System Administrator's Guide/Installing Mahara/Apache//nginx

From Mahara Wiki
< System Administrator's Guide‎ | Installing Mahara
Revision as of 11:25, 2 September 2011 by Melissadraper (talk | contribs) (Created page with "= Apache and nginx forced https = The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as …")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Apache and nginx forced https

The following is instructions for how to have apache process your .php files and nginx statically serve your non-dynamic files while acting as an ssl proxy.

Nginx can be installed with apt-get install nginx or whatever is applicable for your server.

Apache configuration

/etc/apache2/sites-available/default

<VirtualHost *:8080>
	ServerAdmin [email protected]

	DocumentRoot /path/to/mahara/htdocs
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /path/to/mahara/htdocs/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

Nginx configuration

If this is the only domain that will be served from this server, it's probably ok to use /etc/nginx/sites-available/default otherwise substitute "default" for your domain's identifier.

server {
        listen          443;

        server_name     example.com www.example.com ;
        server_name_in_redirect on;

        # Note: single domain setups obviously need only one listen directive
        # and one single domain declaration in server_name

        # ssl setup
        ssl             on;
        ssl_certificate      /etc/nginx/conf/server.crt;
        ssl_certificate_key  /etc/nginx/conf/server.key;
        add_header           Front-End-Https    on;

        # logging
        access_log      /var/log/nginx/example/access.log;
        error_log       /var/log/nginx/example/error.log debug;

        # enable for debugging purpose
        # error_log     /var/log/nginx/example/error.log debug;

        location / {
            root        /path/to/mahara/htdocs;
            index       index.html index.php;
        }

        include /etc/nginx/apachemod.conf;

}

Setting up the ssl

(These instructions taken from the nginx docs)

First change directory to where you want to create the certificate and private key, for example:

$ mkdir /usr/local/nginx/conf
$ cd /usr/local/nginx/conf

Now create the server private key, you'll be asked for a passphrase:

$ openssl genrsa -des3 -out server.key 1024

Create the Certificate Signing Request (CSR):

$ openssl req -new -key server.key -out server.csr

Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:

$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key

Finally sign the certificate using the above private key and CSR:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The modapache include for nginx

You don't need to put this in a separate file, but it's advisable.

Create a new file at /etc/nginx/modapache.conf with the following contents:

location ~ .*\\.(php)$ {
    proxy_pass         http://localhost:8080;
    proxy_redirect     off;

    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

    client_max_body_size       10m;
    client_body_buffer_size    128k;

    proxy_connect_timeout      90;
    proxy_send_timeout         90;
    proxy_read_timeout         90;

    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;
}