System Administrator's Guide/Installing Mahara/Apache//nginx
From Mahara Wiki
< System Administrator's Guide | Installing Mahara
Apache and nginx forced https
The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as an ssl proxy.
Nginx can be installed with apt-get install nginx or whatever is applicable for your server.
Apache configuration
/etc/apache2/sites-available/default
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /path/to/mahara/htdocs
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /path/to/mahara/htdocs/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
Add the following to /etc/apache2/ports.conf
NameVirtualHost *:8080 Listen 8080
Nginx configuration
If this is the only domain that will be served from this server, it's probably ok to use /etc/nginx/sites-available/default otherwise substitute "default" for your domain's identifier.
server {
listen 443;
server_name example.com www.example.com ;
server_name_in_redirect on;
# Note: single domain setups obviously need only one listen directive
# and one single domain declaration in server_name
# ssl setup
ssl on;
ssl_certificate /etc/nginx/conf/server.crt;
ssl_certificate_key /etc/nginx/conf/server.key;
add_header Front-End-Https on;
# logging
access_log /var/log/nginx/example/access.log;
error_log /var/log/nginx/example/error.log debug;
# enable for debugging purpose
# error_log /var/log/nginx/example/error.log debug;
location / {
root /path/to/mahara/htdocs;
index index.html index.php;
}
include /etc/nginx/apachemod.conf;
}
You will need to set up the /var/log/nginx/example/ directory (or equivalent) for the logs, if it doesn't already exist, before nginx will load.
Setting up the ssl
(These instructions taken from the nginx docs)
First change directory to where you want to create the certificate and private key, for example:
$ mkdir /usr/local/nginx/conf $ cd /usr/local/nginx/conf
Now create the server private key, you'll be asked for a passphrase:
$ openssl genrsa -des3 -out server.key 1024
Create the Certificate Signing Request (CSR):
$ openssl req -new -key server.key -out server.csr
Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key
Finally sign the certificate using the above private key and CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The modapache include for nginx
You don't need to put this in a separate file, but it's advisable (makes it reusable across more than one domain)
Create a new file at /etc/nginx/modapache.conf with the following contents:
location ~ .*\\.(php)$ {
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}