the same user as nginx and that that user can access the necessary files.
     
  6. Tracy Perry

    Tracy Perry Well-Known Member

    It should be, since it's on the default Debian install. I at least got it now so that the default page kicks in. I'm going to play with it more on my home server as I don't want to be pulling the production site down.
     
  7. shawn

    shawn Well-Known Member

    Do you have multiple IP addresses available on the production server? Just bind nginx to :80 on a different IP.
     
  8. Tracy Perry

    Tracy Perry Well-Known Member

    Nope... just one IP for now. I may go ahead and do that, since it's only like $1.50 a month for an additional IP. Right now I'm just learning the VPS scene, and I'm not sure if an additional IP will show as an additional eth port, if so, I got to play with iptables some more (know they have to define for eth0 or eth1). Extra level of complexity that really not ready for yet.:confused:
     
  9. D.O.A.

    D.O.A. Well-Known Member

    Here's a basic vhosts config I start with, using php-fpm, you define ports in it too.
    I don't see anything pointing to php in above config besides includes files.
    All you need to change is server name, rewrite url, log & root location for starters.
    PHP:
     server {
        
    #port
        
    listen  80;
        
    server_name www.forum.website.com;
        
    # rewrite www, try to keep your internal linking consistent.
        
    rewrite http://forum.website.com$request_uri? permanent;
        
    error_log /var/log/nginx/website.log warn;
        
    root /home/srv/www/website.com/public_html/forum;
        
    #end changes needed to begin
     
        
    location / {
                
    #This sends everything through index.php and keeps the appended query string intact.
                
    try_files $uri $uri/ /index.php?$uri&$args;
                
    index index.html index.htm index.php;
     
        
    #gzip it, gzip it good
          
    gzip                    on;
          
    gzip_http_version      1.1;
          
    gzip_vary              on;
          
    gzip_min_length        1100;
          
    gzip_buffers            64 8k;
          
    gzip_comp_level        2;
          
    gzip_proxied            any;
          
    gzip_types              text/plain text/css application/x-javascript text/xml application/xml;
          
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
          }
     
          
    # use fastcgi for all php files
            
    location ~ \.php$ {
            
    # Zero-day exploit defense.
            # http://forum.nginx.org/read.php?2,88845,page=3
            
    try_files $uri /index.php =404;
            
    fastcgi_pass 127.0.0.1:9000;
            
    fastcgi_index index.php;
            
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include 
    fastcgi_params;
            }
     
            
    #add some expires
            
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            
    expires 1y;
            
    log_not_found off;
            }
     
            
    #protect the innocent
            
    location ~ ^/community/(internal_data|library)/(.*)$ {
            
    internal;
            }
     
            
    # deny access to apache .htaccess files
            
    location ~ /\.ht
            
    {
            
    deny all;
        }
    }
     
    I am David and Tracy Perry like this.
  10. Tracy Perry

    Tracy Perry Well-Known Member


    THANKS!!!!

    this got one domain up and running on nginx now!

    All I have to do is get the rewrites to work (reroute ride-texas.org to twowheeldemon and the www. extensions) as the example gives me an error of to many redirects.
    Then I have to get my subdomain for munin set up as well as an alias for phpmyadmin. It is much easier in Apache2 (since I'm used to that - this is a whole new ball game).

    When I set up (using the example) individual vhosts in my sites enabled it keeps directing me to the wrong one.

    Anyone can point me to why I'm getting
    Code:
    FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined index: fbrefresh in /var/www/twowheel/index.php on line 3
    in the error log? I know it has to do with the facebook refresh in the index.php file.

    Think I fixed this myself... the index.php has the following code on line 3
    Code:
    if($_GET['fbrefresh']){
    I replaced it with
    Code:
    if(isset($_GET['fbrefresh'])){
    Anybody know if this will negatively effect it?
     
  11. I am David

    I am David Member

    Outstanding release, thank you so much. Finally was able to tweak the dang rewrite
     
  12. Tracy Perry

    Tracy Perry Well-Known Member

    OK, time for another nginx question. How do you password protect a single file (like the admin.php). Was easy to do in .htaccess, but no matter what I try in my vhosts configuration I can't get it to work (and I HAVE gotten it to work for an aliased directory - so am somewhat familiar with the process).
     
    Puntocom likes this.
  13. Ghan_04

    Ghan_04 Active Member

    Have you tried defining a location for the file and adding the necessary directives there?
    Something like this:

    location /admindir/admin.php {
    auth_basic "Restricted";
    auth_basic_user_file htpasswd;
    }

    I haven't tested it, but I think that's how it should work.
     
    D.O.A. likes this.
  14. D.O.A.

    D.O.A. Well-Known Member

  15. D.O.A.

    D.O.A. Well-Known Member

    The redirect I provide only directs www.domain.com to http://domain.com, google don't like duplicate content so having one URL to rule them all makes sense. I got rid of www from URL's basically.
    http://support.google.com/webmasters/bin/answer.py?hl=en&answer=66359

    Code:
     server {
        listen 80;
        server_name domain1.com www.domain1.com;
        rewrite ^ $scheme://www.domain2.com$request_uri permanent;
        # or
        # rewrite ^ $scheme://www.domain2.com ;
      }
    the above will redirect domain1.com to domain2.com

    maybe.. http://xenforo.com/community/threads/facebook-sdk-updates-for-xenforo.44383/
    if it's just a php notice I'd tone down the error log, revert your changes and pretty much put it on ignore
     
  16. Tracy Perry

    Tracy Perry Well-Known Member

    That's what I thought also... but on my system it doesn't.
    Also playing with the redirects right now give me loops - but I know that's going to be something on my system setup. I run 4 domains from the VPS (with a definition for each one) and when I try the redirects it either loops or goes to another domain. It really doesn't matter to me about the www prefix, and the only thing I really want to redirect is the ride-texas.org to the new domain. At least the main part is working - I can tweak the other as I go along. :p
     
  17. Tracy Perry

    Tracy Perry Well-Known Member

    Does this code look OK to do a strip of the www.twowheeldemon.com and redirect to twowheeldemon.com.

    Code:
    set $nowww twowheeldemon.com;
    if ($http_host != $nowww) {
        rewrite  ^(.*)$  http://$nowww$1 permanent;
    }
    It's working, but I don't know for sure that it would be the right way to do it (as the other example given above gives to many redirects). I have 3 domains hosted on the server and if I do it any other way the www.twowheeldemon.com ends up falling through to one of the other domains.
     
  18. Dan Cryer

    Dan Cryer Active Member

    Using if() in nginx is discouraged, you'd be better to use a separate server {} declaration, like so:

    Code:
    server {
        listen 80;
        server_name www.twowheeldemon.com;
        return 301 http://twowheeldemon.com$uri;
    }
    That'll accept requests to www.twowheeldemon.com/* and redirect them to twowheeldemon.com/*
     
    D.O.A. and Tracy Perry like this.
  19. Tracy Perry

    Tracy Perry Well-Known Member

    Thanks! That solves a bunch of problems. Have to get used to the way nginx does stuff compared to Apache2. Right now I just have a separate vhost with the above defined in it as I'm not sure where it would go in my main twowheel definition (still not used to listing multiple servers in one setup. Guess I'll play with that some more.
    And now figured out if I put that at the top of the main vhost configuration it defaults to redirecting to the correct one... all problems solved for now!
     
    D.O.A. and I am David like this.
  20. Puntocom

    Puntocom Well-Known Member

    Please could you share the nginx code to password-protect admin.php ? I have read several tutorials but I can't make it work.
    Code:
            location /admin\.php$ {
                    auth_basic            "Restricted";
                    auth_basic_user_file  /some/directory/htpasswd;
            }
    
     

Share This Page