From 568ee87397597016ec54c0329e4a281d6f7b3f1b Mon Sep 17 00:00:00 2001 From: Arno Kaimbacher Date: Tue, 14 Jul 2020 13:19:26 +0200 Subject: [PATCH] - correct nginx configuration --- Home.md | 146 +++++++++++++++++++++++++++++++--- installs/PHP.md | 37 --------- installs/PostgreSqlUbuntu.md | 4 +- installs/SystemToolsUbuntu.md | 17 ++-- 4 files changed, 149 insertions(+), 55 deletions(-) delete mode 100644 installs/PHP.md diff --git a/Home.md b/Home.md index 393ae46..b767065 100644 --- a/Home.md +++ b/Home.md @@ -10,7 +10,7 @@ These instructions will get you a copy of the project up and running on your loc * [System Tools Installation (Ubuntu)](SystemToolsUbuntu) -### Step 2. install PostgreSQL database: +### Step 2. install PostgreSQL database * [PostgreSQL Installation an database creation (Ubuntu)](PostgreSqlUbuntu) @@ -18,39 +18,56 @@ These instructions will get you a copy of the project up and running on your loc * [Solr on Ubuntu](SolrUbuntu) -### Step 4. Download and Install Tethys: +### Step 4. Download and Install Tethys Please check the official laravel installation guide for server requirements before you start. [Official Documentation](https://laravel.com/docs/6.x/installation#installation) Create web folder:\ `sudo mkdir -p /var/www/tethys-app/` +`sudo chown -R administrator:administrator /var/www/tethys-app/` + Clone the repository to your web folder:\ -`git clone git@github.com:geolba/tethys.git /var/www/tethys-app/` +`git clone https://github.com/geolba/tethys.git /var/www/tethys-app/` Switch to the repo folder:\ `cd /var/www/tethys-app/` Install all the dependencies using composer - composer install --optimize-autoloader --no-dev +`composer install --optimize-autoloader --no-dev` Copy the example env file and make the required configuration changes in the .env file - cp .env.example .env +`cp .env.example .env` -Generate a new application key +Configure your database connection in .env-file e.g.: +`nano .env` - php artisan key:generate +```ini +DB_CONNECTION=pgsql +DB_HOST=localhost +DB_PORT=5432 +DB_DATABASE=tethys +DB_USERNAME=tethys_admin +DB_PASSWORD=new_password_here +DB_SCHEMA=gba +``` + +Save and close the file and generate a new application key + +`php artisan key:generate` Run the database migrations (**Set the database connection in .env before migrating**) - php artisan migrate +`php artisan migrate` Grant folder permissions for webserver user - sudo chgrp -R www-data storage bootstrap/cache - sudo chmod -R ug+rwx storage bootstrap/cache +```ini +sudo chgrp -R www-data storage bootstrap/cache +sudo chmod -R ug+rwx storage bootstrap/cache +``` ## Local Development @@ -60,3 +77,112 @@ To run: `php artisan serve` This will start the server on from the current working directory. + +stop the service: +`Strg + C` + +## Nginx Configuration + +sudo nano /etc/nginx/sites-available/tethys-app + +**http-only configuration:** + +```nginx +server { + listen 80; + listen [::]:80; + server_name localhost; + root /var/www/tethys-app/public/; + client_max_body_size 100M; + + index index.html index.htm index.php; + charset utf-8; + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + location / { + index index.php; + try_files $uri $uri/ /index.php?$query_string; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + error_page 404 /index.php; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + include fastcgi.conf; + } + + location ~ /\.(?!well-known).* { deny all;} +} +``` + +**alternate https and http configuration:** + +```nginx +server { + listen [::]:443 ssl http2; + listen 443 ssl http2; + server_name localhost; + root /var/www/repository.geologie.ac.at/public/; + client_max_body_size 100M; + + index index.html index.htm index.php; + charset utf-8; + + # path to https-certificate + ssl_certificate /etc/ssl/your_domain.pem; + ssl_certificate_key /etc/ssl/your_domain.key; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + location / { + index index.php; + try_files $uri $uri/ /index.php?$query_string; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + error_page 404 /index.php; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + include fastcgi.conf; + } + + location ~ /\.(?!well-known).* { deny all;} +} + +server { + if ($host = repository.geologie.ac.at) { + return 301 https://$host$request_uri; + } + listen 80; + listen [::]:80; + server_name localhost; + return 404; +} +``` + +symlinking the created site to enabled folder:\ +`sudo ln -s /etc/nginx/sites-available/tethys-app /etc/nginx/sites-enabled/` + +test nginx configuration:\ +`sudo nginx -t` + +if everything is successful, reload updated nginx configuration:\ +`sudo service nginx reload` + +The website is available at the following link: diff --git a/installs/PHP.md b/installs/PHP.md deleted file mode 100644 index ffe6709..0000000 --- a/installs/PHP.md +++ /dev/null @@ -1,37 +0,0 @@ -# PHP - -**Import the ondrej/php repository by running the following command:**\ -`sudo add-apt-repository ppa:ondrej/php` - -**install php libraries:**\ -`sudo apt install php7.4-cli php7.4-common php7.4-fpm php7.4-curl php7.4-gd php7.4-json php7.4-mbstring php7.4-opcache php7.4-readline php7.4-xml php7.4-xsl php7.4-pgsql` - -**response**\ -The following additional packages will be installed:\ - libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libonig5 libpq5 libtiff5 libwebp6 php-common\ -Suggested packages:\ - libgd-tools php-pear\ -The following NEW packages will be installed:\ - libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libonig5 libpq5 libtiff5 libwebp6 php-common php7.4-cli php7.4-common - php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mbstring php7.4-opcache php7.4-pgsql php7.4-readline php7.4-xml php7.4-xsl\ -0 upgraded, 21 newly installed, 0 to remove and 0 not upgraded. - -**php settings for nginx:** - -+ Open configuration file:\ -`sudo nano /etc/php/7.4/fpm/php.ini` -+ Update the configuration file with these and save… - -```bash -file_uploads = On -allow_url_fopen = On -memory_limit = 128M //= default -cgi.fix_pathinfo = 0 //default = 1 -upload_max_filesize = 100M //default = 2M -post_max_size = 100M //default = 8M -date.timezone = Europe/Vienna -``` - -Everytime you make changes to PHP configuration file, you should also restart nginx web server and PHP script… To do so, run the commands below:\ -`sudo systemctl restart nginx.service`\ -`sudo systemctl restart php7.4-fpm.service` diff --git a/installs/PostgreSqlUbuntu.md b/installs/PostgreSqlUbuntu.md index 5aabb11..32dd197 100644 --- a/installs/PostgreSqlUbuntu.md +++ b/installs/PostgreSqlUbuntu.md @@ -70,10 +70,10 @@ host all all 127.0.0.1/32 md5 host all all 192.168.101.1/24 md5 # ip of your webserver -host all all xxx.xxx.xxx.xxx/24 md5 +host all all xxx.xxx.xxx.xxx/32 md5 ``` -## App setup +## App database setup let’s connect as the superuser “postgres” to make the changes:\ `sudo su -l postgres` diff --git a/installs/SystemToolsUbuntu.md b/installs/SystemToolsUbuntu.md index 1f5af34..e7df534 100644 --- a/installs/SystemToolsUbuntu.md +++ b/installs/SystemToolsUbuntu.md @@ -11,9 +11,9 @@ git config --global user.email john.doe@example.com git config --list --show-origin ``` -**other useful tools:** +**other useful tools: unzip is needed vor composer tool:** -`sudo apt install curl, unzip` +`sudo apt install curl unzip nano` ## Installation Nginx WebServer @@ -56,11 +56,13 @@ The following NEW packages will be installed:\ After installing PHP 7.4, run the commands below to open PHP default config file for Nginx... +**php settings for nginx:** + + Open configuration file:\ `sudo nano /etc/php/7.4/fpm/php.ini` -+ Then make the changes on the following lines below in the file and save. The value below are great settings to apply in your environments. ++ Update the configuration file with these and save… -```ini +```bash file_uploads = On allow_url_fopen = On memory_limit = 128M //= default @@ -70,9 +72,12 @@ post_max_size = 100M //default = 8M date.timezone = Europe/Vienna ``` +save the file and start process manager for php:\ +`sudo service php7.4-fpm start` + Everytime you make changes to PHP configuration file, you should also restart nginx web server and PHP script… To do so, run the commands below:\ -`sudo systemctl restart nginx.service`\ -`sudo systemctl restart php7.4-fpm.service` +`sudo service nginx reload`\ +`sudo service php7.4-fpm restart` ## Installation Composer