Last roadblock changing from Apache: SSL & PHP #2

Rainer Duffner rainer at ultra-secure.de
Mon May 15 00:07:28 UTC 2017 

> Am 15.05.2017 um 00:50 schrieb Philip Rhoades <phil at pricom.com.au>:
> 
> Also, nginx and php-fpm were actually running as services of course . .



Maybe strip the  comments next time you post a config file…



I have:

server {
	set_real_ip_from 127.0.0.12; real_ip_header X-Forwarded-For;
	listen 80;
	server_name bla ;
	root /usr/local/www/roundcube;
 	index index.php index.html index.htm; 
	access_log /var/log/nginx/bla_access.log;
	error_log /var/log/nginx/bla_error.log;
	location /roundcube {
		root /usr/local/www/roundcube ;
		try_files $uri $uri/ /index.php?q=$uri&$args;
 	}
	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
		root /usr/local/www//nginx-errors;
	}
	location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
		deny all;
	}
	location ~ ^/(config|temp|logs)/ {
		deny all;
	}
	location ~ /\. {
		deny all;
		access_log off;
		log_not_found off;
	}
# pass the PHP scripts to FastCGI server listening on /var/run/fastcgi/www.sock
	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_pass unix:/var/run/fastcgi/www.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
	}
}


root at webmail:/usr/local/etc/nginx # cat fastcgi_params

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

fastcgi_keep_conn on;
fastcgi_split_path_info       ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO       $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED    $document_root$fastcgi_path_info;


Not chrooted, though, because it’s in a jail and I haven’t figured out how to setup all the fancy nullfs mounts in a jail.

It’s behind a haproxy that distributes traffic between various jails - but that’s irrelevant for the current  case.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170515/41ecac70/attachment.html>

More information about the nginx mailing list