System Administrator's Guide/Installing Mahara/Apache//nginx: Difference between revisions
From Mahara Wiki
< System Administrator's Guide | Installing Mahara
(Created page with "= Apache and nginx forced https = The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as …") |
No edit summary |
||
(2 intermediate revisions by one other user not shown) | |||
Line 52: | Line 52: | ||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> | ||
Add the following to /etc/apache2/ports.conf | |||
<pre> | |||
NameVirtualHost *:8080 | |||
Listen 8080 | |||
</pre> | |||
== Nginx configuration == | == Nginx configuration == | ||
Line 89: | Line 97: | ||
} | } | ||
</pre> | </pre> | ||
You will need to set up the /var/log/nginx/example/ directory (or equivalent) for the logs, if it doesn't already exist, before nginx will load. | |||
=== Setting up the ssl === | === Setting up the ssl === | ||
Line 118: | Line 128: | ||
== The modapache include for nginx == | == The modapache include for nginx == | ||
You don't need to put this in a separate file, but it's advisable | You don't need to put this in a separate file, but it's advisable (makes it reusable across more than one domain) | ||
Create a new file at /etc/nginx/modapache.conf with the following contents: | Create a new file at /etc/nginx/modapache.conf with the following contents: |
Latest revision as of 15:20, 8 September 2011
Apache and nginx forced https
The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as an ssl proxy.
Nginx can be installed with apt-get install nginx or whatever is applicable for your server.
Apache configuration
/etc/apache2/sites-available/default
<VirtualHost *:8080> ServerAdmin webmaster@localhost DocumentRoot /path/to/mahara/htdocs <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /path/to/mahara/htdocs/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
Add the following to /etc/apache2/ports.conf
NameVirtualHost *:8080 Listen 8080
Nginx configuration
If this is the only domain that will be served from this server, it's probably ok to use /etc/nginx/sites-available/default otherwise substitute "default" for your domain's identifier.
server { listen 443; server_name example.com www.example.com ; server_name_in_redirect on; # Note: single domain setups obviously need only one listen directive # and one single domain declaration in server_name # ssl setup ssl on; ssl_certificate /etc/nginx/conf/server.crt; ssl_certificate_key /etc/nginx/conf/server.key; add_header Front-End-Https on; # logging access_log /var/log/nginx/example/access.log; error_log /var/log/nginx/example/error.log debug; # enable for debugging purpose # error_log /var/log/nginx/example/error.log debug; location / { root /path/to/mahara/htdocs; index index.html index.php; } include /etc/nginx/apachemod.conf; }
You will need to set up the /var/log/nginx/example/ directory (or equivalent) for the logs, if it doesn't already exist, before nginx will load.
Setting up the ssl
(These instructions taken from the nginx docs)
First change directory to where you want to create the certificate and private key, for example:
$ mkdir /usr/local/nginx/conf $ cd /usr/local/nginx/conf
Now create the server private key, you'll be asked for a passphrase:
$ openssl genrsa -des3 -out server.key 1024
Create the Certificate Signing Request (CSR):
$ openssl req -new -key server.key -out server.csr
Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key
Finally sign the certificate using the above private key and CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The modapache include for nginx
You don't need to put this in a separate file, but it's advisable (makes it reusable across more than one domain)
Create a new file at /etc/nginx/modapache.conf with the following contents:
location ~ .*\\.(php)$ { proxy_pass http://localhost:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; }