jose

ProcessWire on NGINX

Recommended Posts

Hello Everyone,

Sorry that I have not been on the forums much of late.  As my development team moves to use ProcessWire as our main cms tool for clients.  We have needed to make sure that ProcessWire works on nginx platform.  We use both apache and nginx, we found as many already have that nginx is faster and easier to configure.  It scales well and when you really need speed it is a great solution.

Anyways with all that being said ProcessWire was surprisingly easy to configure for nginx and did not require adding or modifying any code. Using the same "try_files"  directives used for Wordpress and Dupral I was able to run it under nginx, here is a sample config:
 


upstream php {

        server unix:/tmp/php-cgi.socket;

        server 127.0.0.1:9000;

}


server

{

    listen      80;

    server_name  hostname;


    root  /websites/path/to/processwire;

    index index.php;


    try_files $uri $uri/ /index.php?it=$uri&$args;


    location ~ \.php$ {

        fastcgi_split_path_info ^(.+\.php)(/.+)$;

        include fastcgi.conf;

        fastcgi_intercept_errors on;

        fastcgi_pass php;

    }

}

There are a few things that still need to be done like protecting the wire and certain directories like assets but so far everything looks to be working correctly. 

If ProcessWire has a test suite, I could run it against this server to see if everything is functioning properly. I think that advertising the fact that ProcessWire works under nginx would greatly help to attract more eyes to the project(not that it isn't doing great already) and to give options to hosting and scalability. If you would like help working on this for official support of the platform, perhaps with adding detection algorithms to the install or anything else that is needed, I would be glad to help.  Anyways I hope someone finds this post useful.

  • Like 2

Share this post


Link to post
Share on other sites

Jose,

Thanks so much for your efforts here. We would definitely appreciate your help in getting official nginx support for PW. I don't have experience with nginx, but your post makes me want to try it out. For starters, I will update our site next week to cross reference your info here so it'll be easy for others to find, and let me know what else I can do to provide better support for nginx. You'd mentioned the installer, but I'm not exactly sure what to detect--I think I need to get nginx installed on my dev server. I look forward to the next steps here.

Thanks!!

Ryan

Share this post


Link to post
Share on other sites

Ryan, I think that information like this (and installin PW under IIS likewise) should not be linked from page to forums; we should ask autors to rewrite this 'tips' into installing on different server notes. just btw :) Thanks, Jose :)

Share this post


Link to post
Share on other sites

Ryan,

I think that you will like nginx a whole lot.  It is light weight, easy to use, asynchronous, over all a great piece of software.  That's not to knock apache at all since we still use apache and it is rock solid.

If you want to play with it quickly I recommend a virtual machine, either hosted like on cloudserver by rackspace(just started using this service and so far I am happy with it) or fire up virtual box or vmware and install debian linux(squeeze).  With a basic install add the dotdeb repositories and install these packages

apt-get install nginx php5-mysql php5-fpm php5-gd postfix mysql-server

Install postfix as an internet site/with direct delivery and keep all defaults.

Once everything is installed you can edit and create the configuration files /etc/nginx/sites-available and sites-enabled directories.

A simple start of nginx server

/etc/init.d/nginx start

and your off and running.

There is a lot of great documentation out there this is just meant to peak your appetite for nginx.

As far as the install is concerned, the are 2 areas:

1)  .htaccess file is not supported under nginx the fact that its not there should not fire off an error (perhaps a warning) if we are not under apache.

2) rewrite module detection, again not needed for nginx, perhaps a warning instead of an error.  I am sure we can detect nginx with the simple $_SERVER['SERVER_SOFTWARE'] global. 

Other then that ProcessWire seems to install and work perfectly under nginx. I will be updating the rewrite rules for nginx to exclude the core folder from direct access when I get closer to deployment of 3 projects we are building with ProcessWire.

I would tend to agree that a more formal documentation would be better then relying on a forum, you never know what can happen to a forum.  I would be glad to help write formal configuration documentation as well as help write the detection code in the installer.  I am excited to see this project moving forward so well and hope to be a consistent contributer and community member.  Thanks again for all your efforts.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for these instructions Jose, I will definitely have to give this a try sometime. I've been running on entry-level VPSs for a long time, and something that uses less resources than Apache could actually be very useful in this environment.

I would appreciate your help in writing the formal documentation for install under nginx and making the installer more nginx friendly. It sounds like what we should do is have the installer suppress a couple of it's error messages if it detects nginx as the server software. If you can send me the output of this from an nginx server sometime, this may help:

<?php print_r($_SERVER); 

I think adding a page a formal documentation to the site would be great, so lets plan on that, and I'll definitely take you up on your offer to help write it.

I will be updating the rewrite rules for nginx to exclude the core folder from direct access when I get closer to deployment of 3 projects we are building with ProcessWire.

For security, there are actually quite a few things that you need to block access to. It's important that http access be blocked to all of these:

  • *.module
  • *.cache
  • /wire/core/*.php and *.inc
  • /wire/modules/*.php and *.inc (and all dirs below)
  • /site/modules/*.php and *.inc (and all dirs below)
  • /site/templates/*.php and *.inc (and all dirs below)
  • /site/templates-admin/*.php and *.inc
  • /wire/templates-admin/*.php and *.inc
  • /site/assets/*.php (and all dirs below)
  • /site/assets/cache/* everything
  • /site/assets/logs/* everything
  • /site/assets/sessions/* everything
  • /site/assets/backups/* everything
  • /site/assets/config/* everything
  • /site/assets/install/* everything
  • /site/install/* (and all dirs below)
  • /site/config.php

Lastly, the server should not pass the request to ProcessWire if the URL doesn't match this pattern:

-_.a-zA-Z0-9/

If the URL contains anything other than those characters (and ranges), the server should not send the request to PW. (excluding query strings, which aren't a consideration). Let me know if this is not possible in nginx for some reason, as it may still be okay since PW sanitizes this too. But this can really help with keeping out a lot of junk/bot/exploratory traffic.

Share this post


Link to post
Share on other sites

Anything new on this subject? Apparently nginx is really faster and less ram consuming than apache.

Share this post


Link to post
Share on other sites

I haven't heard any more on it here. What environments are people using it in? Is this something used by any hosting providers, or just something one would use on their own dedicated server? Just wondering what might be the best way for me to get a test environment going sometime in the future.

Share this post


Link to post
Share on other sites

I'm asking because I was reading some tutorials and advices for installing the server on Linode, and there are lots of people using nginx instead of apache. they advice it especially for vps plans with less ram. It also seems like a growing number of people are using it, might be worth to have a look.

The configuration for php applications doesn't look too complicated. here is an example for joomla http://docs.joomla.org/Nginx, and here you can find some more applications http://wiki.nginx.org/Configuration

and here is a primer http://blog.martinfjordvald.com/2010/07/nginx-primer/

Share this post


Link to post
Share on other sites

Thanks those looks should be helpful, I will take a closer look soon. It sounded to me like Jose had things working well with nginx, though I never did hear back about the directories that needed to be blocked and rewrite rules that need to be maintained for security. I'm guessing that will be a relatively simple solution, but would want to make sure those issues are covered before running it.

Share this post


Link to post
Share on other sites

I too am thinking about switching to ngynx, can't wait to see the full documentation on this! But I'll tinker as well and report back what I find.

Share this post


Link to post
Share on other sites

Update: I now have PW running on nginx. It took a little longer than expected & I'll post more when I've investigated it further.

  • Like 4

Share this post


Link to post
Share on other sites

Update: I now have PW running on nginx. It took a little longer than expected & I'll post more when I've investigated it further.

Hi Netcarver, I'm currently transferring some PW projects to a nginx server, can you give some more details about important steps to make this less painfull? :)

Share this post


Link to post
Share on other sites

Hi recyclerobot,

I don't know if this will help but here's a quick rundown of what I did to get this working.

I setup a new Ubuntu 12.04 64-bit server in a fresh virtual machine & configured it as an SSH server with a static IP address (Actually, I just cloned one I'd prepared for something else). Then I followed this HowToForge tutorial about installing nginx + mysql + php-fpm. Only thing I did different to the linked tutorial was that I setup APC instead of Xcache.

Following that I installed vim-nox, git & phpmyadmin and then created a new DB and DB user for ProcessWire to use. I then did a git clone into /usr/share/nginx/www/pw and added an entry to /etc/hosts called "pw-nginx.test" and also setup this config file in /etc/nginx/sites-available/pw-nginx.test ...

server {
	listen 80;
	server_name pw-nginx.test;
	root /usr/share/nginx/www/pw;
	index index.php;
	try_files $uri /index.php?it=$uri&$args;
	location ~ \.php$ {
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
			fastcgi_index index.php;
			fastcgi_intercept_errors on;
			fastcgi_pass unix:/tmp/php5-fpm.sock;
	}
	location ~ /\.ht {
			deny all;
	}
}

That's about as bare bones as I could make it.

Next, I created a symlink to this file in /etc/nginx/sites-enabled, reloaded nginx and pointed my browser at pw-nginx.test (I had to add pw-nginx.test to /etc/hosts on my client box too) and I saw the ProcessWire installation page. You may need to fix any permission issues and definitely ignore the warning about .htaccess problems in order to install ProcessWire.

Well, to cut a long story short, ProcessWire installed fine and, as far as I can tell, the admin and public interfaces work correctly too.

But note this: This configuration is totally insecure. All the protected assets that Ryan posted about above (except for the .htaccess file) are accessible from publicly accessible URLs. As I'm new to nginx, I've not had time to lock down what I posted above.

All the above is from memory and I may have missed something. If something occurs to me, I'll update the above.

Anyway, hope that helps.

  • Like 2

Share this post


Link to post
Share on other sites
server {
	listen 80;
	server_name pw-nginx.test;
	root /usr/share/nginx/www/pw;
	index index.php;
	try_files $uri /index.php?it=$uri&$args;
	location ~ \.php$ {
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
			fastcgi_index index.php;
			fastcgi_intercept_errors on;
			fastcgi_pass unix:/tmp/php5-fpm.sock;
	}
	location ~ /\.ht {
			deny all;
	}
}

That's about as bare bones as I could make it.

Hi Netcarver, thx so much for your help, managed to get it up and running, now testing a nginx in the cloud with assets on an amazon S3 and shared database, that should give me enough breathing room to let this baby grow :)

Share this post


Link to post
Share on other sites

Hi, there

I run pw on nginx too, here you are my $0.02

When I was setting up pw I got a page with the error "No input file specified" which I think served to me not nginx, but a php engine.

I solved that by adding this line to the location block in nginx site config:

fastcgi_param SCRIPT_FILENAME /path/to/processwire/root/folder/$fastcgi_script_name;

  • Like 1

Share this post


Link to post
Share on other sites

Hi! Can anyone share config with "security section"?

thx

Share this post


Link to post
Share on other sites

Hi,

I use ProcessWire under NGiNX on both FreeBSD for production and Fedora for development. My security configuration is as follows:

    ### SECURITY - Protect crucial files
    location ~ /\. {
	    deny  all;
    }
    location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/install {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php {
	    deny  all;
    }
    location ~ ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl) {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) {
	    deny  all;
    }

I can share rewriting and php-fpm configuration also if required.

Regards,

Neil Darlow

  • Like 5

Share this post


Link to post
Share on other sites

Thanks for the reply!

I can share rewriting and php-fpm configuration also if required.

I think it will be very useful.

Share this post


Link to post
Share on other sites

Hi,

This is a complete server configuration block for NGiNX communicating with php-fpm.

There are a few things that will require customisation:

  1. server_name
  2. root
  3. access_log and error_log
  4. fastcgi_pass - socket or TCP specification
  5. configuration blocks relating to 40x and 50x error handling

Note the use of fastcgi_param HTTP_MOD_REWRITE On; which quiets an installer error about requiring mod_rewrite. You might also want to copy htaccess.txt to .htaccess in the ProcessWire top-level directory.

   server {
    listen	    80 default_server;
    server_name   localhost localhost.localdomain;
    index		 index.php index.html;
    root		  /var/www/html;
    access_log    /var/log/nginx/access.log  main;
    error_log	 /var/log/nginx/error.log  notice;
    default_type  application/x-php;

    ### SECURITY - Protect crucial files
    location ~ /\. {
	    deny  all;
    }
    location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/install {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php {
	    deny  all;
    }
    location ~ ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl) {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) {
	    deny  all;
    }

    ### GLOBAL REWRITE
    location / {
	    try_files  $uri  $uri/  /index.php?it=$uri&$args;
    }

    # pass the PHP scripts to FastCGI server on local socket
    #
    location ~ .+\.php((/|\?).*)?$ {
	    fastcgi_pass					 unix:/run/php-fpm/php-fpm.sock;
	    fastcgi_index				    index.php;
	    fastcgi_split_path_info		  ^(.+\.php)(.*)$;
	    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
	    fastcgi_param  PATH_INFO		 $fastcgi_path_info;
	    fastcgi_param  HTTP_MOD_REWRITE  On;
	    include  fastcgi_params;
    }
    # redirect server error pages to the static page /40x.html
    #
    error_page  404  /404.html;
    location = /40x.html {
	    root  /usr/share/nginx/html;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
	    root  /usr/share/nginx/html;
    }
   }

In the php-fpm configuration you need to specify unix socket or TCP connection parameters and possibly the chdir setting. These are distribution-dependent values and you will need to determine the correct values for your scenario.

My configuration is as follows:

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;						    a specific port;
;   'port'				 - to listen on a TCP socket to all addresses on a
;						    specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /run/php-fpm/php-fpm.sock

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;				 mode is set to 0666
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
chdir = /var/www/html

Please note that I researched these configurations and the preceeding security configuration from original documentation. I did not rely on howtos available on the Internet. Each has been carefully implemented and undergone significant testing before going into production.

Regards,

Neil Darlow

  • Like 9

Share this post


Link to post
Share on other sites

You might also want to copy htaccess.txt to .htaccess in the ProcessWire top-level directory.

What is it for? Just for installer?

Share this post


Link to post
Share on other sites

@Neil Darlow

Welcome to the ProcessWire forums and, wow, what a start! Thank you for sharing your production config file, that will save me (at least) some research.

Share this post


Link to post
Share on other sites

What is it for? Just for installer?

@k07n: Yes. If you set your permissions correctly on the webserver, apply the HTTP_MOD_REWRITE parameter and copy htaccess.txt to .htaccess then the only warning you receive from the installer is that it can't determine the server software version but it may be possible to continue (which it is!). I should also add that I didn't include: fastcgi_intercept_errors on; in my server configuration block. I have this in my NGiNX http block as a global switch.

@netcarver: Thank you for the kind words. I may not post frequently but I try to make what I write useful to others.

Regards,

Neil Darlow

  • Like 2

Share this post


Link to post
Share on other sites

Hey all,

I've converted the ProcessWire 2.3 rules to Nginx. Hope this will help some people :)

Greetings,

Niek

server {
	listen 80;
	listen 443 ssl;

	root /var/www/example.com/public_html;
	server_name example.com www.example.com;
	ssl_certificate /etc/pki/tls/certs/example.com.crt;
	ssl_certificate_key /etc/pki/tls/private/example.com.key;

	client_max_body_size 50m;
	access_log /var/www/example.com/_logs/access.log;
	error_log /var/www/example.com/_logs/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
	# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
	# -----------------------------------------------------------------------------------------------

	if ($host !~* ^www\.) {
		rewrite ^(.*)$ $scheme://www.$host$1 permanent;
	}

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		fastcgi_pass unix:/var/run/example.com_fpm.sock;
	}
}
  • Like 14

Share this post


Link to post
Share on other sites

Hey all,

I've converted the ProcessWire 2.3 rules to Nginx. Hope this will help some people :)

Greetings,

Niek

server {
	listen 80;
	listen 443 ssl;

	root /var/www/example.com/public_html;
	server_name example.com www.example.com;
	ssl_certificate /etc/pki/tls/certs/example.com.crt;
	ssl_certificate_key /etc/pki/tls/private/example.com.key;

	client_max_body_size 50m;
	access_log /var/www/example.com/_logs/access.log;
	error_log /var/www/example.com/_logs/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
	# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
	# -----------------------------------------------------------------------------------------------

	if ($host !~* ^www\.) {
		rewrite ^(.*)$ $scheme://www.$host$1 permanent;
	}

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		fastcgi_pass unix:/var/run/example.com_fpm.sock;
	}
}

This worked like charm for me with Debian 7 + Nginx 1.2.1 + PW2.3 setup. Only change I did is instead of 'fastcgi_pass unix:/var/run/example.com_fpm.sock;' I am using 'fastcgi_pass 127.0.0.1:9000;'

Any advantages of using one over other ?

Thank you for posting complete config file @u-nikos

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By gonzz
      Hi i'm having a recurrent problem I found on this forum: when using the image uploader I get the following error on console "Unexpected token < in JSON". But I couldn't solve it with any of the other proposed solutions:
      setting debug to true setting $config->uploadTmpDir = dirname(__FILE__) . '/assets/uploads/'; setting uploadTmpDir in php.ini  
      BUT This problem only appears for non superuser users (ie editors).
      Running on a Digitial Ocean Server with NGINX and PHP 7.1. Version is ProcessWire 3.0.62
      Note: Im using Fredi plugin, but i doubt that's the problem because I'm using it in other sites with no problem
       
      Any idea how i could solve this (even with non ajax image upload) I need to sort this as fast and simple as possible
      Thanks in advance
    • By taoguang
      Now I add a PW on my domain. It runs OK.
      Then I have a second demo PW running under /demo/ subdirectory.
      and adding these code to nginx rewrite:
      location /demo/ { try_files $uri $uri/ /demo/index.php?it=$uri&$args; } Then I access the subdirectory's homepage(/demo/) is OK, other page return a 404 error.
      But I replaced the other cms to /demo/, It's really OK. Why?
      How to fix these errors?
    • By RyanJ
      Hello!
      Looking for a bit of advice or suggestions here. I don't claim to be a nginx expert, but I have PW version 3.0.62 powering an app running on a cloud server with nginx. Everything operates fine for the most part, but from time to time I am getting a network error message when trying to navigate in the admin or just a plain ole 500 error. Specifically when logging in initially and trying to view the page tree. A pop up window appears with the network error message (I will grab a screen shot next time I see it). Also when navigating through the admin I get random 500 errors. 
      php 5.6.x
      nginx
      cloud hosting service
      A couple of corresponding logs below.
      Error log in pw admin:
      Error: Cannot instantiate abstract class ProcessWire\ProcessPageListRender (line 331 of /xxx/xxx/xxx/wire/modules/Process/ProcessPageList/ProcessPageList.module)
      Nginx Error log:
      017/05/12 10:11:47 [error] 7305#0: *14305329 readv() failed (104: Connection reset by peer) while reading upstream, client: xx.xxx.xxx.xxx, server: theserver, request: "GET /login/page/ HTTP/1.1", upstream: "fastcgi://unix:/xxxxx/dev/.php-fpm.socket:", host: "thehost", referrer: "http://domain/login/setup/logs/view/errors/"
      017/06/21 14:15:29 [error] 29093#0: *106631997 readv() failed (104: Connection reset by peer) while reading upstream, client: xx.xxx.xxx.xxx, server: server, request: "GET /login/page/edit/?id=1489 HTTP/1.1", upstream: "fastcgi://unix:/xxxxx/dev/.php-fpm.socket:", host: "thehost", referrer: "http://domain/login/page/"
      Thanks for your time.
    • By gebeer
      Hello everyone,
      I've been fiddling around a lot lately with docker containers for my local development on a linux machine. Tried many different options, also readily available processwire images and tutorials from the forum. But never got it right. Mainly because of permission issues with docker volumes. That is a tricky part on linux machines whereas on OSX it doesn't seem to be an issue.
      Then I discovered http://www.wordpressdocker.com/. And the setup with nginx as a proxy that routes requests to separate containers with the actual site install appealed to me. The whole thing sits on top of alpine linux containers which are really lightweight. So I decided to give it a try.
      And, first time since experimenting with docker, I got a running PW install. Rewriting was not working until I adjusted the nginx config. Now I have a fairly complex PW site running in a container. Everything is working, image upload/editing etc.
      So I'm really exited, especially since the dev site is now blazing fast compared to my old vagrant virtualbox vm setup.
      Honestly, I don't really understand everything that is happening behind the scene. But I managed to adjust the original files and build a new image that works with PW and doesn't have all the WP stuff.
      The nginx config I took from https://github.com/elasticweb/nginx-configs/blob/master/configs/processwire-2.conf
      Not sure if it covers everything for PW3 as well. I would very much appreciate if someone who is more in the know than me could take a look.
      All files for building the docker image are here https://github.com/gebeer/alpine-php-processwire
      A working image here: https://hub.docker.com/r/gebeer/alpine-php-processwire/
      Documentation is kind of lacking. I took over quite a lot from the original project. But following the github README and the original documentation should get people started who have a little experience with docker already.
      If someone needs a more in depth step by step tutorial for setting things up, let me know and I'll put something together.
    • By blacksrv
      Hi, I'm having some issues with PW after a NGINX error, I'll try to elaborate:
      1) My nginx site conf file went corrupt.
      2) try to recreate it using: https://processwire.com/talk/topic/275-processwire-on-nginx/ 
      3) All my urls are accesible using '/' or without it.
      4) I have urls that doesn't work without the / at the end, the url is dynamic (I check for the segments)
      Ex:  
      "www.url.com/something/countries/usa" works!
      "www.url.com/something/countries/usa/" works!
      "www.url.com/something/countries/mexico/" works!
      "www.url.com/something/countries/mexico" doesn't work
      I assume it has something to do with my nginx, it only happens with the same country, in fact if you use a country that doesn't exist it just redirect you to the main url, but in 'mexico' case it just return a 404. 

      Any ideas???
      edit: something I forgot I testing adding it a backslash to all urls but the backend has some troubles when it comes to saving.