System Administrator's Guide/Installing Mahara/Apache//nginx
From Mahara Wiki
< System Administrator's Guide | Installing Mahara
Apache and nginx forced https
The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as an ssl proxy.
Nginx can be installed with apt-get install nginx or whatever is applicable for your server.
Apache configuration
/etc/apache2/sites-available/default
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /path/to/mahara/htdocs
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /path/to/mahara/htdocs/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
Nginx configuration
If this is the only domain that will be served from this server, it's probably ok to use /etc/nginx/sites-available/default otherwise substitute "default" for your domain's identifier.
server {
listen 443;
server_name example.com www.example.com ;
server_name_in_redirect on;
# Note: single domain setups obviously need only one listen directive
# and one single domain declaration in server_name
# ssl setup
ssl on;
ssl_certificate /etc/nginx/conf/server.crt;
ssl_certificate_key /etc/nginx/conf/server.key;
add_header Front-End-Https on;
# logging
access_log /var/log/nginx/example/access.log;
error_log /var/log/nginx/example/error.log debug;
# enable for debugging purpose
# error_log /var/log/nginx/example/error.log debug;
location / {
root /path/to/mahara/htdocs;
index index.html index.php;
}
include /etc/nginx/apachemod.conf;
}
Setting up the ssl
(These instructions taken from the nginx docs)
First change directory to where you want to create the certificate and private key, for example:
$ mkdir /usr/local/nginx/conf $ cd /usr/local/nginx/conf
Now create the server private key, you'll be asked for a passphrase:
$ openssl genrsa -des3 -out server.key 1024
Create the Certificate Signing Request (CSR):
$ openssl req -new -key server.key -out server.csr
Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key
Finally sign the certificate using the above private key and CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The modapache include for nginx
You don't need to put this in a separate file, but it's advisable.
Create a new file at /etc/nginx/modapache.conf with the following contents:
location ~ .*\\.(php)$ {
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}