Wrong nginx config in wiki!

romanoza · October 22, 2010, 11:47am

There is wrong config for nginx. It’s wrong 'cos it’s not correct to use rewrite every time (speed).

Here is correct config from nginx author (russian).

My config:




log_format  withservname   '$host:$server_port $remote_addr $remote_user [$time_local] '

                           '"$request" $status $body_bytes_sent '

                           '"$http_referer" "$http_user_agent"';


access_log  /var/log/nginx/access.log  withservname;


server_tokens  off;


server {

    server_name  www.yoursite.com;

    listen  80;

    rewrite  ^(.*)$ http://yoursite.com$1 permanent;

}


server {

    server_name  yoursite.com;

    listen  80;

    rewrite  ^(.*)$ https://yoursite.com$1 permanent;

}


server {

server_name  yoursite.com;


listen  443 default ssl;


keepalive_timeout    70;


ssl                  on;

ssl_certificate      /etc/ssl/certs/startssl_yoursite.com.pem;

ssl_certificate_key  /etc/ssl/private/yoursite.com.key;

ssl_session_cache    shared:SSL:10m;

ssl_session_timeout  10m;


location / {

    try_files  $uri  $uri/ @yii;

    root   /var/www/yoursite.com/htdocs;

    index  index.html index.htm index.php;


    location  ~ /\.ht {

	deny  all;

    }


    location  /var/www/yoursite.com/htdocs/protected/ {

	deny  all;

    }


location ~ \.php$ {

    fastcgi_index  index.php;

    fastcgi_pass  unix:/var/run/php-fcgi.sock;

    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

    include fastcgi_params;

}


    location  ~* \.(gif|jp(|e)g|png|mp(|e)g|avi|flv|swf)$ {

	expires  1d;

    }

}


location @yii {

    root  /var/www/yoursite.com/htdocs;


    include fastcgi_params;

    fastcgi_pass  unix:/var/run/php-fcgi.sock;

    fastcgi_param  SCRIPT_NAME      /index.php;

    fastcgi_param  SCRIPT_FILENAME  $document_root/index.php;

    fastcgi_param  QUERY_STRING     $args;

}


}

Maxximus · October 28, 2010, 11:16pm

Just using Nginx (and PHP-FPM) as my test server locally, so there might be loose ends, but this is more than enough to run Yii on a Nginx server in document_root:


server {

	server_name  testdrive;

    root   /path/to/yii/WebRoot/testdrive;

    index  index.php;

 

    location / {

        try_files $uri $uri/ /index.php;

    }


     location  $document_root/protected/ {

        deny  all;

    }

 

    location  ~* \.(gif|jp(|e)g|png|mp(|e)g|avi|flv|swf)$ {

        expires   30d;

        access_log off;

    }


    location ~ \.php {      

	fastcgi_pass  127.0.0.1:9000;

	fastcgi_index index.php;

	include fastcgi_params;

	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

	access_log off;

    }

}

In fastcgi_params there must be REQUEST_URI defined, otherwise define it as $request_uri.

Additions are welcome!

Orteko · October 29, 2010, 2:56am

One thing that I do regardless of project is move the /protected/ directory outside of the web root, usually to a /application/ directory instead.

All that needs changing is the $config variable and you no longer have to bother with writing specific statements to deny access to the directory if you aren’t running apache.

TBH, i’m not sure why it isn’t done this way by default - there is never a valid reason for having the /protected/ directory directly accessible via the web so why bother putting it there and then denying access to it?

Maxximus · October 30, 2010, 8:50am

Sure, there is no need to keep the protected directory under web root. But since this is the default, I put it there to be similar to the standard Apache setup.

One thing I found with Nginx when using multiple server_names is that the PHP var SERVER_NAME is not correctly set. To prevent this, add the following line in the PHP part:


fastcgi_param SERVER_NAME $http_host;

After that, the Yii::app()->request->serverName will be set correctly.

idolzhenko · January 25, 2011, 2:29pm

It’s my working config file for nginx-0.8.53 + spawn-fcgi-1.6.3nb2 (NetBSD 5)

/home/www/framework

/home/www/public_html




worker_processes  1;


events {

    worker_connections  1024;

}




http {

    include       /usr/pkg/etc/nginx/mime.types;

    default_type  application/octet-stream;




    access_log off;


    sendfile        on;

    tcp_nopush      on;

    tcp_nodelay     on;


    keepalive_timeout  65;


    server {

	server_name  example.com;

	root /home/www/public_html;


        charset utf-8;


        location / {

            index  index.php;

	    try_files $uri $uri/ @yii;

	    allow 212.14.170.226;

	    deny all;

        }




        # redirect server error pages to the static page /50x.html

        #

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   /home/www/public_html;

        }


        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

        #

        location ~ \.php$ {

            fastcgi_pass   127.0.0.1:9000;

            fastcgi_index  index.php;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

	    fastcgi_param  PATH_INFO $fastcgi_script_name;

            include        /usr/pkg/etc/nginx/fastcgi_params;

        }

	location @yii {

	    fastcgi_pass 127.0.0.1:9000;

	    include fastcgi_params; 

	    fastcgi_param  SCRIPT_NAME      /index.php;

	    fastcgi_param  SCRIPT_FILENAME  $document_root/index.php;

	    fastcgi_param  QUERY_STRING     $args;

	}




        # deny access to .htaccess files, if Apache's document root

        # concurs with nginx's one

        #

        location ~ /\.ht {

            deny  all;

        }

    }

}