nginx « BrakertechBrakertech

nginx code igniter remove index.php prefix

posted this in nginx, Redhat Centos, Server Setup, Ubuntu on January 30th, 2013

Objective

Remove the index.php prefix from your nginx code igniter instance.

Assumptions In your main nginx conf file you define how php is called (unix socket or ip:port) You will replace foo.example.com with whatever your domain name is The proper logging path will be defined per your system as opposed to the location i have . . . → Read More: nginx code igniter remove index.php prefix

nginx redirect single url

posted this in nginx on October 31st, 2012

Objective

Using nginx redirect single url

Example

ORIGINAL URL:

http://example.com/foo

1	http://example.com/foo

REDIRECT TO:

http://example.com/bar

1	http://example.com/bar

nginx basic php location block example

location / {
	try_files $uri $uri/ @mylocation;
}

location @mylocation {
        rewrite ^/foo(.*)$ /bar/ redirect;
        rewrite ^.*$ /index.php last;
}

location / {

try_files $uri $uri/ @mylocation;

}

location @mylocation {

rewrite ^/foo(.*)$ /bar/ redirect;

rewrite ^.*$ /index.php last;

}

nginx wordpress example

location / {
	try_files $uri $uri/ @wordpress;
    }

    location @wordpress {
        rewrite ^/foo(.*)$ /bar/ redirect;
        rewrite ^/([_0-9a-zA-Z-]+/)?files/(.+) /wp-includes/ms-files.php?file=$2 last;
        rewrite ^/([_0-9a-zA-Z-]+/)?wp-admin$ /$1wp-admin/ permanent;
        rewrite ^/[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) /$1 last;
        rewrite ^/[_0-9a-zA-Z-]+/(.*\.php)?$ /$1 last;
        rewrite .* /index.php last;
    }

location / {

try_files $uri $uri/ @wordpress;

}

location @wordpress {

rewrite ^/foo(.*)$ /bar/ redirect;

rewrite ^/([_0-9a-zA-Z-]+/)?files/(.+) /wp-includes/ms-files.php?file=$2 last;

rewrite ^/([_0-9a-zA-Z-]+/)?wp-admin$ /$1wp-admin/ permanent;

rewrite ^/[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) /$1 last;

rewrite ^/[_0-9a-zA-Z-]+/(.*\.php)?$ /$1 last;

rewrite .* /index.php last;

}

linux remove blank lines from file

posted this in Linux, nginx, Redhat Centos on September 13th, 2012

To remove blank lines from a file on a unix or linux computer try this:

# grep -v "^$" filename > newfilename

1	# grep -v "^$" filename > newfilename

nginx logrotate script

posted this in nginx on July 13th, 2012

nginx logrotate script

Create a new file at /etc/logrotate.d/nginx with contents:

/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat
/var/run/nginx.pid`
        endscript
}

/var/log/nginx/*.log {

daily

missingok

rotate 52

compress

delaycompress

notifempty

create 640 root adm

sharedscripts

postrotate

[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat

/var/run/nginx.pid`

endscript

}

Run Logrotate

# /etc/cron.daily/logrotate

1	# /etc/cron.daily/logrotate

nginx ssl pfx

posted this in nginx on July 11th, 2012

This article will explain what to do with nginx ssl pfx.

First get the pfx file to your server. In this example we will be using a directory called “ssl” off of the nginx root (where nginx.conf is located).

From within the ssl folder, export the certificate:

openssl pkcs12 -in star.yourdomain.com.pfx -nokeys -out star.yourdomain.com.pem

1	openssl pkcs12 -in star.yourdomain.com.pfx -nokeys -out star.yourdomain.com.pem

Export the private key:

openssl pkcs12 -in star.yourdomain.com.pfx -out star.yourdomain.com.key -nocerts -nodes

1	openssl pkcs12 -in star.yourdomain.com.pfx -out star.yourdomain.com.key -nocerts -nodes

in the . . . → Read More: nginx ssl pfx

Install PHP APC with Nginx on Centos 6.2

posted this in Linux, nginx, Redhat Centos on July 5th, 2012

Install PHP APC with Nginx on Centos 6.2

Install latest apc:

# pecl install apc-3.1.10

1	# pecl install apc-3.1.10

Move your old apc.ini to a safe location:

# mv /etc/php.d/apc.ini /etc/php.d/apc.ini.old

1	# mv /etc/php.d/apc.ini /etc/php.d/apc.ini.old

Create a new /etc/php.d/apc.ini (content below):

; Enable apc extension module
extension = apc.so

; Options for the APC module version >= 3.1.3
; See http://www.php.net/m...nfiguration.php

; This can be set to 0 to disable APC.
apc.enabled=1
; The number of shared memory segments to allocate for the compiler cache.
apc.shm_segments=1
; The size of each shared memory segment, with M/G suffixe
apc.shm_size=256M
; A "hint" about the number of distinct source files that will be included or
; requested on your web server. Set to zero or omit if you're not sure;
apc.num_files_hint=1024
; Just like num_files_hint, a "hint" about the number of distinct user cache
; variables to store.  Set to zero or omit if you're not sure;
apc.user_entries_hint=4096
; The number of seconds a cache entry is allowed to idle in a slot in case this
; cache entry slot is needed by another entry.
apc.ttl=7200
; use the SAPI request start time for TTL
apc.use_request_time=1
; The number of seconds a user cache entry is allowed to idle in a slot in case
; this cache entry slot is needed by another entry.
apc.user_ttl=7200
; The number of seconds that a cache entry may remain on the garbage-collection list.
apc.gc_ttl=3600
; On by default, but can be set to off and used in conjunction with positive
; apc.filters so that files are only cached if matched by a positive filter.
apc.cache_by_default=1
; A comma-separated list of POSIX extended regular expressions.
apc.filters
; The mktemp-style file_mask to pass to the mmap module
apc.mmap_file_mask=/tmp/apc.XXXXXX
; This file_update_protection setting puts a delay on caching brand new files.
apc.file_update_protection=2
; Setting this enables APC for the CLI version of PHP (Mostly for testing and debugging).
apc.enable_cli=0
; Prevents large files from being cached
apc.max_file_size=1M
; Whether to stat the main script file and the fullpath includes.
apc.stat=1
; Vertification with ctime will avoid problems caused by programs such as svn or rsync by making
; sure inodes havn't changed since the last stat. APC will normally only check mtime.
apc.stat_ctime=0
; Whether to canonicalize paths in stat=0 mode or fall back to stat behaviour
apc.canonicalize=0
; With write_lock enabled, only one process at a time will try to compile an
; uncached script while the other processes will run uncached
apc.write_lock=1
; Logs any scripts that were automatically excluded from being cached due to early/late binding issues.
apc.report_autofilter=0
; RFC1867 File Upload Progress hook handler
apc.rfc1867=0
apc.rfc1867_prefix =upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
; Optimize include_once and require_once calls and avoid the expensive system calls used.
apc.include_once_override=0
apc.lazy_classes=0
apc.lazy_functions=0
; Enables APC handling of signals, such as SIGSEGV, that write core files when signaled.
; APC will attempt to unmap the shared memory segment in order to exclude it from the core file
apc.coredump_unmap=0
; Records a md5 hash of files.
apc.file_md5=0
; not documented
apc.preload_path

; Enable apc extension module

extension = apc.so

; Options for the APC module version >= 3.1.3

; See http://www.php.net/m...nfiguration.php

; This can be set to 0 to disable APC.

apc.enabled=1

; The number of shared memory segments to allocate for the compiler cache.

apc.shm_segments=1

; The size of each shared memory segment, with M/G suffixe

apc.shm_size=256M

; A "hint" about the number of distinct source files that will be included or

; requested on your web server. Set to zero or omit if you're not sure;

apc.num_files_hint=1024

; Just like num_files_hint, a "hint" about the number of distinct user cache

; variables to store. Set to zero or omit if you're not sure;

apc.user_entries_hint=4096

; The number of seconds a cache entry is allowed to idle in a slot in case this

; cache entry slot is needed by another entry.

apc.ttl=7200

; use the SAPI request start time for TTL

apc.use_request_time=1

; The number of seconds a user cache entry is allowed to idle in a slot in case

; this cache entry slot is needed by another entry.

apc.user_ttl=7200

; The number of seconds that a cache entry may remain on the garbage-collection list.

apc.gc_ttl=3600

; On by default, but can be set to off and used in conjunction with positive

; apc.filters so that files are only cached if matched by a positive filter.

apc.cache_by_default=1

; A comma-separated list of POSIX extended regular expressions.

apc.filters

; The mktemp-style file_mask to pass to the mmap module

apc.mmap_file_mask=/tmp/apc.XXXXXX

; This file_update_protection setting puts a delay on caching brand new files.

apc.file_update_protection=2

; Setting this enables APC for the CLI version of PHP (Mostly for testing and debugging).

apc.enable_cli=0

; Prevents large files from being cached

apc.max_file_size=1M

; Whether to stat the main script file and the fullpath includes.

apc.stat=1

; Vertification with ctime will avoid problems caused by programs such as svn or rsync by making

; sure inodes havn't changed since the last stat. APC will normally only check mtime.

apc.stat_ctime=0

; Whether to canonicalize paths in stat=0 mode or fall back to stat behaviour

apc.canonicalize=0

; With write_lock enabled, only one process at a time will try to compile an

; uncached script while the other processes will run uncached

apc.write_lock=1

; Logs any scripts that were automatically excluded from being cached due to early/late binding issues.

apc.report_autofilter=0

; RFC1867 File Upload Progress hook handler

apc.rfc1867=0

apc.rfc1867_prefix =upload_

apc.rfc1867_name=APC_UPLOAD_PROGRESS

apc.rfc1867_freq=0

apc.rfc1867_ttl=3600

; Optimize include_once and require_once calls and avoid the expensive system calls used.

apc.include_once_override=0

apc.lazy_classes=0

apc.lazy_functions=0

; Enables APC handling of signals, such as SIGSEGV, that write core files when signaled.

; APC will attempt to unmap the shared memory segment in order to exclude it from the core file

apc.coredump_unmap=0

; Records a md5 hash of files.

apc.file_md5=0

; not documented

apc.preload_path

Copy the apc.php to your domains root directory to see it in action

# cp /usr/share/doc/php-pecl-apc-3.1.10/apc.php /your domain root path/

1	# cp /usr/share/doc/php-pecl-apc-3.1.10/apc.php /your domain root path/

If you are running Xcache which comes shipped with Centos 6.2 you will . . . → Read More: Install PHP APC with Nginx on Centos 6.2

nginx secure /user drupal

posted this in Linux, nginx, O/S on July 2nd, 2012

If you are not serving drupal out of a subdirectory use this config example:

location / {
                # This is cool because no php is touched for static content
                try_files $uri @rewrite;
        }

 location @rewrite {
                 Some modules enforce no slash (/) at the end of the URL
                 Else this rewrite block wouldn't be needed (GlobalRedirect)
                 rewrite ^/(.*)$ /index.php?q=$1;
        }
        location /user {
                 allow 127.0.0.1;
                 allow 10.0.0.0/8;
                 allow 172.16.0.0/12;
                 allow 192.168.0.0/16;
                 deny all;
                 try_files $uri @rewrite;

         }
        location /User {
                 allow 127.0.0.1;
                 allow 10.0.0.0/8;
                 allow 172.16.0.0/12;
                 allow 192.168.0.0/16;
                 deny all;
                 try_files $uri @rewrite;

         }

location / {

# This is cool because no php is touched for static content

try_files $uri @rewrite;

}

location @rewrite {

Some modules enforce no slash (/) at the end of the URL

Else this rewrite block wouldn't be needed (GlobalRedirect)

rewrite ^/(.*)$ /index.php?q=$1;

}

location /user {

allow 127.0.0.1;

allow 10.0.0.0/8;

allow 172.16.0.0/12;

allow 192.168.0.0/16;

deny all;

try_files $uri @rewrite;

}

location /User {

allow 127.0.0.1;

allow 10.0.0.0/8;

allow 172.16.0.0/12;

allow 192.168.0.0/16;

deny all;

try_files $uri @rewrite;

}

If you are serving drupal out of a subdirectory /some_subdir and want to block access to the /user URI based on ip

     location / {
                # This is cool because no php is touched for static content
                try_files $uri @rewrite;
        }

        location @rewrite {
                # Drupal in a subdirectory
                rewrite ^/([^/]*)/(.*)(/?)$ /$1/index.php?q=$2&amp;$args;
        }
        location /some_subdir/user {
                 allow 127.0.0.1;
                 allow 10.0.0.0/8;
                 allow 172.16.0.0/12;
                 allow 192.168.0.0/16;
                 deny all;
                 try_files $uri @rewrite;

         }
        location /some_subdir/User {
                 allow 127.0.0.1;
                 allow 10.0.0.0/8;
                 allow 172.16.0.0/12;
                 allow 192.168.0.0/16;
                 deny all;
                 try_files $uri @rewrite;

         }

location / {

# This is cool because no php is touched for static content

try_files $uri @rewrite;

}

location @rewrite {

# Drupal in a subdirectory

rewrite ^/([^/]*)/(.*)(/?)$ /$1/index.php?q=$2&$args;

}

location /some_subdir/user {

allow 127.0.0.1;

allow 10.0.0.0/8;

allow 172.16.0.0/12;

allow 192.168.0.0/16;

deny all;

try_files $uri @rewrite;

}

location /some_subdir/User {

allow 127.0.0.1;

allow 10.0.0.0/8;

allow 172.16.0.0/12;

allow 192.168.0.0/16;

deny all;

try_files $uri @rewrite;

}

nginx php centos6 howto

posted this in Linux, nginx, php, Redhat Centos on May 15th, 2012

Remove previous php installation

# yum remove php-cli php-common

1	# yum remove php-cli php-common

Add the EPEL and REMI repos:

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

Install nginx prerequisites

# yum install perl pcre-devel gperftools-devel geoip geoip-devel

1	# yum install perl pcre-devel gperftools-devel geoip geoip-devel

Download nginx

# wget "http://nginx.org/download/nginx-1.2.1.tar.gz"

1	# wget "http://nginx.org/download/nginx-1.2.1.tar.gz"

Nginx configuration & installation:

# ./configure --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g' --with-http_geoip_module --with-google_perftools_module
# make
# make install

# ./configure --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g' --with-http_geoip_module --with-google_perftools_module

# make

# make install

PHP installation:

# yum --enablerepo=remi,remi-test install php php-fpm php-common php-pear php-pecl-apc php-pdo php-mysql php-pgsql php-pecl-memcache php-gd php-mbstring php-mcrypt php-xml php-ldap php-pecl-geoip

1	# yum --enablerepo=remi,remi-test install php php-fpm php-common php-pear php-pecl-apc php-pdo php-mysql php-pgsql php-pecl-memcache php-gd php-mbstring php-mcrypt php-xml php-ldap php-pecl-geoip

Edit Nginx configuration:

#sudo nano -w /etc/nginx/nginx.conf

--Sample Configuration

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

## Proxy
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 8 16k;
proxy_buffer_size 32k;

## Compression
gzip on;
gzip_types text/plain text/css application/x-javascript
text/xml application/xml
application/xml+rss text/javascript;
gzip_disable "MSIE [1-6].(?!.*SV1)";

### TCP options
tcp_nodelay on;
tcp_nopush on;
keepalive_timeout 10;
sendfile on;

# include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

#sudo nano -w /etc/nginx/nginx.conf

--Sample Configuration

user nginx;

worker_processes 1;

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

events {

worker_connections 1024;

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

## Proxy

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

client_max_body_size 10m;

client_body_buffer_size 128k;

proxy_connect_timeout 90;

proxy_send_timeout 90;

proxy_read_timeout 90;

proxy_buffers 8 16k;

proxy_buffer_size 32k;

## Compression

gzip on;

gzip_types text/plain text/css application/x-javascript

text/xml application/xml

application/xml+rss text/javascript;

gzip_disable "MSIE [1-6].(?!.*SV1)";

### TCP options

tcp_nodelay on;

tcp_nopush on;

keepalive_timeout 10;

sendfile on;

# include /etc/nginx/conf.d/*.conf;

include /etc/nginx/sites-enabled/*;

}

Create your web folder eg: /srv/www and change the owner of the folder:

– Create Directory

# cd /srv
# mkdir www

1 2	# cd /srv # mkdir www

– Change ownership

# sudo chown -R nginx:nginx /srv/www

1	# sudo chown -R nginx:nginx /srv/www

Sample vhost configuration:

. . . → Read More: nginx php centos6 howto

Brakertech

nginx code igniter remove index.php prefix

nginx redirect single url

linux remove blank lines from file

nginx logrotate script

nginx ssl pfx

Install PHP APC with Nginx on Centos 6.2

nginx secure /user drupal

nginx php centos6 howto

Search Brakertech

dEFENSE

Hacking

Security

Search Brakertech

dEFENSE

Hacking

Tags

Security