Configuraciones específicas de NGINX para varios CMSs/software
PHPMyadmin bajo NGINX
PHPMyadmin en NGINX con Fast-CGI
Creamos las reglas adecuadas para que los .php de /phpmyadmin/ se sirvan del document_root específico, y el "location" para que los ficheros e imágenes se sirvan de /usr/share/phpmyadmin:
# cat /etc/nginx/phpmyadmin.conf location ~ "^/phpmyadmin/.*\.php" { allow 127.0.0.1; # agregar mas IPs deny all; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/$fastcgi_script_name; include /etc/nginx/fastcgi_params; } location ~ ^/phpmyadmin($|/$|/.*$) { root /usr/share/; index index.php; }
# cat sites-enabled/default server { listen 80; server_name dominio.com; access_log /var/log/nginx/dominio.access.log; root /var/www/dominio/; index index.php index.html; include /etc/nginx/phpmyadmin.conf; # Scripts en PHP: location ~ "\.php$" { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } }
PHPMyadmin en NGINX con proxypass a Apache
Configuramos nginx para hacer ProxyPass de todo /phpmyadmin/. Además podemos aceptar las IPs origen concretas deseadas.
cat /etc/nginx/sites-enabled# cat 000-dominio.es server { listen 80; server_name www.dominio.es; access_log /var/log/nginx/www.dominio.es.access.log; error_log /var/log/nginx/www.dominio.es.error.log; root /var/www/dominio/; index index.php index.html; # Phpmyadmin include /etc/nginx/phpmyadmin.conf; # No dar acceso a ficheros ocultos (tampoco los ht access de Apache) location ~ /\. { deny all; access_log off; log_not_found off; } location ~* \.(jpg|jpeg|pjpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt| txt|tar|mid|midi|wav|bmp|rtf|swf|flv|mp4|js|css|htm|html|xml)$ { #expires 1d; try_files $uri $uri/ @backend; } location @backend { proxy_pass http://127.0.0.1:81; include /etc/nginx/proxy.conf; } location / { proxy_pass http://127.0.0.1:81; include /etc/nginx/proxy.conf; } }
Creamos el fichero /etc/nginx/phpmyadmin.conf:
# cat /etc/nginx/phpmyadmin.conf location ~ ^/phpmyadmin($|/$|/.*$) { root /usr/share/; index index.php; allow 127.0.0.1; deny all; proxy_pass http://127.0.0.1:81; include /etc/nginx/proxy.conf; }
Configuramos Apache:
# grep phpmyadmin /etc/apache2/sites-enabled/001-dominio Include /etc/apache2/conf.d/phpmyadmin.conf
# cat /etc/apache2/conf.d/phpmyadmin.conf # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php order deny,allow allow from 127.0.0.1 deny from all <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory>
Squirrelmail bajo NGINX
# cat /etc/nginx/sites-enabled/000-webmail server { listen 80; server_name correoweb.dominio.com webmail.dominio.com; access_log /var/log/nginx/webmail.dominio.com.access.log; error_log /var/log/nginx/webmail.dominio.com.error.log; root /usr/share/squirrelmail/; # Scripts en PHP: location ~ "\.php$" { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/squirrelmail/$fastcgi_script_name; include /etc/nginx/fastcgi_params; } location /attachments { deny all; } location /plugins/squirrelspell/modules { deny all; } location / { index index.php index.html; root /usr/share/squirrelmail/; } }
PostfixAdmin bajo NGINX
# cat /etc/nginx/sites-enabled/000-postfixadmin server { listen 80; server_name postfixadmin.dominio.com; access_log /var/log/nginx/postfixadmin.dominio.com.access.log; error_log /var/log/nginx/postfixadmin.dominio.com.error.log; root /usr/share/postfixadmin/; location / { allow 212.101.64.178; allow 212.101.64.4; deny all; index index.php; root /usr/share/postfixadmin/; } # Scripts en PHP: location ~ "\.php$" { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/postfixadmin/$fastcgi_script_name; include /etc/nginx/fastcgi_params; } }
EZPublish bajo NGINX
EZPublish con FastCGI
# cat /etc/nginx/sites-enabled/000-dominio.es.conf server { listen 80 default; server_name www.dominio.es; access_log /var/log/nginx/www.dominio.es.access.log; error_log /var/log/nginx/www.dominio.es.error.log; root /var/www/dominio.es/; index index.php; include /etc/nginx/phpmyadmin.conf; # Ejemplo para servir imagenes estaticas fuera de EZ; location ~* ^/Imagenes/(web1|web2)/.*$ { root /var/www/static/; break; } location / { # Reglas rewrite EZ Publish include /etc/nginx/rewrite_nginx.conf; } # Bloque de proxypass include /etc/nginx/proxypass-php.conf; }
# cat /etc/nginx/proxypass-php.conf # Scripts en PHP: location ~ "^/[^/]*\.php$" { set $script "index.php"; if ( $uri ~ "^/(.*\.php)" ) { set $script $1; } fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; }
# cat /etc/nginx/rewrite_nginx.conf # Lineas largas partidas para hacerlo legible: unirlas en config final. # Reglas proxypass EZPublish rewrite ^/content/treemenu/?$ /index_treemenu.php last; rewrite ^/openx/(.*) /openx/$1 break; rewrite ^/css/(.*) /css/$1 break; rewrite ^/images/(.*) /images/$1 break; rewrite ^/var/si-blocks/(.*) /var/si-blocks/$1 break; rewrite ^/var/storage/(.*) /var/storage/$1 break; rewrite ^/var/([^/]+)/storage/(.*) /var/$1/storage/$2 break; rewrite ^/var/cache/texttoimage/(.*) /var/cache/texttoimage/$1 break; rewrite "^/var/([^/]+)/cache/texttoimage/(.*)$" "/var/$1/cache/texttoimage/$2" break; rewrite ^/var/cache/ezhumancaptcha/(.*) /var/cache/ezhumancaptcha/$1 break; rewrite ^/var/([^/]+)/cache/(texttoimage|stylesheets|javascript|js|css)/(.*) /var/$1/cache/$2/$3 break; rewrite ^/var/([^/]+)/cache/ezhumancaptcha/(.*) /var/$1/cache/ezhumancaptcha/$2 break; rewrite ^/var/([^/]+)/cache/(stylesheets|public|js|css|image/javascripts?)/(.*) /var/$1/cache/$2/$3 break; rewrite "^/var/cache/debug.html(.*)$" "/var/cache/debug.html$1" break; rewrite "^/var/([^/]+)/cache/public/(.*)$" "/var/$1/cache/public/$2" break; rewrite "^/var/([^/]+)/cache/debug\.html(.*)$" "/var/$1/cache/debug.html$2" break; #rewrite "^/design/([^/]+)/(stylesheets|images|javascript)/(.*)$" "/design/$1/$2/$3" break; rewrite ^/design/([^/]+)/(stylesheets|swf|images|js|css|javascript)/(.*) /design/$1/$2/$3 break; rewrite ^/share/icons/(.*) /share/icons/$1 break; rewrite ^/packages/styles/(.+)/(stylesheets|images|javascript|js|css)/([^/]+)/(.*) /packages/styles/$1/$2/$3/$4 break; rewrite ^/extension/([^/]+)/design/([^/]+)/(.*) /extension/$1/design/$2/$3 break; rewrite ^/extension/([^/]+)/design/([^/]+)/(stylesheets|images|javascripts|javascript|flash?)/(.*)$ /extension/$1/design/$2/$3/$4 break; rewrite ^/packages/styles/(.+)/(stylesheets|images|javascript)/([^/]+)/(.*)$ /packages/styles/$1/$2/$3/$4 break; rewrite ^/packages/styles/(.+)/thumbnail/(.*) /packages/styles/$1/thumbnail/$2 break; rewrite ^/extension/ezvideoflv/design/standard/flash/player_flv_maxi.swf /extension/ezvideoflv/design/standard/flash/player_flv_maxi.swf break; rewrite ^/sitemap(.*)\.xml /sitemap$1.xml break; rewrite ^/sitemap(.*)\.xml\.gz /sitemap$1.xml.gz break; rewrite "^/crossdomain\.xml$" "/crossdomain.xml" break; rewrite ^/gss\.xsl /gss.xsl break; rewrite ^/favicon\.ico /favicon.ico break; rewrite ^/robots\.txt /robots.txt break; rewrite ^/google42dbeb008fcb9793\.html /google42dbeb008fcb9793.html break; rewrite ^/test\.shtml /test.shtml break; rewrite ^/footer\.shtml /footer.shtml break; rewrite ^/404\.html /404.html break; rewrite ^/phpmyadmin/(.*) /phpmyadmin/$1 break; # Imagenes estaticas (ver virtualhost) rewrite ^/Imagenes/(.*)/(.*) /Imagenes/$1/$2 break; # Todo lo demas, a index.php rewrite "^(.*)$" "/index.php?$1" last;
EZPublish con proxypass a Apache
Configuración de NGINX:
# cat /etc/nginx/sites-enabled/000-www.dominio.es-proxypass server { listen 80; server_name www.dominio.es; access_log /var/log/nginx/www.dominio.es.access.log; error_log /var/log/nginx/www.dominio.es.error.log; root /var/www/www.dominio.es/; index index.php index.html; error_page 403 404 503 = http://www.dominio.es/404.html; include /etc/nginx/phpmyadmin.conf; location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt| tar|mid|midi|wav|bmp|rtf|js|htm|html|swf|flv|xml|wml|xhtml)$ { root /var/www/www.dominio.es/; try_files $request_uri $request_uri/ @backend; } location @backend { proxy_pass http://127.0.0.1:81; include /etc/nginx/proxy.conf; } # Resto de la web que no sea contenido estatico o no exista: location / { proxy_pass http://127.0.0.1:81; include /etc/nginx/proxy.conf; } }
# cat /etc/nginx/proxy.conf # Standard proxy settings proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 90; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffer_size 16k; proxy_buffers 32 64k; proxy_busy_buffers_size 128k;
# cat /etc/nginx/phpmyadmin.conf location ~ ^/phpmyadmin($|/$|/.*$) { root /usr/share/; index index.php; allow 127.0.0.1; deny all; #auth_basic "Restricted"; #auth_basic_user_file /etc/nginx/htpasswd; proxy_pass http://127.0.0.1:81; include /etc/nginx/proxy.conf; }
Configuración de Apache (estándar de EZ):
# cat /etc/httpd/vhosts.d/000-www.dominio.es.conf <VirtualHost *:81> DocumentRoot "/var/www/www.dominio.es/" ServerName www.dominio.es ServerAlias dominio.es Include /etc/httpd/conf.d/awstats.conf Alias /stats /var/www/stats <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/x-javascript "access plus 1 month" ExpiresByType text/css "access plus 1 month" </IfModule> <Directory /var/www> Options -Indexes FollowSymLinks MultiViews +Includes AllowOverride None </Directory> <Files "stats.php"> AuthName "Estadisticas awstats" AuthType Basic AuthUserFile /etc/httpd/http_passwords require valid-user </Files> RewriteEngine On # URLs no de nginx Rewriterule ^/stats/.* - [L] Rewriterule ^/awstats/.* - [L] # Reglas EZ Publish Rewriterule ^/apc_info.php($|/$|/.*) - [L] Rewriterule ^/phpmyadmin($|/$|/.*) - [L] RewriteRule ^/sitemap(.*)\.xml - [L] RewriteRule ^/sitemap(.*)\.xml\.gz - [L] RewriteRule ^/gss\.xsl - [L] RewriteRule ^/awstats.* - [L] RewriteRule ^/cgi-bin/awstats.* - [L] Rewriterule ^/var/([^/]+/)?storage/images-versioned/.* /index_cluster.php [L] Rewriterule ^/var/([^/]+/)?storage/images/.* /index_cluster.php [L] Rewriterule ^/extension/ezvideoflv/design/standard/flash/player_flv_maxi.swf - [L] RewriteRule content/treemenu/?$ /index_treemenu.php [L] Rewriterule ^/openx/.* - [L] Rewriterule ^/stats\.php - [L] Rewriterule ^/css/.* - [L] Rewriterule ^/images/.* - [L] Rewriterule ^/var/si-blocks/.* - [L] Rewriterule ^/var/storage/.* - [L] Rewriterule ^/var/[^/]+/storage/.* - [L] RewriteRule ^/var/cache/texttoimage/.* - [L] RewriteRule ^/var/cache/ezhumancaptcha/.* - [L] RewriteRule ^/var/[^/]+/cache/(texttoimage|stylesheets|javascript|js|css)/.* - [L] RewriteRule ^/var/[^/]+/cache/ezhumancaptcha/.* - [L] RewriteRule ^/var/[^/]+/cache/(stylesheets|public|js|css|image/javascripts?)/.* - [L] Rewriterule ^/extension/ezvideoflv/design/standard/flash/player_flv_maxi.swf - [L] Rewriterule ^/design/[^/]+/(stylesheets|swf|images|js|css|javascript)/.* - [L] Rewriterule ^/share/icons/.* - [L] Rewriterule ^/packages/styles/.+/(stylesheets|images|javascript|js|css)/[^/]+/.* - [L] RewriteRule ^/extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L] Rewriterule ^/extension/[^/]+/design/[^/]+/.* - [L] RewriteRule ^/packages/styles/.+/thumbnail/.* - [L] RewriteRule ^/favicon\.ico - [L] RewriteRule ^/robots\.txt - [L] RewriteRule ^/test\.shtml - [L] RewriteRule ^/footer\.shtml - [L] RewriteRule ^/404\.html - [L] # Uncomment the following lines when using popup style debug. # RewriteRule ^/var/cache/debug\.html.* - [L] # RewriteRule ^/var/[^/]+/cache/debug\.html.* - [L] RewriteRule .* /index.php # Linea larga partida: unir. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" proxy:%h" proxy SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" client-ip-request CustomLog /var/log/httpd/www.dominio.es-access.log combined env=!client-ip-request CustomLog /var/log/httpd/www.dominio.es-access.log proxy env=client-ip-request ErrorLog /var/log/httpd/www.dominio.es-error.log </VirtualHost>
Wordpress bajo NGINX
Wordpress con FastCGI
# cat /etc/nginx/sites-enabled/000-web.conf server { listen 80; server_name www.dominio.es; access_log /var/log/nginx/www.dominio.es.access.log; error_log /var/log/nginx/www.dominio.es.error.log; root /var/www/www.dominio.es; index index.php; include /etc/nginx/wordpress/restrictions.conf; include /etc/nginx/wordpress/wordpress-ms-subdir.conf; }
Configuraciones específicas Wordpress:
# cat /etc/nginx/wordpress/restrictions.conf # Global restrictions configuration file. # Designed to be included in any server {} block.</p> location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Deny all attempts to access hidden files: location ~ /\. { deny all; access_log off; log_not_found off; }
# cat /etc/nginx/wordpress/wordpress-ms-subdir.conf # WordPress multisite subdirectory rules. # Designed to be included in any server {} block. # This order might seem weird - this is attempted to match # last if rules below fail. # http://wiki.nginx.org/HttpCoreModule location / { try_files $uri $uri/ /index.php?$args; } # Add trailing slash to */wp-admin requests. rewrite /wp-admin$ $scheme://$host$uri/ permanent; # Directives to send expires headers and turn off 404 error logging. location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires 24h; log_not_found off; } # Pass uploaded files to wp-includes/ms-files.php. rewrite /files/$ /index.php last; # For multisite: Use a caching plugin/script that creates symlinks # to the correct subdirectory structure to get some performance gains. set $cachetest "$document_root/wp-content/cache/ms-filemap/${host}${uri}"; if ($uri ~ /$) { set $cachetest ""; } if (-f $cachetest) { # Rewrites the URI and stops rewrite processing so it # doesn't start over and attempt to pass it to the next rule. rewrite ^ /wp-content/cache/ms-filemap/${host}${uri} break; } if ($uri !~ wp-content/plugins) { rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last; } # Uncomment one of the lines below for the appropriate caching plugin (if used). # include global/wordpress-ms-subdir-wp-super-cache.conf; # include global/wordpress-ms-subdir-w3-total-cache.conf; # Rewrite multisite '.../wp-.*' and '.../*.php'. if (!-e $request_filename) { rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last; rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last; } # Pass all .php files onto a php-fpm/php-fcgi server. location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_intercept_errors on; fastcgi_pass 127.0.0.1:9000; }