Visiolist Nginx Proxy Server Setup Debian 8

leonor

Active Member
License Active
So after hours and more hours of testing i got it to work!

I will try to tell you what i did, i am sorry for my Bad english but i would like to share it with you. Maybe a bigger site like to use it :) I will just show wich conf i did created and using right now maybe i will update this post with more details why i did what.

Right now i am using 3 small VPS (SSD) servers to run my Visiolist setup, first one is the Proxy server, the second is the webserver and last but not least the database server.

What are doing the Serves:

Proxy-Server: accepting the user connection, handles out the SSL connection, and cache all static files (wich he got gzipped form webserver)

Web-Server: Running the Visiolist installation with php5-fpm, gzip all outgoing static files

DB-Server: Only for the Database :p

Yes of course the database server is not needed as extra server, but i use this server already for other webservers so why not ^^

Proxy Server:

Create new vhost:

/etc/nginx/sites-available/example.com

and adding this:
Code:
proxy_cache_path /tmp/nginx/my_zone levels=1:2 keys_zone=my_zone:10m inactive=60m;

server {

    listen 80;

    server_name www.example.com example.com;

    access_log /var/log/nginx/example-access.log;
    error_log /var/log/nginx/example-error.log;


    #Let's Encrypt
    include certbot/certbot.conf;

    location / {
        return 301 https://example.com$request_uri;
    }
}

server {
    listen      443 ssl http2;

    server_name www.example.com example.com;

if ($host = 'www.example.com' ) {
          rewrite  ^/(.*)$  https://example.com/$1  permanent;
}

    access_log /var/log/nginx/example-access.log;
    error_log /var/log/nginx/example-error.log;

    include certbot/tls.conf;
    #ssl_certificate    /etc/letsencrypt/live/example.com/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        proxy_set_header Host example.com;
        proxy_pass http://my_backend_server.com;

        ### Cache Static Files
        proxy_cache my_zone;
        add_header X-Proxy-Cache $upstream_cache_status;
    }

}
Link the new Vhost:
Code:
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
Do NOT reload the Nginx it will fail because of a missing file!

Creating letsencrypt.org Cert:
Frist we need the Certbot from https://certbot.eff.org

Code:
apt-get install certbot -t jessie-backports
Now we need a new file for nginx /etc/nginx/certbot/certbot.conf and adding this:
Code:
location ~ /.well-known {
    allow all;
    root /var/www;
}
Create new dir for the Cache:
mkdir /tmp/nginx/my_zone

Now we can reload our nginx

Code:
service nginx reload
Next step is to create our SSL cert for our Domain:
Code:
certbot certonly --webroot -w /var/www -d example.com
After creating we are deleting the '#' before ssl_certificate and ssl_certificate in /etc/nginx/sites-available/example.com

Please reload your the your Nginx

service nginx reload

We are done with our Proxy Server =)

Web Server:

Please create new User example for our PHP .socket


Create new php5-FPM instanz

/etc/php5/fpm/pool.d/example.conf

Code:
[example.com]

listen = /var/run/php5-fpm/example.com.sock
listen.backlog = -1
listen.owner = www-data
listen.group = www-data
listen.mode=0660

; Unix user/group of processes
user = example
group = www-data

; Choose how the process manager will control the number of child processes.
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500

; Pass environment variables
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
Now we create a new file: /etc/nginx/expires.conf
Code:
# Expire rules for static content

# No default expire rule. This config mirrors that of apache as outlined in the
# html5-boilerplate .htaccess file. However, nginx applies rules by location,
# the apache rules are defined by type. A consequence of this difference is that
# if you use no file extension in the url and serve html, with apache you get an
# expire time of 0s, with nginx you'd get an expire header of one month in the
# future (if the default expire rule is 1 month). Therefore, do not use a
# default expire rule with nginx unless your site is completely static

# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json|php)$ {
  expires -1;
}

# Feed
location ~* \.(?:rss|atom)$ {
  expires 1h;
}

# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
  expires 1M;
  access_log off;
  add_header Cache-Control "public";
}

# CSS and Javascript
location ~* \.(?:css|js)$ {
  expires 1m;
  access_log off;
}


Create new vhost:

/etc/nginx/sites-available/example.com
Code:
server {
    set_real_ip_from 0.0.0.0;
    real_ip_header X-Real-IP;
    real_ip_recursive on;

listen 80;

  server_name www.example.com example.com;

  root /var/www/example.com;

  index index.php index.html;

  access_log /var/log/nginx/example.com-access.log;
  error_log /var/log/nginx/example.com-error.log;

  # ADD Expire Header
  include expires.conf;


  try_files $uri @rewrite;

  location ~ \.php$ {
    fastcgi_param HTTPS on;
    fastcgi_pass unix:/var/run/php5-fpm/example.com.sock;
    fastcgi_index index.php;
    include /etc/nginx/fastcgi.conf;
  }

  location @rewrite {
    rewrite  ^/join/$ /index.php?a=join last;
    rewrite  ^/user_cpl/$ /index.php?a=user_cpl last;
    rewrite  ^/stats/(.*)/$ /index.php?a=stats&u=$1 last;
    rewrite  ^/stats/$ /index.php?a=stats last;
    rewrite  ^/details/(.*)/$ /index.php?a=details&u=$1 last;
    rewrite  ^/overall-stats/$ /index.php?a=details last;
    rewrite  ^/lost_pw/$ /index.php?a=lost_pw last;
    rewrite  ^/review/(.*)/$ /index.php?a=rate&u=$1 last;
    rewrite  ^/reviews/(.*)/$ /index.php?a=details&u=$1&all_reviews=1 last;

    rewrite  ^/category/(.*)/$ /index.php?cat=$1 last;

    rewrite ^/forward/(.*)/ /index.php?a=forward&u=$1 last;
    rewrite ^/out/(.*)/ /index.php?a=out&u=$1&go=1 last;
    rewrite ^/top100/(.*)/ /index.php?cat=$1 last;

    rewrite ^/rank/(.*)/(.*)/top100/(.*)/ /index.php?start=$1&method=$2&cat=$3 last;
    rewrite ^/rank/(.*)/top100/(.*)/ /index.php?method=$1&cat=$2 last;
    rewrite ^/rank/(.*)/(.*)/ /index.php?start=$1&method=$2 last;
    rewrite ^/rank/(.*)/ /index.php?method=$1 last;

    rewrite ^/search/(.*)/(.*)/ /index.php?a=search&start=$1&q=$2 last;
    rewrite ^/search/(.*)/ /index.php?a=search&q=$1 last;
    rewrite ^/search/ /index.php?a=search last;
    rewrite ^/lastsites/ /index.php?a=lastsites last;
    rewrite ^/page/(.*)/ /index.php?a=page&id=$1 last;

    rewrite ^/lastsites/ /index.php?a=lastsites last;

    rewrite ^/callback-guide/ /index.php?a=callback last;

  }


}
Please don't forget to set set_real_ip_from 0.0.0.0; here you need to add the Proxy Server IP-Adress!

And now if i didn't forget anything you should restart/reload your nginx (webserver) and install your Visiolist on your Webserver :)

I will try to add the next days more detailed information, but not today sitting here already to long :D

Greetz,
leonor
 
Last edited:
Top