====== Nginx ====== Nginx here is used as a webserver for serving static (html, jpg) and dynamic content (php). > FIXME > Windows part is untested - remove or add information? > ADD Content for PHP/PHP-FPM > Recipe needs some testing, optimization and documentation > Compare recipe to [[https://web.archive.org/web/20240214213649/https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|nginx.com/.../dokuwiki]] > * URL rewriting for mode ".htaccess" > * X-Accel handling - further research > WIP - feel free to change ===== Basic knowledge ===== How to install Nginx and where to find configuration files. ==== Nginx ==== # Installation of Nginx $ apk add nginx # Alpine Linux $ sudo apt-get install nginx # Debian / Ubuntu **Configuration**\\ In most Linux distributions the base configuration takes place in the file ''/etc/nginx/nginx.conf'', but the further configuration is located in subdirectories. So **we focus on putting the "recipe" - configuration file in a subdirectory** under ''./http.d/'' (Alpine Linux) or ''./sites-enabled/'' (Ubuntu, Debian). The configuration file should be named like ''filename.conf''. # Create / edit configuration file # Alpine Linux nano /etc/nginx/http.d/dokuwiki.conf vi /etc/nginx/http.d/dokuwiki.conf # [ESC] :q # Debian / Ubuntu nano /etc/nginx/sites-available/dokuwiki.conf ln -s /etc/nginx/sites-available/dokuwiki.conf /etc/nginx/sites-enabled/ If we change the configuration, it is necessary to reload it or to restart the nginx - server. # Reload configuration systemctl reload nginx # systemd (Debian, Ubuntu) service nginx reload # some other (Alpine Linux) lbu commit # Alpine Linux specific ==== PHP-FPM ==== PHP-FPM needs to be installed to run dokuwiki. It might be a good idea to [[:install:php|install and configure]] it first. Nginx uses php-fpm to serve dynamic content. * TODO Explanation fo difference between (F)CGI and FPM. * No need to explain how to set up FPM ==== Distribution specifics ==== **Windows** \\ If dokuwiki is extracted to the directory ''E:\www\dokuwiki'' the root directive in the server part of the nginx-configuration has to be ''root E:\www\dokuwiki;''. # Start PHP FastCGI RunHiddenConsole.exe E:\appl\php-5.2.9-2-Win32\php-cgi.exe -b 127.0.0.1:9000 # Start NginX cd /d D:\nginx-0.8.39 && start nginx.exe ==== Troubleshooting ==== * If you encounter a 502 Gateway issue, the socket configuration might be incorrect * Reload or restart Nginx to apply the new configuration * On the initial setup you won't be able to start unless you comment the deny to the "install.php" file. ===== Recipe / Example ===== This is an example with a full configuration for Dokuwiki under Nginx. You can simply copy paste and change the parts to your liking. :!: On the initial setup you won't be able to start unless you comment the deny to the "install.php" file. # Example Nginx - configuration file for Dokuwiki from # https://www.dokuwiki.org/install:nginx # PHP Handler upstream php-handler { server unix:/run/php-fpm82/fastcgi.sock; # Alpine Linux (socket) # server unix:/var/run/php/php-fpm.sock; # Debian/Ubuntu (socket) # server unix:/var/run/php/php8.1-fpm.sock; # Debian/Ubuntu (socket) (PHP-specific) # server 127.0.0.1:9000; # Distro independent } # Redirect SSL/443 (optional - recommended) #server { # server_name default_server; # listen 80; # IPv4 # listen [::]:80; # IPv6 # return 301 https://$server_name$request_uri; #} # Actual configuration server { # BASICS ######### ######### ######### ######### ######### ######### ####### ### server_name default_server; # optional: your domain name root /var/www/dokuwiki; index doku.php; # NoSSL version (not recommended) listen 80; # IPv4 listen [::]:80; # IPv6 # SSL version (recommended) # listen 443 ssl; # IPv4 # listen [::]:443 ssl; # IPv6 # http2 on; # if supported, optional # ssl_certificate /etc/ssl/certs/***.crt; # ssl_certificate_key /etc/ssl/private/***.key; # Optional - further research recommended # ssl_seesion_timeout 5m; # ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; # ssl_dhparam /etc/ssl/private/dhparam2048.pem; # openssl dhparam -outform pem -out /etc/nginx/ssl/dhparam2048.pem 2048 # HEADERS ######### ######### ######### ######### ######### ######### ########## # Information "leaks" server_tokens off; fastcgi_hide_header X-Powered_by; # TWEAKS ######### ######### ######### ######### ######### ######### ####### ## client_max_body_size 4M; # Maximum file upload size client_body_buffer_size 128k; location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg|svg)$ { expires 365d; # browser caching } # RESTRICT ACCESS ######### ######### ######### ######### ######### ######### ## # Reference: https://www.dokuwiki.org/security#deny_directory_access_in_nginx # TODO: Compare with this # Comment out while installing, then uncomment location ~ /(install.php) { deny all; } # .ht - .htaccess, .htpasswd, .htdigest, .htanything # .git, .hg, .svn - Git, Mercurial, Subversion. # .vs - Visual Studio (Code) # All directories except lib. # All "other" files that you don't want to delete, but don't want public. location ~ /(\.ht|\.git|\.hg|\.svn|\.vs|data|conf|bin|inc|vendor|README|VERSION|SECURITY.md|COPYING|composer.json|composer.lock) { #return 404; # https://www.dokuwiki.org/install:nginx?rev=1734102057#nginx_particulars deny all; # Returns 403 } ###################### # (2024-08): Is this actually a default feature or does # this belong in a seperate section? Disable by default? # Support for X-Accel-Redirect location ~ ^/data/ { internal; } ######################## # REDIRECT & PHP ### ######### ######### ######### ######### ######### ######### location / { try_files $uri $uri/ @dokuwiki; # This means; where $uri is 'path', if 'GET /path' doesnt exist, redirect # client to 'GET /path/' directory. If neither, goto @dokuwiki rules. } location @dokuwiki { rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; # rewrite ^/tag/(.*) /doku.php?id=tag:$1&do=showtag&tag=tag:$1 last; #untested rewrite ^/(.*) /doku.php?id=$1&$args last; # rewrites "doku.php/" out of the URLs if you set the userewrite # setting to .htaccess in dokuwiki config page } location ~ \.php$ { try_files $uri $uri/ /doku.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REDIRECT_STATUS 200; # fastcgi_param HTTPS on; # optional ?! TODO fastcgi_pass php-handler; } } # Credits # https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/ # https://wiki.boetes.org/dokuwiki_on_nginx # http://blog.slucas.fr/blog/nginx-gzip-css-js