[Howto] nginx setup w/ clean URLs

Find How to do something.

[Howto] nginx setup w/ clean URLs

Postby Jiff » Tue Jul 03, 2012 7:53 am

This configuration may not be perfect, so feel free to add what you think its missing :P
The second file is just a Linux script to make sure all permissions are set right; you must also remember to change the owner and group for all files and directories (included ..../razorcms/ or whatever name you use) with: chmod -R www-data:www-data /var/www/razorcms (for Debian).

2012-07-09:
1)- I stripped the "internal" block because it brings too much trouble (especially w/ the contact page).
2)- IF you do like me: have a dyndns domain pointing home and 2 officials domains pointing to the dyndns domain name AND you set your own DNS to return the LAN server IP address for the 2 domains, you might get mad when you see that you can access the admin page from you 2 domain names - This is NORMAL => Don't test LAN to LAN, use an anonymizer!

2012-07-10:
1)- Watch it!
2)- I'm using official domain names and, as I've got a dynamic IP address, add a CNAME in my registrar's admin page toward my DynDNS domain - This can lead to the /admin pages available to tne Internet!
3)- The solution I found is to have *all* domain names into the server server_name directive, that is:
server {
......
server_name myDomain1 myDomain2 myDynDNSdomain;
......
}
4)- NB: At this time I don't know why and I've got no time to investigate this issue, so if you have a real clue, feel free to comment and explain it.


Code: Select all
# 2012-06-25: RazorCMS nginx configuration file
#             by Jean-Yves F. Barbier lazyvirus>at}gmx]com{

##############################################################################

# As my server is at home, I don't need to use HTTPS:
# I redirect the admin pages directly to localhost.
# However, it is easy to use HTTPS for redirection, and there's
# a very good example in the nginx DowkuWiki configuration page:
# http://wiki.nginx.org/Dokuwiki.

# NB: To get the (niiice) php5-fpm Debian squeeze package,
#     just add these 2 lines in /etc/apt/sources.lists:
#           deb http://packages.dotdeb.org stable all
#           deb-src http://packages.dotdeb.org stable all

# NB: Works in the 3 proposed modes of SEF URL: normal, standard
#     and advanced:)
#     However, on my old machines it seems that SEF URL standard
#     mode is slightly faster than the advanced mode (and there's
#     no visual difference for URLs in the browser).
 
# Don't forget to change file permissions to 600 & dirs to 700.

############################################################   "LOCALHOST:80"

# Admin pages are all redirected here

server {
    listen              80;
    server_name         localhost;
    root                /var/www/razorcms;
    index               index.php;

    access_log          /var/log/nginx/razorcms.localhost.access.log;
    error_log           /var/log/nginx/razorcms.localhost.error.log;

    # ------------------------------------------------------------------------

    location / {
        try_files           $uri     $uri/    /index.php?slab=$uri&$args;
    }

    location ~ \.php$ {
        include             fastcgi_params;
        fastcgi_index       index.php;
        fastcgi_param       SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_pass        unix:/var/run/php5-fpm.socket;
    }

    location ~* \.(jpg|png|ico|js|css|gif)$ {
        expires     30d;
    }
}

#############################################################   "MYSERVER.ORG"

# HTTP

server {
    listen              80;
    server_name         myserver.org;
    root                /var/www/razorcms;
    index               index.php;

    access_log          /var/log/nginx/razorcms.myserver.org.access.log;
    error_log           /var/log/nginx/razorcms.myserver.org.error.log;

    # ------------------------------------------------------------------------

    # Redirect ONLY IF the svr doesn't point to the site root (eg: /var/www)
    #location  =  / {
    #    error_page  403  =  http://$host/razorcms;
    #}

    # Reroute any query toward /admin to localhost for security
    location /admin {
        rewrite    ^(/admin/.*)     http://localhost$1    permanent;
    }

    location / {
        try_files                   $uri    $uri/    /index.php?slab=$uri&$args;
    }

    location  ~  \.php$ {
        include                     fastcgi_params;
        fastcgi_index               index.php;
        fastcgi_param               SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_pass                unix:/var/run/php5-fpm.socket;
    }

    # DON'T add htm files, SEF URL redirection wouldn't work anymore!
    location  ~*  \.(jpg|png|ico|js|css|gif)$ {
        expires                     30d;
    }

    # sitemap.xml isn't created by RazorCMS but can be manually added
    # by submitting your site URL to sites like: http://www.xml-sitemaps.com/
    location  =  /sitemap.xml {
        allow                       all;
        access_log                  off;
        log_not_found               off;
    }

    # robots.txt  isn't created by RazorCMS but can be manually added
    # (although, I don't see any advantage except giving the sensitive dir
    # paths to an eventual striker).
    location  =  /robots.txt {
        allow                       all;
        access_log                  off;
        log_not_found               off;
    }

    # Prevents hidden files (beginning wit a '.') from being served
    location  ~*  /\. {
        return                      444;
    }

    # Forbid some file extensions to be retrieved
    location  ~*  \.(bat|as|txt|zip|html|sh)$ {
        return                      444;
    }
}

##############################################################################   EOF

 

Code: Select all
#!/bin/sh

# Secure a web directory and its
# files by lowering their rights

# COPY THIS SCRIPT *IN* THE WANTED DIR!

# Files
find -type f -print0 | xargs -0 chmod 600

# Dirs
find -type d -print0 | xargs -0 chmod 700

# Make sure /var/www/razorcms has the right owner & group
# NOTE: Change the dir &| path according to your own conf!
chmod -R www-data:www-data ../razorcms

Jiff
 
Posts: 15
Joined: Mon Jun 25, 2012 10:48 pm

Return to How-To's

Who is online

Users browsing this forum: No registered users and 1 guest

cron