Comments (13)
due to the way the config seems to work, I don't think this is something we'll be able to do through the installer
You are correct, NGINX configuration files are stored separately, way out of web apps reach.
from leafpub.
I setup nginx and a postleaf.dev
site to try running it locally on OSX using port 6500 (have other stuff bound to 80). This is what's working for me:
server {
listen *:6500;
server_name postleaf.dev;
access_log /path/to/postleaf.dev.access.log;
error_log /path/to/postleaf.dev.error.log;
location / {
root /path/to/postleaf/app;
try_files $uri $uri/ /index.php?$args;
index index.php;
}
location ~ /(backups) {
deny all;
return 404;
}
location ~ \.php$ {
root /path/to/postleaf/app;
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
The last screenshot is 404 to demonstrate that the backup file is not directly accessible.
from leafpub.
Very Interesting Feature / upgrade.
from leafpub.
EDIT:
...on second thoughts, it might not be working so well after all - the blog posts aren't displaying properly and there's a few login errors, but it does display and might help people to get started.
Thanks to Cory for this SO link which helped me get it working:
Config file (note that I'm completely terrible at this, so the file might be a bombsite; tips for improvement appreciated).
server {
listen 80;
server_name myserver
return 301 https://$host$request_uri;
#defaults to https because what is wrong with you?
}
server {
listen 443 ssl;
server_name myserver;
#ssl
ssl_certificate /home/user/.ssh/server.crt;
ssl_certificate_key /home/user/.ssh/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-S$
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/conf.d/dhparams.pem;
add_header Strict-Transport-Security max-age=31536000;
#proxy config
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
#end ssl/proxy stuff
access_log /var/log/nginx/postleaf.access.log;
error_log /var/log/nginx/postleaf.error.log;
root /var/www/postleaf/;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:8005;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
try_files = $uri @missing;
fastcgi_index index.php;
}
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php$args;
}
location ~ /\.ht {
deny all;
}
location @missing {
rewrite ^ $scheme://$host/index.php permanent;
}
}
from leafpub.
@trentyarwood You have way too much code in your snippet. You should only focus on the essentials, and let others build on top of it, with, for example, SSL support.
@claviska Is this the only code that needs to be translated to nginx syntax?
# Rewrites
RewriteEngine On
# Forbid access to these folders
RewriteRule ^backups/ - [F]
# Route requests through index
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]
from leafpub.
Yep, Postleaf uses Slim so everything that doesn't exist needs to be routed through index.php
. We can probably use this config as a baseline to support Nginx.
from leafpub.
I have it working with the following config and php5-fpm. Won't work with hhvm though :-(
updated: previous config wouldn't work with the installer
updated: previous config didn't pass query parameters
server {
listen 80;
server_name postleaf.mydomain.com;
access_log /var/log/nginx/postleaf.access.log;
error_log /var/log/nginx/postleaf.error.log error;
return 301 https://$host$request_uri;
}
server {
listen 443;
ssl on;
server_name postleaf.mydomain.com;
access_log /var/log/nginx/postleaf.access.log;
error_log /var/log/nginx/postleaf.error.log error;
root /opt/postleaf/;
client_max_body_size 100M;
fastcgi_buffers 64 4K;
gzip off;
index index.php;
try_files $uri /index.php?$query_string;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location ~ ^/backups/ {
return 403;
}
location /source/installer {
}
location ~ ^(/index\.php|/source/installer/.*\.php)$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
}
from leafpub.
I lie. It almost works. When you click on a post it goes to Postleaf's 404. Which seems to suggest it's a Postleaf issue rather than nginx.
192.168.0.1 - - [01/Aug/2016:15:15:34 +1000] "GET /welcome-to-postleaf HTTP/1.1" 404 4159 "https://postleaf.mydomain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
So judging by the access log, nginx has correctly redirected to index.php and Postleaf is returning the 404.
from leafpub.
That path is routed through Slim, so it's more likely that this is an Nginx config issue than a Postleaf issue. I'll work on Nginx support soon. Still open to sample configs if someone has a working one.
from leafpub.
Ok, it just works now. Wonder if it's some sort of weird date/time thing... After installing I changed the timezone to Australia.
from leafpub.
I'm not an Nginx guru, so correct me if I'm wrong, but due to the way the config seems to work, I don't think this is something we'll be able to do through the installer. It's going to require some preconfig. We may just need to document a general config and have the user update it manually before installing.
The good news is you only have to configure a couple things:
- All requests made to a file or directory that doesn't exist need to go to
index.php
- Everything inside the backups folder should be restricted
The bad news is we can't reliably detect the server software that's running, so this will have to be an option in the installer. 🤔
from leafpub.
If someone could also help out with a Caddy rewrite code would be awesome. I tried to see if I could figure it out myself but unfortunately wasn't able to.
Reference: https://caddyserver.com/docs/rewrite
from leafpub.
Looks like we have a good sample config. Closing since there's nothing we can preconfigure with the installer.
Tutorial here: https://www.postleaf.org/running-postleaf-on-nginx
Thanks @calmdev!
from leafpub.
Related Issues (20)
- Slug for non english characters HOT 3
- Error 500 after update from 1.1.7 to 1.1.8 HOT 4
- Make languages installable
- Caption box on images prevents centre justify HOT 4
- Add external images to content HOT 1
- Donations via liberapay HOT 1
- User with Editor role can't edit draft posts created by Author role HOT 6
- Issue in 'Leafpub' installation (Version 1.1.9) while using Mysqli adapter HOT 7
- Noob question/issue - Login with https/ssl error HOT 10
- Stored Cross-site Scripting (XSS) HOT 3
- 1.20 b5/b6 - Link button kaput HOT 4
- Font Awesome Pro SVG Engine HOT 2
- Requesting Content over SSL behind Proxy HOT 4
- Docker HOT 1
- Header images not showing up when using the Range theme HOT 1
- Wrong link in the readme
- Website & documentation HOT 4
- Can't install Leafpub on /Public_html HOT 1
- Is project dead? HOT 1
- Leafpub looks terrific but new posts not displaying consistently HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from leafpub.