Author Topic: Custom nginx vhost for magento2  (Read 6826 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Custom nginx vhost for magento2
« on: June 19, 2020, 03:25:52 AM »
Hi

Has anyone experienced how to adapt this magento nginx file so that it maintains the same CWP nginx structure using nginx+varnish+apache?  :-[

That file has many locations and it is necessary to add the proxy_pass parameters, etc but I don't manage in nginx and I haven't had good results in that.

The Magento documentation says that you should create the vhost in the following way and include a file that has all the configuration but obviously is only intended for use on an only nginx server.

Code: [Select]

### I think this block is not necessary because in CWP the parameters are already loaded in the nginx configuration
upstream fastcgi_backend {
     use tcp connection
     server  127.0.0.1:9000;
     or socket
    server proxy:unix:/opt/alt/php-fpm73/usr/var/sockets/me.sock
 }

### This block already comes in the domain configuration so I can take only the necessary parameters and include them
 server {
    listen 80;
    server_name mage.dev;
    set $MAGE_ROOT /var/www/magento2;
    set $MAGE_DEBUG_SHOW_ARGS 1;
    include /magento2/nginx.conf.sample;
 }

Although they then show how to configure varnish on its own, I can't find how to adapt this nginx file to work with varnish or SSL

This is the magento nginx.conf.sample content to include but I don't know where I should add the call parameters to the proxy. Would it be in every block location?

Code: [Select]

root $MAGE_ROOT/pub;

index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
#add_header "X-UA-Compatible" "IE=Edge";


# Deny access to sensitive files
location /.user.ini {
    deny all;
}

# PHP entry point for setup application
location ~* ^/setup($|/) {
    root $MAGE_ROOT;
    location ~ ^/setup/index.php {
        fastcgi_pass   fastcgi_backend;

        fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
        fastcgi_param  PHP_VALUE "memory_limit=2GM \n max_execution_time=1800";
        fastcgi_read_timeout 600s;
        fastcgi_connect_timeout 600s;

        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    location ~ ^/setup/(?!pub/). {
        deny all;
    }

    location ~ ^/setup/pub/ {
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    }
}

# PHP entry point for update application
location ~* ^/update($|/) {
    root $MAGE_ROOT;

    location ~ ^/update/index.php {
        fastcgi_split_path_info ^(/update/index.php)(/.+)$;
        fastcgi_pass   fastcgi_backend;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        include        fastcgi_params;
    }

    # Deny everything but index.php
    location ~ ^/update/(?!pub/). {
        deny all;
    }

    location ~ ^/update/pub/ {
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    }
}

location / {
    try_files $uri $uri/ /index.php$is_args$args;
}

location /pub/ {
    location ~ ^/pub/media/(downloadable|customer|import|custom_options|theme_customization/.*\.xml) {
        deny all;
    }
    alias $MAGE_ROOT/pub/;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
}

location /static/ {
    # Uncomment the following line in production mode
    # expires max;

    # Remove signature of the static files that is used to overcome the browser cache
    location ~ ^/static/version {
        rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
    }

    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|html|json)$ {
        add_header Cache-Control "public";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

        expires +1y;

        if (!-f $request_filename) {
            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
        }
    }
   
    location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
        add_header Cache-Control "no-store";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        expires    off;

        if (!-f $request_filename) {
           rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
        }
    }
    if (!-f $request_filename) {
        rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
    }
    add_header X-Frame-Options "SAMEORIGIN";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
}

location /media/ {
    try_files $uri $uri/ /get.php$is_args$args;

    location ~ ^/media/theme_customization/.*\.xml {
        deny all;
    }

    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
        add_header Cache-Control "public";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        expires +1y;
        try_files $uri $uri/ /get.php$is_args$args;
    }
    location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
        add_header Cache-Control "no-store";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        expires    off;
        try_files $uri $uri/ /get.php$is_args$args;
    }
    add_header X-Frame-Options "SAMEORIGIN";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
}

location /media/customer/ {
    deny all;
}

location /media/downloadable/ {
    deny all;
}

location /media/import/ {
    deny all;
}

location /media/custom_options/ {
    deny all;
}

location /errors/ {
    location ~* \.xml$ {
        deny all;
    }
}

# PHP entry point for main application
location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
    try_files $uri =404;
    fastcgi_pass   fastcgi_backend;
    fastcgi_buffers 1024 4k;

    fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
    fastcgi_param  PHP_VALUE "memory_limit=2G \n max_execution_time=18000";
    fastcgi_read_timeout 600s;
    fastcgi_connect_timeout 600s;

    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

gzip on;
gzip_disable "msie6";

gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
    text/plain
    text/css
    text/js
    text/xml
    text/javascript
    application/javascript
    application/x-javascript
    application/json
    application/xml
    application/xml+rss
    image/svg+xml;
gzip_vary on;

# Banned locations (only reached if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.phtml$|\.htaccess$|\.git) {
    deny all;
}

I have tried to apply it to the default domain nginx vhost according to CWP in the following way but it doesn't work for me:

Code: [Select]
server {
listen 207.244.241.9:80;
server_name tienda.proitsecurity.com  www.tienda.proitsecurity.com;

access_log /usr/local/apache/domlogs/tienda.proitsecurity.com.bytes bytes;
access_log /usr/local/apache/domlogs/tienda.proitsecurity.com.log combined;
error_log /usr/local/apache/domlogs/tienda.proitsecurity.com.error.log error;

location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
expires max;
try_files $uri @backend;
}

# Set magento variable
set $MAGE_ROOT /var/www/magento2;
            set $MAGE_DEBUG_SHOW_ARGS 1;

            # I moved the nginx.conf.sample to /etc/nginx
            include /etc/nginx/nginx.conf.sample;

error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
proxy_pass http://207.244.241.9:82;
include proxy.inc;
return 301 https://$server_name$request_uri;
}

location @backend {
internal;
proxy_pass http://207.244.241.9:82;
include proxy.inc;
}

location @custom {
internal;
proxy_pass http://207.244.241.9:82;
include proxy.inc;
}

location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://207.244.241.9:82;
include proxy.inc;
}

location ~ /\.ht    {deny all;}
location ~ /\.svn/  {deny all;}
location ~ /\.git/  {deny all;}
location ~ /\.hg/   {deny all;}
location ~ /\.bzr/  {deny all;}

disable_symlinks if_not_owner from=/home/proitcom/tienda.proitsecurity.com;

location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}

Any suggestions on how to do it, please?

Thank you very much.

Offline
****
Re: Custom nginx vhost for magento2
« Reply #1 on: June 19, 2020, 05:36:45 AM »
Your using Nginx as a reverse proxy to Apache or Varnish.  You don't need any of that stuff in a reverse proxy.  Your final endpoint (Apache) needs to be configured to handle the redirects, and nginx will just server static files and serve the rest back to varnish-> Apache. 

What you posted would be an nginx only setup.
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: Custom nginx vhost for magento2
« Reply #2 on: June 19, 2020, 06:23:29 AM »

Then I must configure varnish only and test it because apache redirect is ok  ???

I will try

Thank you very much

Your using Nginx as a reverse proxy to Apache or Varnish.  You don't need any of that stuff in a reverse proxy.  Your final endpoint (Apache) needs to be configured to handle the redirects, and nginx will just server static files and serve the rest back to varnish-> Apache. 

What you posted would be an nginx only setup.