facade
facade copied to clipboard
brianwarner
nginx support?
... I created a file for the general configuration ...
Step 1: Install the php-fpm and php-mysql things
- sudo apt-get install php-fpm php-mysql
Step 2: Configure the PHP Processor
We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.
Open the main php-fpm configuration file with root privileges:
sudo vi /etc/php/7.2/fpm/php.ini
What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to "1" by default.
This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if the requested PHP file cannot be found. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn't be allowed to execute.
We will change both of these conditions by uncommenting the line and setting it to "0" like this:
/etc/php/7.2/fpm/php.ini
cgi.fix_pathinfo=0
Save and close the file when you are finished.
Now, we just need to restart our PHP processor by typing:
sudo systemctl restart php7.0-fpm
This will implement the change that we made.
Step 3: Configure Nginx to Use the PHP Processor
Now, we have all of the required components installed. The only configuration change we still need is to tell Nginx to use our PHP processor for dynamic content.
We do this on the server block level (server blocks are similar to Apache's virtual hosts). Open the default Nginx server block configuration file by typing:
sudo vi /etc/nginx/sites-available/default
Currently, with the comments removed, the Nginx default server block file looks like this:
/etc/nginx/sites-available/default server { listen 80 default_server; listen [::]:80 default_server;
root /var/www/html; index index.html index.htm index.nginx-debian.html;
server_name _;
location / { try_files $uri $uri/ =404; } }
We need to make some changes to this file for our site.
First, we need to add index.php as the first value of our index directive so that files named index.php are served, if available, when a directory is requested.
We can modify the server_name directive to point to our server's domain name or public IP address.
For the actual PHP processing, we just need to uncomment a segment of the file that handles PHP requests by removing the pound symbols (#) from in front of each line. This will be the location ~.php$ location block, the included fastcgi-php.conf snippet, and the socket associated with php-fpm.
We will also uncomment the location block dealing with .htaccess files using the same method. Nginx doesn't process these files. If any of these files happen to find their way into the document root, they should not be served to visitors.
The file should look like what's below:
/etc/nginx/sites-available/default
server { listen 80 default_server; listen [::]:80 default_server;
root /var/www/html; index index.php index.html index.htm index.nginx-debian.html;
server_name server_domain_or_IP;
location / { try_files $uri $uri/ =404; }
location ~ .php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; }
location ~ /.ht { deny all; } }
When you've made the above changes, you can save and close the file.
Test your configuration file for syntax errors by typing:
sudo nginx -t
If any errors are reported, go back and recheck your file before continuing.
When you are ready, reload Nginx to make the necessary changes:
sudo systemctl reload nginx
Step 4: Create a PHP File to Test Configuration
Your LEMP stack should now be completely set up. We can test it to validate that Nginx can correctly hand .php files off to our PHP processor.
We can do this by creating a test PHP file in our document root. Open a new file called info.php within your document root in your text editor:
sudo vi /var/www/html/info.php
Type or paste the following lines into the new file. This is valid PHP code that will return information about our server:
/var/www/html/info.php
When you are finished, save and close the file.
Now, you can visit this page in your web browser by visiting your server's domain name or public IP address followed by /info.php:
http://server_domain_or_IP/info.php
... this is the dependencies installation file:
install_deps-nginx.sh
#!/bin/bash
# Copyright 2016-2018 Brian Warner # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0
echo " This script will install the necessary dependencies to run Facade in either headless mode or using the web UI. It will install nginx and the required PHP packages. You can use either the web UI or the CLI to configure Facade and export analysis data.
Installing any missing dependencies... "
sudo apt-get install nginx php-cli php-mysql
python3 python3-mysqldb php-fpm php-dom php-curl python3-bcrypt
python3-xlsxwriter python3-texttable
echo " If everything went well, your next step is to run setup: $ ./setup.py "
Note: Since I am running mariadb, I did take out the mysql installation from the nginx config.
.. currently working on pointing nginx at the php, etc. ... database created just fine with setup.py ...
Here is how I configured the nginx server to serve up facade ....
Setting Up Server Blocks (Pretty much necessary if you are running more than one website on the server.)
When using the Nginx web server, you can use server blocks (similar to virtual hosts in Apache) to encapsulate configuration details and host more than one domain from a single server. We will set up a domain called facade, but you should replace this with your own domain name.
Create the directory for facade, using the -p flag to create any necessary parent directories:
sudo mkdir -p /var/www/facade/html
Assign ownership of the directory:
sudo chown -R $USER:$USER /var/www/facade/html
The permissions of your web roots should be correct if you haven't modified your umask value, but you can make sure by typing:
sudo chmod -R 755 /var/www/facade
Create a sample index.html page using nano or your favorite editor:
nano /var/www/facade/html/index.html
Inside, add the following sample HTML:
/var/www/facade/html/index.html
<html>
<head>
<title>Welcome to facade!</title>
</head>
<body>
<h1>Success! The facade server block is working!</h1>
</body>
</html>
Save and close the file when you are finished.
Make a new server block at /etc/nginx/sites-available/facade:
sudo nano /etc/nginx/sites-available/facade
Paste in the following configuration block, updated for our new directory and domain name:
/etc/nginx/sites-available/facade
server {
listen 80;
listen [::]:80;
root /var/www/facade/html;
index index.html index.htm index.nginx-debian.html;
server_name facade www.facade;
location / {
try_files $uri $uri/ =404;
}
}
Save and close the file when you are finished.
Enable the file by creating a link from it to the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/facade
/etc/nginx/sites-enabled/
Two server blocks are now enabled and configured to respond to requests based on their listen and server_name directives:
facade: Will respond to requests for facade and www.facade. default: Will respond to any requests on port 80 that do not match the other two blocks. To avoid a possible hash bucket memory problem that can arise from adding additional server names, it is necessary to adjust a single value in the /etc/nginx/nginx.conf file. Open the file:
sudo nano /etc/nginx/nginx.conf
Find the server_names_hash_bucket_size directive and remove the # symbol to uncomment the line:
/etc/nginx/nginx.conf
http {
...
server_names_hash_bucket_size 64;
...
}
Test for syntax errors:
sudo nginx -t
Restart Nginx to enable your changes:
sudo systemctl restart nginx
Nginx should now be serving your domain name. You can test this by navigating to http://facade, where you should see something like this:
Nginx first server block