Visiolist Nginx Proxy Server Setup Debian 8

Discussion in 'Tutorials' started by leonor, Dec 19, 2016.

  1. leonor
    • Licensed

    leonor Active Member

    So after hours and more hours of testing i got it to work!

    I will try to tell you what i did, i am sorry for my Bad english but i would like to share it with you. Maybe a bigger site like to use it :) I will just show wich conf i did created and using right now maybe i will update this post with more details why i did what.

    Right now i am using 3 small VPS (SSD) servers to run my Visiolist setup, first one is the Proxy server, the second is the webserver and last but not least the database server.

    What are doing the Serves:

    Proxy-Server: accepting the user connection, handles out the SSL connection, and cache all static files (wich he got gzipped form webserver)

    Web-Server: Running the Visiolist installation with php5-fpm, gzip all outgoing static files

    DB-Server: Only for the Database :p

    Yes of course the database server is not needed as extra server, but i use this server already for other webservers so why not ^^

    Proxy Server:

    Create new vhost:

    /etc/nginx/sites-available/example.com

    and adding this:
    Code:
    proxy_cache_path /tmp/nginx/my_zone levels=1:2 keys_zone=my_zone:10m inactive=60m;
    
    server {
    
        listen 80;
    
        server_name www.example.com example.com;
    
        access_log /var/log/nginx/example-access.log;
        error_log /var/log/nginx/example-error.log;
    
    
        #Let's Encrypt
        include certbot/certbot.conf;
    
        location / {
            return 301 https://example.com$request_uri;
        }
    }
    
    server {
        listen      443 ssl http2;
    
        server_name www.example.com example.com;
    
    if ($host = 'www.example.com' ) {
              rewrite  ^/(.*)$  https://example.com/$1  permanent;
    }
    
        access_log /var/log/nginx/example-access.log;
        error_log /var/log/nginx/example-error.log;
    
        include certbot/tls.conf;
        #ssl_certificate    /etc/letsencrypt/live/example.com/fullchain.pem;
        #ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
    
            proxy_set_header Host example.com;
            proxy_pass http://my_backend_server.com;
    
            ### Cache Static Files
            proxy_cache my_zone;
            add_header X-Proxy-Cache $upstream_cache_status;
        }
    
    }
    Link the new Vhost:
    Code:
    ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
    Do NOT reload the Nginx it will fail because of a missing file!

    Creating letsencrypt.org Cert:
    Frist we need the Certbot from https://certbot.eff.org

    Code:
    apt-get install certbot -t jessie-backports


    Now we need a new file for nginx /etc/nginx/certbot/certbot.conf and adding this:
    Code:
    location ~ /.well-known {
        allow all;
        root /var/www;
    }
    Create new dir for the Cache:
    mkdir /tmp/nginx/my_zone

    Now we can reload our nginx

    Code:
    service nginx reload
    Next step is to create our SSL cert for our Domain:
    Code:
    certbot certonly --webroot -w /var/www -d example.com
    After creating we are deleting the '#' before ssl_certificate and ssl_certificate in /etc/nginx/sites-available/example.com

    Please reload your the your Nginx

    service nginx reload

    We are done with our Proxy Server =)

    Web Server:

    Please create new User example for our PHP .socket


    Create new php5-FPM instanz

    /etc/php5/fpm/pool.d/example.conf

    Code:
    [example.com]
    
    listen = /var/run/php5-fpm/example.com.sock
    listen.backlog = -1
    listen.owner = www-data
    listen.group = www-data
    listen.mode=0660
    
    ; Unix user/group of processes
    user = example
    group = www-data
    
    ; Choose how the process manager will control the number of child processes.
    pm = dynamic
    pm.max_children = 75
    pm.start_servers = 10
    pm.min_spare_servers = 5
    pm.max_spare_servers = 20
    pm.max_requests = 500
    
    ; Pass environment variables
    env[HOSTNAME] = $HOSTNAME
    env[PATH] = /usr/local/bin:/usr/bin:/bin
    env[TMP] = /tmp
    env[TMPDIR] = /tmp
    env[TEMP] = /tmp
    Now we create a new file: /etc/nginx/expires.conf
    Code:
    # Expire rules for static content
    
    # No default expire rule. This config mirrors that of apache as outlined in the
    # html5-boilerplate .htaccess file. However, nginx applies rules by location,
    # the apache rules are defined by type. A consequence of this difference is that
    # if you use no file extension in the url and serve html, with apache you get an
    # expire time of 0s, with nginx you'd get an expire header of one month in the
    # future (if the default expire rule is 1 month). Therefore, do not use a
    # default expire rule with nginx unless your site is completely static
    
    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html?|xml|json|php)$ {
      expires -1;
    }
    
    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
    }
    
    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }
    
    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1m;
      access_log off;
    }


    Create new vhost:

    /etc/nginx/sites-available/example.com
    Code:
    server {
        set_real_ip_from 0.0.0.0;
        real_ip_header X-Real-IP;
        real_ip_recursive on;
    
    listen 80;
    
      server_name www.example.com example.com;
    
      root /var/www/example.com;
    
      index index.php index.html;
    
      access_log /var/log/nginx/example.com-access.log;
      error_log /var/log/nginx/example.com-error.log;
    
      # ADD Expire Header
      include expires.conf;
    
    
      try_files $uri @rewrite;
    
      location ~ \.php$ {
        fastcgi_param HTTPS on;
        fastcgi_pass unix:/var/run/php5-fpm/example.com.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi.conf;
      }
    
      location @rewrite {
        rewrite  ^/join/$ /index.php?a=join last;
        rewrite  ^/user_cpl/$ /index.php?a=user_cpl last;
        rewrite  ^/stats/(.*)/$ /index.php?a=stats&u=$1 last;
        rewrite  ^/stats/$ /index.php?a=stats last;
        rewrite  ^/details/(.*)/$ /index.php?a=details&u=$1 last;
        rewrite  ^/overall-stats/$ /index.php?a=details last;
        rewrite  ^/lost_pw/$ /index.php?a=lost_pw last;
        rewrite  ^/review/(.*)/$ /index.php?a=rate&u=$1 last;
        rewrite  ^/reviews/(.*)/$ /index.php?a=details&u=$1&all_reviews=1 last;
    
        rewrite  ^/category/(.*)/$ /index.php?cat=$1 last;
    
        rewrite ^/forward/(.*)/ /index.php?a=forward&u=$1 last;
        rewrite ^/out/(.*)/ /index.php?a=out&u=$1&go=1 last;
        rewrite ^/top100/(.*)/ /index.php?cat=$1 last;
    
        rewrite ^/rank/(.*)/(.*)/top100/(.*)/ /index.php?start=$1&method=$2&cat=$3 last;
        rewrite ^/rank/(.*)/top100/(.*)/ /index.php?method=$1&cat=$2 last;
        rewrite ^/rank/(.*)/(.*)/ /index.php?start=$1&method=$2 last;
        rewrite ^/rank/(.*)/ /index.php?method=$1 last;
    
        rewrite ^/search/(.*)/(.*)/ /index.php?a=search&start=$1&q=$2 last;
        rewrite ^/search/(.*)/ /index.php?a=search&q=$1 last;
        rewrite ^/search/ /index.php?a=search last;
        rewrite ^/lastsites/ /index.php?a=lastsites last;
        rewrite ^/page/(.*)/ /index.php?a=page&id=$1 last;
    
        rewrite ^/lastsites/ /index.php?a=lastsites last;
    
        rewrite ^/callback-guide/ /index.php?a=callback last;
    
      }
    
    
    }
    Please don't forget to set set_real_ip_from 0.0.0.0; here you need to add the Proxy Server IP-Adress!

    And now if i didn't forget anything you should restart/reload your nginx (webserver) and install your Visiolist on your Webserver :)

    I will try to add the next days more detailed information, but not today sitting here already to long :D

    Greetz,
    leonor
    Last edited: Dec 24, 2016
    proxydesign and Mark like this.
  2. Mark
    • Staff

    Mark Administrator Staff Member

    thanks for taking the time to contribute such a detailed write up!
    proxydesign likes this.
  3. proxydesign

    proxydesign Visiolist-Fan

    Great! Thanks for sharing this.

Share This Page