Jump to content

ProcessWire on NGINX


jose

Recommended Posts

This worked like charm for me with Debian 7 + Nginx 1.2.1 + PW2.3 setup. Only change I did is instead of 'fastcgi_pass unix:/var/run/example.com_fpm.sock;' I am using 'fastcgi_pass 127.0.0.1:9000;'

Any advantages of using one over other ? 

You might want to read this

So if you're looking for performance locally, I think UNIX domain sockets probably best meet your need. 
Link to comment
Share on other sites

  • 5 months later...

Hi.

(My first post in this forum after creating my first site with Processwire :) )

Only to let you know that the u-nikos's nginx configuration works perfect with Processwire 2.4 :)

I think you can add "official" support and link to his comment for the configuration. I had doubts about how difficult it would be at the beginning and maybe there are people in the same position without knowing that it's really easy to make it works.

I'll work a little more with nginx caching (or microcaching). I'll let you know if I do some advances in this area.

Best

  • Like 10
Link to comment
Share on other sites

  • 2 weeks later...
  • 7 months later...

I've just tested these with 2.5 and everything is running nice and smooth. :)

Hey all,

I've converted the ProcessWire 2.3 rules to Nginx. Hope this will help some people :)

Greetings,

Niek

server {
	listen 80;
	listen 443 ssl;

	root /var/www/example.com/public_html;
	server_name example.com www.example.com;
	ssl_certificate /etc/pki/tls/certs/example.com.crt;
	ssl_certificate_key /etc/pki/tls/private/example.com.key;

	client_max_body_size 50m;
	access_log /var/www/example.com/_logs/access.log;
	error_log /var/www/example.com/_logs/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
	# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
	# -----------------------------------------------------------------------------------------------

	if ($host !~* ^www\.) {
		rewrite ^(.*)$ $scheme://www.$host$1 permanent;
	}

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		fastcgi_pass unix:/var/run/example.com_fpm.sock;
	}
}
  • Like 2
Link to comment
Share on other sites

  • 5 months later...

Got a PW install working on ubunto 14.04 with serverpilot.io but for some reason the admin works but the site is blank - http://bbstarter.nicegrp.com/ and http://bbstarter.nicegrp.com/admin/

currently has the htaccess which nginx is "apparently" got a proxy for. I played with the nginx conf site files to see if i could fix it but havent been able to as far. aynone had similar issues?

UPDATE: sorry, hadn't had some modules installed, so working now

Link to comment
Share on other sites

  • 1 month later...

Hi,

How to adapt it to make it run with subdirectory installs ?

Hey all,

I've converted the ProcessWire 2.3 rules to Nginx. Hope this will help some people :)

Greetings,

Niek

server {
	listen 80;
	listen 443 ssl;

	root /var/www/example.com/public_html;
	server_name example.com www.example.com;
	ssl_certificate /etc/pki/tls/certs/example.com.crt;
	ssl_certificate_key /etc/pki/tls/private/example.com.key;

	client_max_body_size 50m;
	access_log /var/www/example.com/_logs/access.log;
	error_log /var/www/example.com/_logs/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
	# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
	# -----------------------------------------------------------------------------------------------

	if ($host !~* ^www\.) {
		rewrite ^(.*)$ $scheme://www.$host$1 permanent;
	}

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		fastcgi_pass unix:/var/run/example.com_fpm.sock;
	}
}
Link to comment
Share on other sites

  • 4 months later...

Heythere,

to run the XML sitemap module from pete you'll have to add 3 more lines to your config:

location = /sitemap.xml {
  try_files $uri $uri/ /index.php?it=$uri&$args;
}

Otherwise you'll get an 404 error.

Cheers from austria!

  • Like 4
Link to comment
Share on other sites

  • 3 months later...

Hi all.

I have a successfully installed and running PW site on NGINX on a Rasp Pi 3. It all went well and easy thanks to the hints and tricks in this thread.

However even though I hits the frontpage nicely then any navigation to anything on the site returns a 404 - even the admin panel URL.

I suspects that it does not properly pass the URL to processwire but is instead trying to move to a directory. Any ideas?

  • Like 1
Link to comment
Share on other sites

NGINX isnt just good for VPS with small amount of memory, its good for websites with tons of traffic as well!  Even easier to get working than trying to make apache work right.   Looking forward to the official support for this!

  • Like 1
Link to comment
Share on other sites

  • 5 months later...

Hi all,

I have a project running pw-2.7.2 on nginx with config from this topic. All works fine.

But now I want to update to pw-3.0 (or pw-2.8, same problem). After switching the wire-folder and index.php there is an endless redirection.

Any idea what to do?

 

Link to comment
Share on other sites

  • 9 months later...

Has anyone managed to get PW working in a sub directory as well.

I have PW running at route and also I have a second demo PW running under /demo/

I have tried adding:

location /demo/ {
    try_files $uri $uri/ /demo/index.php?it=$uri&$args;
}

 but if I try to navigate to any page other that the root page (/demo/) they are broken.

Any help would be appreciated.

Link to comment
Share on other sites

  • 1 month later...
On 2017/8/22 at 9:58 PM, alexmercenary said:

Has anyone managed to get PW working in a sub directory as well.

I have PW running at route and also I have a second demo PW running under /demo/

I have tried adding:


location /demo/ {
    try_files $uri $uri/ /demo/index.php?it=$uri&$args;
}

 but if I try to navigate to any page other that the root page (/demo/) they are broken.

Any help would be appreciated.

I have the same problem. I got 404 page. PLS help me!

Link to comment
Share on other sites

  • 6 months later...
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;
    root /home/forge/example.com/public;

    
    index index.html index.htm index.php;

    charset utf-8;

    
    # -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}
	#Amplify dashboard
	location /nginx_status {
        stub_status on;
        allow 127.0.0.1;
        deny all;
    }

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 15d;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$query_string;
	}
	
	# -----------------------------------------------------------------------------------------------
	# ProCache Rules
	# -----------------------------------------------------------------------------------------------

	set $cache_uri $request_uri;

	if ($request_method = POST) {
		set $cache_uri 'nocache';
	}

	if ($http_cookie ~* "wires_challenge") {
		set $cache_uri 'nocache';
	}
	
	if ($http_cookie ~* "persist") {
		set $cache_uri 'nocache';
	}


	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		expires -1;
		try_files /site/assets/ProCache-b3d534d...d/$cache_uri/index.html $uri $uri/ /index.php?it=$uri&$args;
	}
    

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

 

  • Like 11
Link to comment
Share on other sites

  • 6 months later...

hi guys 
i'm read this thread an find big error in your configs
Please do not use try_files - this config keyword add in nginx special for stupid Wordpress users (c) Igor Sysoev [main nginx developer] 
this instruction in config make nginx lowerest
For exemple more fast equival:

	error_page 404 = @php-fpm;
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}
	location @php-fpm {
		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        include fastcgi_params;
		fastcgi_param it $uri; 
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
	}


 

  • Like 2
Link to comment
Share on other sites

  • 6 months later...

Hey everyone searching for this topic — if you're using Let's Encrypt with URL validation, don't forget to replace the part blocking dotfiles

location ~ /\. {
	deny all;
}

With block denying everything BUT .well-known

location ~ /\.(?!well-known).* {
	deny all;
}

 

  • Like 4
  • Thanks 2
Link to comment
Share on other sites

  • 10 months later...
  • 4 years later...

I have more than a dozen PW sites running on CloudPanel, which uses NGINX. I’m using the basic PHP site configuration CloudPanel offers, and it works out of the box. I’ve added a few rules mentioned above in this thread for extra security (they’re not actually needed for running PW), plus ProCache rules. 

Not sure if these settings can be copied as such in a standard NGINX setup that does not use CloudPanel, but I could post them here if you want. 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...