Main configuration

Gestion des Alias avec Nginx

Fichier de configuration principal:

/usr/local/etc/nginx/nginx.conf
load_module /usr/local/libexec/nginx/ngx_http_image_filter_module.so; load_module /usr/local/libexec/nginx/ngx_http_geoip_module.so; load_module /usr/local/libexec/nginx/ngx_http_perl_module.so; load_module /usr/local/libexec/nginx/ngx_http_headers_more_filter_module.so; load_module /usr/local/libexec/nginx/ngx_http_eval_module.so; load_module /usr/local/libexec/nginx/ngx_http_lua_module.so; load_module /usr/local/libexec/nginx/ngx_stream_module.so; user www; worker_processes 2; worker_cpu_affinity 0101 1010; events { worker_connections 2048; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; # gzip_comp_level 6; # gzip_types text/css text/javascript application/json application/javascript application/x-javascript; include conf.d/*.conf; }

Configuration un domaine

Configurer d'un domaine
Joomla est le framework utilisé

/usr/local/etc/nginx/conf.d/www.domain.tld.conf
server { listen 80; listen 443 ssl; server_name domain.tld www.domain.tld; # Forcer la connection en https if ($scheme = http) { return 301 https://www.domain.tld$request_uri; } # Forcer la connection en https et réécrire url avec https://www.domain.tld if ($http_host = domain.tld) { return 303 https://www.domain.tld$request_uri; } ssl_certificate /usr/local/etc/nginx/certifcats/1_www.domain.tld_bundle.crt; ssl_certificate_key /usr/local/etc/nginx/certifcats/www.domain.tld.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; charset utf-8; server_name_in_redirect off; access_log /var/log/nginx/domain.tld.access.log; error_log /var/log/nginx/domain.tld.error.log info; # * * * * * * * * * * * * * * * * * * * * * * * * * * # MAIN SITE JOOMLA root /usr/local/www/apache24/data; include conf.d/php.full; include conf.d/restrictions.full; index index.php index.html index.htm default.html default.htm; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } location / { try_files $uri $uri/ /index.php?$args; include conf.d/php.fast; } location /phpmyadmin { allow 127.0.0.1; allow 1.2.3.4; deny all; alias /usr/local/www/phpMyAdmin; autoindex off; rewrite ^(/phpmyadmin)(/.*?\.php)(/.*)?$ /...$document_root/...$1/...$2/...$3 last; } location /postfixadmin { allow 127.0.0.1; allow 1.2.3.4; deny all; alias /usr/local/www/postfixadmin; autoindex off; rewrite ^(/postfixadmin)(/.*?\.php)(/.*)?$ /...$document_root/...$1/...$2/...$3 last; } location /webmail { alias /usr/local/www/roundcube; autoindex off; rewrite ^(/webmail)(/.*?\.php)(/.*)?$ /...$document_root/...$1/...$2/...$3 last; } location /webmail2 { alias /usr/local/www/rainloop; autoindex off; rewrite ^(/webmail2)(/.*?\.php)(/.*)?$ /...$document_root/...$1/...$2/...$3 last; } location ~ ^/cgi-bin/?.*\.pl|printenv|cgi$ { allow 127.0.0.1; allow 1.2.3.4; deny all; gzip off; fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; include fastcgi_params; } # set client body size to 24M # client_max_body_size 24M; }

Merci à: YinYeti pour son article .
This solution works by emulating a kind of “php-fpm” function (the last location above), that takes 4 parameters
(“?<p_…>” above), with the string “/...” as a separator:

* first the file-system prefix, i.e. the place where web files are stored;
* then the URI prefix, i.e. the web location under which web pages are found;
* then the URI ending, written so that it can be appended both to the first parameter
(to obtain the actual PHP file’s full path), and to the second
(to obtain the full URI minus the parameters);
* finally the path info, if any was detected in the URI.

This “function” is called by the rewrite rules; a simple copy–paste is enough to create a new call
for a new location, the only part to adapt being the location at the start of the rewrite rule.
The only different rewrite rule is the one for locations that work on a “root” instead of an “alias”,
because then the location’s path is supposed to be appended to the “root” to find the PHP file,
instead of being substituted by the “alias”; such a rewrite rule thus has one less “parameter” to give
to the “function”.
Note the important “internal” keyword inside the “function”: it ensures that for example
 “http://myserver/info.php” works but “http://myserver/.../var/www/html/.../.../info.php/...” does not;
 without the “internal” keyword, it would, and it would be a security issue.

Include php.full

Include php.full

/usr/local/etc/nginx/conf.d/php.full
location /... { internal; autoindex off; location ~ ^/\.\.\.(?.*)/\.\.\.(?.*)/\.\.\.(?.*\.php)/\.\.\.(?.*)$ { fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $p_doc_root$p_script; fastcgi_param SCRIPT_NAME $p_prefix$p_script; fastcgi_param REQUEST_URI $p_prefix$p_script$p_pathinfo$is_args$query_string; fastcgi_param DOCUMENT_URI $p_prefix$p_script$p_pathinfo; fastcgi_param DOCUMENT_ROOT $p_doc_root; fastcgi_param PATH_INFO $p_pathinfo if_not_empty; #fastcgi_param PATH_TRANSLATED $p_doc_root$p_pathinfo; } } }