System Administrator's Guide/Installing Mahara/Apache//nginx: Difference between revisions
From Mahara Wiki
< System Administrator's Guide | Installing Mahara
(Created page with "= Apache and nginx forced https = The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as …") |
|||
Line 118: | Line 118: | ||
== The modapache include for nginx == | == The modapache include for nginx == | ||
You don't need to put this in a separate file, but it's advisable | You don't need to put this in a separate file, but it's advisable (makes it reusable across more than one domain) | ||
Create a new file at /etc/nginx/modapache.conf with the following contents: | Create a new file at /etc/nginx/modapache.conf with the following contents: |
Revision as of 12:27, 2 September 2011
Apache and nginx forced https
The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as an ssl proxy.
Nginx can be installed with apt-get install nginx or whatever is applicable for your server.
Apache configuration
/etc/apache2/sites-available/default
<VirtualHost *:8080> ServerAdmin webmaster@localhost DocumentRoot /path/to/mahara/htdocs <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /path/to/mahara/htdocs/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
Nginx configuration
If this is the only domain that will be served from this server, it's probably ok to use /etc/nginx/sites-available/default otherwise substitute "default" for your domain's identifier.
server { listen 443; server_name example.com www.example.com ; server_name_in_redirect on; # Note: single domain setups obviously need only one listen directive # and one single domain declaration in server_name # ssl setup ssl on; ssl_certificate /etc/nginx/conf/server.crt; ssl_certificate_key /etc/nginx/conf/server.key; add_header Front-End-Https on; # logging access_log /var/log/nginx/example/access.log; error_log /var/log/nginx/example/error.log debug; # enable for debugging purpose # error_log /var/log/nginx/example/error.log debug; location / { root /path/to/mahara/htdocs; index index.html index.php; } include /etc/nginx/apachemod.conf; }
Setting up the ssl
(These instructions taken from the nginx docs)
First change directory to where you want to create the certificate and private key, for example:
$ mkdir /usr/local/nginx/conf $ cd /usr/local/nginx/conf
Now create the server private key, you'll be asked for a passphrase:
$ openssl genrsa -des3 -out server.key 1024
Create the Certificate Signing Request (CSR):
$ openssl req -new -key server.key -out server.csr
Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key
Finally sign the certificate using the above private key and CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The modapache include for nginx
You don't need to put this in a separate file, but it's advisable (makes it reusable across more than one domain)
Create a new file at /etc/nginx/modapache.conf with the following contents:
location ~ .*\\.(php)$ { proxy_pass http://localhost:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; }