Nginx
De MochilaWiki
Revisão de 15h55min de 12 de outubro de 2014 por Banto Palmarino (discussão | contribs) (→arquivos SSI)
instalando Nginx
apt-get install libpcre3-dev libssl-dev build-essential
cd /usr/src
wget -c http://nginx.org/download/nginx-0.8.54.tar.gz
tar zxvf nginx-0.8.54.tar.gz
cd nginx-0.8.54/
./configure --prefix=/usr/local/nginx --user=www-data --group=www-data \
--without-mail_pop3_module --without-mail_imap_module --with-sha1=/usr/lib \
--without-mail_smtp_module --with-http_stub_status_module \
--with-http_ssl_module --http-log-path=/var/log/nginx/access.log \
--conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid \
--with-http_sub_module --with-http_ssl_module --with-http_gzip_static_module \
--with-http_stub_status_module
make
make install
cd /usr/src
wget http://pub.nkosi.org/nginx/iredmail/nginx-init
wget http://pub.nkosi.org/iredmail/nginx-logrotate
wget http://pub.nkosi.org/iredmail/nginx.conf
mkdir /etc/nginx/sites-enabled
mv nginx.conf /etc/nginx/
mv nginx-init /etc/init.d/nginx
mv nginx-logrotate /etc/logrotate.d/nginx
chmod 755 /etc/init.d/nginx
update-rc.d nginx defaults
iniciando serviços
/etc/init.d/nginx start
cgi
para aplicações que ficam em /usr/lib/cgi-bin
apt-get install fcgiwrap
location /cgi-bin/ {
gzip off;
root /usr/lib;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
}
com php - spawn-fcgi
apt-get install php5-cgi
wget http://www.lighttpd.net/download/spawn-fcgi-1.6.3.tar.gz
tar -xf spawn*
cd spawn*
./configure
make
cp src/spawn-fcgi /usr/bin/spawn-fcgi
wget http://pub.nkosi.org/nginx/iredmail/php-fastcgi-bin
wget http://pub.nkosi.org/nginx/iredmail/php-fastcgi-init
mv php-fastcgi-bin /usr/bin/php-fastcgi
mv php-fastcgi-init /etc/init.d/php-fastcgi
echo cgi.fix_pathinfo = 1 >> /etc/php5/cgi/php.ini
chmod a+x /usr/bin/php-fastcgi
chmod 755 /etc/init.d/php-fastcgi
update-rc.d php-fastcgi defaults
/etc/init.d/php-fastcgi start
com perl
apt-get install libfcgi-perl
wget http://pub.nkosi.org/nginx/fastcgi-wrapper.pl-text
wget http://pub.nkosi.org/nginx/perl-fastcgi
mv perl-fastcgi /etc/init.d/
mv fastcgi-wrapper.pl-text /usr/bin/fastcgi-wrapper.pl
chmod a+x /usr/bin/fastcgi-wrapper.pl
chmod 755 /etc/init.d/perl-fastcgi
update-rc.d perl-fastcgi defaults
/etc/init.d/perl-fastcgi start
sintaxe para nginx.conf
em nginx.conf:
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/gif image/jpeg image/png;
gzip_disable "MSIE [1-6].(?!.*SV1)";
gzip_vary on;
include /etc/nginx/sites-enabled/*;
}
vhost simples - em /etc/nginx/sites-enabled/pub.nkosi.net
server {
listen 80;
server_name pub.nkosi.net;
location / {
root /var/www/quijaua.com.br/pub/;
index index.html;
}
}
acrescentando log
access_log /var/log/nginx/quijaua.com.br/pub/access.log;
error_log /var/log/nginx/quijaua.com.br/pub/error.log info;
e para cada domínio cria o respectivo diretório
mkdir -p /var/log/nginx/quijaua.com.br/pub/
Desativa visualização de .htaccess & .htpassword
location ~ /\.ht {
deny all;
}
- SSL em Certifcado SSL e Cacert
rodando php
location / {
root /usr/share/apache2/;
index index.php index.html;
}
location ~ \.php$ {
root /usr/share/apache2/;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/apache2$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
}
redirecionamento
location / {
rewrite ^ https://mail.elegbara.net/webmail permanent;
}
listando itens de um diretório - simples
location / {
root /var/www/pub/;
autoindex on;
autoindex_exact_size on
}
listando itens de um diretório - fancyindex baixe o pacote ngx-fancyindex-0.3 e acrescente em "configure" --add-module=ngx-fancyindex-0.3
location / {
root /var/www/pub/;
fancyindex on;
fancyindex_exact_size off;
}
rodando perl/cgi
location ~ ^/cgi-bin/.*\.pl$ {
gzip off;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_index cgi-bin.php;
fastcgi_param SCRIPT_FILENAME /usr/share/apache2/cgi-bin.php;
fastcgi_param SCRIPT_NAME /cgi-bin/cgi-bin.php;
fastcgi_param X_SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
fastcgi_param X_SCRIPT_NAME $fastcgi_script_name;
}
location ~ \.pl$ {
gzip off;
fastcgi_pass 127.0.0.1:8999;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SCRIPT_NAME awstats.pl;
}
Para deixar publico a pasta /usr/share/doc
location /doc {
root /usr/share;
}
Ou um arquivo no caminho /srv/hatchepsut/nginx-powered.png
location = /nginx-powered.png {
root /srv/hatchepsut;
access_log off;
}
Alias
location ^~ /phppgadmin {
alias /usr/share/phppgadmin/;
}
Reescrita
location /old_stuff/ {
rewrite ^/old_stuff/(.*)$ /new_stuff/$1 permanent;
}
entrada para log
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#permite o acesso para o ip
allow 127.0.0.1;
#nega o acesso para todos
deny all;
#permite listar conteúdo da pasta
autoindex on;
#codificação da página
charset utf-8;
charset on;
#não gera log
access_log off;
#expira em 30 dias
expires 30d;
#restrição por senha - htpasswd
auth_basic "Restricted";
auth_basic_user_file /etc/awstats/webstats.example.com.htpasswd;
client_body_buffer_size 128K;
client_header_buffer_size 128K;
client_max_body_size 1M;
large_client_header_buffers 1 1k;
error_page 404 /404.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~* ^.+\.(css|js)$ {
root /folder/to/static/files;
expires 30d;
}
location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
root /srv/hatchepsut/;
index index.php;
access_log off;
expires 30d;
}
páginas de erro
error_page 404 /index.php;
error_page 403 /403.html;
location ^~ /error_images/ {
root /var/www/static_pages/error_pages;
access_log off;
expires 30d;
}
location = /403.html {
root /var/www/static_pages/error_pages;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497
500 501 502 503 504 505 506 507 /error_page.html;
location /error_page.html {
internal;
userdir
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
autoindex on;
}
definindo um vhost como padrão do servidor - nginx
server {
listen 80 default;
}
tamanho do arquivo para upload nginx+php-fpm
acrescente os valores em /etc/php5/fpm/domain.tld.conf
max_execution_time = 240
upload_max_filesize = 32M
post_max_size = 32M
memory_limit = 32M
o arquivo de configuração do site /etc/nginx/sites-enabled/domain.tld fica
server {
server_name domain.tld www.domain.tld;
root /var/www/project;
index index.html index.php;
client_header_timeout 240;
client_body_timeout 240;
fastcgi_read_timeout 240;
client_max_body_size 32m;
client_body_buffer_size 128k;
location ~ \.php$ {
fastcgi_param PHP_VALUE "upload_max_filesize = 32M \n post_max_size=33M";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php ;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
arquivos SSI
location /reportagens/ {
ssi on;
ssi_last_modified on;
ssi_min_file_chunk 1k;
ssi_silent_errors off;
# ssi_types text/html;
ssi_value_length 256;
root /var/www/reportagens/public_html/;
index 01.shtml ;
location ~ \.shtml$ {
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.shtml;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
proxy
No caso de ter uma aplicação rodando em http://quijaua.net/bantu/galeria ficou assim
ajuste no apache
<VirtualHost *:81>
ServerName galeriainterna.net
DirectoryIndex index.php
DocumentRoot /var/www/html/galeria/public_html/cms/
ErrorLog /var/log/apache2/galeria-error.log
CustomLog /var/log/apache2/galeria-access.log common
</VirtualHost>
altere em 80 para 81 em /etc/apache2/ports.conf
sed 's/80/81/g' /etc/apache2/ports.conf
ajuste no nginx
server {
listen 80;
server_name quijaua.net;
root /var/www/html/galeria/public_html/cms;
index index.php;
access_log /var/log/nginx/galeria.access.log main;
error_log /var/log/nginx/galeria.error.log info;
location /bantu/galeria {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://galeriainterna.net:81;
}
}
