search

jelhan / croodle

Croodle is a web application to schedule a date or to do a poll on a general topics.
MIT License
188 stars 25 forks source link

Nginx webserver documentation #343

Open cl-parsons opened 4 years ago

cl-parsons commented 4 years ago

Hi, I tried to setup my own server with Nginx, and it was not so easy to make it work by using the configuration provided by Slim framework. Here is a setup that works, for further documentation of croodle. poll.conf.txt

jelhan commented 4 years ago

Hello @cl-parsons,

thanks for sharing your configuration.

I would recommend to Content-Security-Policy and Referrer-Policy headers. You could find the recommended ones in .htaccess file, which is part of the build.

If you feel confident with your httpS setup, you should also use Strict-Transport-Security header to enforce an encrypted connection on revisits. You may also use HTTP Public Key Pinning even so the effect is very limited since Chrome removed support.

If you have the time, apull request adding an example configuration for nginx and link it from README would be awesome.

Best Jeldrik

cl-parsons commented 4 years ago

Thanks for the tips, I posted this really for a "basic setup" without having to sort what is useless and what is not.

fooness commented 4 years ago

Is there any officially tested config ready to be added to the repo, meanwhile, with only what’s really necessary?

The following configuration (sites file) works for us on Ubuntu 20.04 LTS, but maybe there’s room for improvement. Would be great if someone with experience in croodle and fastcgi/fmp could have a look …

server {
  listen 80;
  server_name {{ ansible_fqdn }};
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name {{ ansible_fqdn }};

  # managed by certbot via /etc/nginx/conf.d/letsencrypt.conf
  #ssl_certificate /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem;
  #ssl_certificate_key /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem;

  root /var/www/html;
  index index.html;

  location ~ ^/api/(index\.php)(.*)$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php-fpm.sock;
    #fastcgi_pass 127.0.0.1:9000;
  }
}

PS: It did NOT work with fastcgi_pass 127.0.0.1:9000;

fooness commented 4 years ago

Sounds strange, but it stopped working for us after the first run of php /var/www/html/api/cron.php

Now we’re back at “The poll could not be saved. Please try again in a few seconds.”

2020/12/01 12:35:49 [error] 16356#16356: *3 open() "/var/www/html/api/index.php/polls" failed (20: Not a directory), client: […], server: […], request: "POST /api/index.php/polls HTTP/1.1", host: […]

That’s weird, isn’t it?

jelhan commented 4 years ago

Sounds strange, but it stopped working for us after the first run of php /var/www/html/api/cron.php

Now we’re back at “The poll could not be saved. Please try again in a few seconds.”

2020/12/01 12:35:49 [error] 16356#16356: *3 open() "/var/www/html/api/index.php/polls" failed (20: Not a directory), client: […], server: […], request: "POST /api/index.php/polls HTTP/1.1", host: […]

That’s weird, isn’t it?

Please double check the permissions of polls folder. Maybe the cron job was running with another user and some permissions got changed? Or to have the cronjob running the permissions were changed but didn't recall anymore?

fooness commented 4 years ago

Thank you for your answer.

Please double check the permissions of polls folder. Maybe the cron job was running with another user and some permissions got changed? Or to have the cronjob running the permissions were changed but didn't recall anymore?

There is no polls folder.

It seems that changing the ownership of data folder helps and, maybe, fixes everything. Does this look right to you?

$ ls -alF
total 48
drwxr-xr-x 7 root     root     4096 Dec  1 13:07 ./
drwxr-xr-x 3 root     root     4096 Nov 30 17:31 ../
drwxr-xr-x 5 root     root     4096 Jan 31  2020 api/
drwxr-xr-x 2 root     root     4096 Jan 31  2020 assets/
drwxr-xr-x 4 www-data www-data 4096 Dec  1 13:07 data/
drwxr-xr-x 2 root     root     4096 Jan 29  2020 ember-fetch/
-rw-r--r-- 1 root     root     5430 Nov 30 17:31 favicon.ico
-rw-r--r-- 1 root     root     3292 Jan 31  2020 index.html
drwxr-xr-x 3 root     root     4096 Jan  5  2020 open-iconic/
-rw-r--r-- 1 root     root       51 Oct 28  2019 robots.txt

$ ls -alF data/
total 16
drwxr-xr-x 4 www-data www-data 4096 Dec  1 13:07 ./
drwxr-xr-x 7 root     root     4096 Dec  1 13:07 ../
drwxr-xr-x 2 www-data www-data 4096 Dec  1 12:52 6dMPwH68aQ/
drwxr-xr-x 3 www-data www-data 4096 Dec  1 12:53 i7wXpRPVEN/
-rw-r--r-- 1 root     root        0 Jan 31  2020 index.html
jelhan commented 4 years ago

Oh sorry. Shouldn't have replied within a hurry and got confused about the cronjob.

It seems as if nginx is not handing a request to api/index.php/polls to api/index.php PHP script. Please have a look at #92.

fooness commented 4 years ago

I did. It seems the default nginx fastcgi configuration which comes via include snippets/fastcgi-php.conf; should work. I checked all the default fastcgi params and variables and, to me, everything looks as it should work (at least if the location ~ ^/api/(index\.php)(.*)$ { is addressed correctly.

If you can reproduce a correct and working installation with the nginx sites config pasted above, please feel free to add it to your README.