From 6926e374af73f828ef3895f8c9ce60b2ac25db15 Mon Sep 17 00:00:00 2001 From: bread Date: Mon, 7 Oct 2024 23:48:24 +0000 Subject: [PATCH] Upgrade nginx configuration to a better state --- docs/nginx.md | 259 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 174 insertions(+), 85 deletions(-) diff --git a/docs/nginx.md b/docs/nginx.md index 8693559..71bd878 100644 --- a/docs/nginx.md +++ b/docs/nginx.md @@ -1,103 +1,192 @@ -# Install on NGINX +

Installation of 4get in NGINX

->I do NOT recommend following this guide, only follow this if you *really* need to use nginx. I recommend you use the apache2 steps instead. +
-Login as root. +> NOTE: As the previous version stated, it is better to follow the Apache2 guide instead of the Nginx one. -Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file: +> NOTE: This is going to guess that you're using either a Arch-based system or a Debian-based system, although you can still follow it with minor issues. -``` -server { - # DO YOU REALLY NEED TO LOG SEARCHES? - access_log /dev/null; - error_log /dev/null; - # Change this if you have 4get in other folder. - root /var/www/4get; - # Change yourdomain by your domain lol - server_name www.yourdomain.com yourdomain.com; +
- location @php { - try_files $uri.php $uri/index.php =404; - # Change the unix socket address if it's different for you. - fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; - fastcgi_index index.php; - # Change this to `fastcgi_params` if you use a debian based distro. - include fastcgi.conf; - fastcgi_intercept_errors on; - } +1. Login as root. +2. Upgrade your system: + * On Arch-based, run `pacman -Syu`. + * On Debian-based, run `apt update`, then `apt upgrade`. +3. Install the following dependencies: + * `git`: So you can clone this repository. + * `nginx`: So you can run Nginx. If using a non-systemd distribution, go to + * `php-fpm`: This is what allows Nginx to run *(and show)* PHP files. + * `php-imagick`, `imagemagick`: Image manipulation. + * `php-apcu`: Caching module. + * `php-curl`, `curl`: Transferring data with URLs. + * `php-mbstring`: String utils. + * `certbot`, `certbot-nginx`: ACME client. Used to create SSL certificates. + * In Arch-based distributions: + * `pacman -S nginx certbot php-imagick imagemagick curl php-apcu git` + * In Debian-based distributions: + * `apt install php-mbstring nginx certbot php-imagick imagemagick php-curl curl php-apcu git` - location / { - try_files $uri @php; - } +
- location ~* ^(.*)\.php$ { - return 301 $1; - } +> IMPORTANT: `php-curl`, `php-mbstring` might be a Debian-only package, but this needs further fact checking. +> IMPORTANT: `php-apcu` is known to not work on Artix[^1]. + +
+ +4. `cd` to `/etc/nginx` and make the `conf.d/` if it doesn't exist: + * Again, this guesses you're logged in as root. + ```sh + cd /etc/nginx + ls -l conf.d/ # If ls shows conf.d, then it means it exists. + # If it does not, run: + mkdir conf.d + ``` +5. Make a file inside `conf.d/` called `4get.conf` and place the following content: + * First run `touch conf.d/4get.conf` then `nano conf.d/4get.conf` to open the nano editor: *(Install it if it is not, or use another editor.)* + ```sh + server { + access_log /dev/null; # Search log file. Do you really need to? + error_log /dev/null; # Error log file. + + # Change this if you have 4get in another folder. + root /var/www/4get; + # Change 'yourdomain' to your domain. + server_name www.yourdomain.com yourdomain.com; + # Port to listen to. listen 80; -} -``` -That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf) + location @php { + try_files $uri.php $uri/index.php =404; + # Change the unix socket address if it's different for you. + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + # Change this to `fastcgi_params` if you use a debian based distribution. + include fastcgi.conf; + fastcgi_intercept_errors on; + } -After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command: + location / { + try_files $uri @php; + } -```sh -ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf -``` + location ~* ^(.*)\.php$ { + return 301 $1; + } -Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx` - -# Encryption setup - -Generate a certificate for the domain using: - -```sh -certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com -``` -(Remember to install the nginx certbot plugin!!!) - -After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point. - -# Tor setup on NGINX - -Important Note: Tor onion addresses are significantly longer than traditional domain names. Before proceeding with Nginx configuration, ensure you increase the `server_names_hash_bucket_size` value in your `nginx.conf` file. This setting in your Nginx configuration controls the internal data structure used to manage multiple server names (hostnames) associated with your web server. Each hostname requires a certain amount of memory within this structure. If the size is insufficient, Nginx will encounter errors. - -1. Open your `nginx.conf` file (that is under `/etc/nginx/nginx.conf`). -2. Find the line containing `# server_names_hash_bucket_size 64;`. -3. Uncomment the line and adjust the value. Start with 64, but if you encounter issues, incrementally increase it (e.g., 128, 256) until it accommodates your configuration. - -Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file: - -``` -server { - access_log /dev/null; - error_log /dev/null; - - listen 80; - server_name ; - root /var/www/4get; - - location @php { - try_files $uri.php $uri/index.php =404; - # Change the unix socket address if it's different for you. - fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; - fastcgi_index index.php; - # Change this to `fastcgi_params` if you use a debian based distro. - include fastcgi.conf; - fastcgi_intercept_errors on; } + ``` + * The above is a very basic configuration and thus will need tweaking to your personal needs. It should still work as-is, though. A 'real world' example is present in [^2]. + * After saving the file, check that the `nginx.conf` file inside the main directory includes files inside `conf.d/`: + * It should be inside the the http block: *(The following is an example! Don't just Copy and Paste it!)* + ```sh + http { + include mime.types; + include conf.d/*.conf; + types_hash_max_size 4096; + # ... + } + ``` + * Now, test your configuration with `nginx -t`, if it says that everything is good, restart *(or start)* the Nginx daemon: + * This depends on the init manager, most distributions use `systemd`, but it's better practice to include most. + ```sh + # systemd + systemctl stop nginx + systemctl start nginxt + # or + systemctl restart nginx - location / { - try_files $uri @php; - } + # openrc + rc-service nginx stop + rc-service nginx start + # or + rc-service nginx restart - location ~* ^(.*)\.php$ { - return 301 $1; - } -} -``` + # runit + sv down nginx + sv up nginx + # or + sv restart nginx -Obviously replace `` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf) + # s6 + s6-rc -d change nginx + s6-rc -u change nginx + # or + s6-svc -r /run/service/nginx -Once you did the above, refer to this tor guide to setup your onionsite. + # dinit + dinitctl stop nginx + dinitctl start nginx + # or + dinitctl restart nginx + ``` +6. Clone the repository to `/var/www`: + * `git clone --depth 1 https://git.lolcat.ca/lolcat/4get 4get` - It clones the repository with the depth of one commit *(so it takes less time to download)* and saves the cloned repository as '4get'. +7. That should be it! There are some extra steps you can take, but it really just depends on you. + +

Encryption setup

+ +1. Generate a certificate for the domain you're using with: + * Note that `certbot-nginx` is needed. + ```sh + certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com + ``` +2. After that, certbot will deploy the certificate automatically to your 4get conf file; It should be ready to use from there. + +

Tor Setup

+ +
+ +> IMPORTANT: Tor onion addresses are very long compared to traditional domains, so, Before doing anything, edit `nginx.conf` and increase server_names_hash_bucket_size to your needs. + +
+ +1. `cd` to `/etc/nginx` *(if you haven't)* and open your `nginx.conf` file. +2. Find the line containing `# server_names_hash_bucket_size 64;` inside said file. +3. Uncomment the line and adjust the value; start with 64, but if you encounter issues, incrementally increase it *(e.g., 128, 256)* until it accommodates your configuration. +4. Open *(or duplicate the configuration)* and edit it: + * Example configuration, again: + ```sh + server { + access_log /dev/null; # Search log file. Do you really need to? + error_log /dev/null; # Error log file. + + # Change this if you have 4get in another folder. + root /var/www/4get; + # Change 'onionadress.onion' to your onion link. + server_name onionadress.onion; + # Port to listen to. + listen 80; + + location @php { + try_files $uri.php $uri/index.php =404; + # Change the unix socket address if it's different for you. + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + # Change this to `fastcgi_params` if you use a debian based distribution. + include fastcgi.conf; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @php; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } + + } + ``` + A real world example is present in [^2]. +5. Once done, check the configuration with `nginx -t`. If everything's fine and dandy, refer to the Tor guide to setup your onion site. + +

Other important things

+1. Configuration guide: Things to do after setup. +2. Apache2 guide: Fallback to this if you couldn't get Nginx to work, or you don't know something. + +

Known issues

+1. `php-apcu` not working in Artix[^1], this might be because of it being a systemd daemon, but the binary isn't present. This might apply to Arch Linux as well, since it is from where the package was gotten. Read more in the issue. + +[^1]: lolcat/4get#40, It might be needed to create a boot entry, but the binary is unknown. +[^2]: git.nadeko.net nadeko.net's 4get instance configuration. \ No newline at end of file