Want to subscribe to topics you're interested in?
Become a Member

Help creating a Grav config & site setup

Discussion in 'Other Web Apps usage' started by apidevlab, May 6, 2017.

Tags:
  1. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.13.0
    • PHP Version Installed: i.e. 5.6.30
    • MariaDB MySQL Version Installed:
    • When was last time updated Centmin Mod code base ? :
    • Persistent Config:
    Am back again with a request for help to configure & setup a Grav site using the official (or not) nginx.conf they suggest at Nginx | Grav Documentation

    I have been trying to configure the learn2 with git-sync plugin (skeleton) and am faced with a blank (white) page when I try to view the index page on install.

    Normally this would redirect to the /admin to allow setup of the system so I figured it was the setup of nginx.conf

    CM writes all the configuration files to /usr/local/nginx/conf

    so I tried to 'merge' the relevant content 'blocks' of the shipped (Learn2) nginx.conf and 'include' this via the main /usr/local/nginx/conf/conf.d/host.example.com.conf and then restarted (without error) nginx this however did not fix the issue.

    Does anyone fancy helping me get this working so I can document and share the steps with the community? Nginx Configuration Examples - CentminMod.com LEMP Nginx web stack for CentOS

    I am using the learn 2 skeleton but would expect the standard grav package and admin plugin would be a better demonstration.

    I have read up a little on the nginx.conf files but often see references to /sites-enabled so have gotten more than a little confused.

    I am sure some here would be able to do this in minutes and may already have a Grav instance running under CM I would just welcome the opportunity to do the same and share the steps with the community.

    REF LINKS:

    Nginx | Grav Documentation
    Learn2 with Git Sync | Grav CMS Open (Education) Resource Projects
    Learn2 with Git Sync nginx.conf ยท GitHub
     
  2. Colin

    Colin Premium Member Premium Member

    111
    33
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +83
    Local Time:
    5:21 PM
    1.11.#
    MariaDB 10.1.#
    I'd not heard of GRAV until this post. Thanks for that initially. I've been reviewing static site generators recently and exploring JAM stack stuff. Including a natty React CMS thing from netlify which uses github api and build triggers, as such is not a server deployed site in the traditional way.

    Anyhow to the problem in hand. The white page says it all. One of your php error logs will have more info for a white screen of death event. I tend to wind it back to basic echo tests when that has happened.

    Looking at the sample conf there are a few 'security' lines which will be needed in the long run, and the try files section almost definitely.

    Don't worry about sites-enabled/sites-available, this is just a concept, the centminmod install does away and just has the /usr/local/nginx/conf/conf.d/host.example.com.conf. So any notes made toward sites-enabled, use the CM conf file.

    I'd hazard for a normal CM install you'd only need the following in your host.example.com.conf file and replacing your location block.

    Code:
    ## Begin - Index
        # for subfolders, simply adjust:
        # `location /subfolder {`
        # and the rewrite to use `/subfolder/index.php`
        location / {
            try_files $uri $uri/ /index.php?_url=$uri&$query_string;
        }
        ## End - Index
    
        ## Begin - Security
        # deny all direct access for these folders
        location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
        # deny running scripts inside core system folders
        location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
        # deny running scripts inside user folder
        location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
        # deny access to specific files in the root folder
        location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
        ## End - Security
    
    If it's still not playing ball, move the index.php out of the way, create a new index.php with a simple echo phpinfo, to sanity check php, check requirements etc, then go forward again.

    The smoking gun of your post is
    I'd have to dig more on that plugin specifically... It looks like a nice tool overall. On my reading list.
     
    • Like Like x 2
  3. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    2:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    FYI @Colin for sample vhosts you can use vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS which are nginx vhost templates for 123.08stable so slightly different from 123.09beta01 until it is stable :) But if you run centmin.sh menu option 2, 22 or nv commands to create Nginx vhost first you can just edit the domain.com.conf and/or domain.com.ssl.conf that is generated.

    But from brief look at Grav docs, do not add anything into Centmin Mod nginx.conf, all of them should be added to just your site nginx vhost file for your domain

    example of vhost generator generated domain.com non-HTTPS vhost file

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name domain.com;
    #            return 301 $scheme://www.domain.com$request_uri;
    #       }
    
    server {
      server_name domain.com www.domain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      root /home/nginx/domains/domain.com/public;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    


    change it for Grav
    • Leaving off php context block completely as Centmin Mod has a include /usr/local/nginx/conf/php.conf file for that php processing
    • Of the 3 security headers nginx.conf Grav example adds, 2 are already included but commented out in default Centmin Mod Nginx vhosts and just missing one for add_header "X-UA-Compatible" "IE=Edge"
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name domain.com;
    #            return 301 $scheme://www.domain.com$request_uri;
    #       }
    
    server {
      server_name domain.com www.domain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      # force the latest IE version
      add_header "X-UA-Compatible" "IE=Edge";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      root /home/nginx/domains/domain.com/public;
    
      location / {
        try_files $uri $uri/ /index.php?_url=$uri&$query_string;
      }
    
    ## Begin - Security
    # deny all direct access for these folders
    location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
    ## End - Security
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
    • Like Like x 1
  4. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    That is exactly what I had done, so at least I was in the 'ballpark' so to speak. Many thanks for the detailed reply. I will keep at it and use @eva2000 post too.

    As for Grav it's an excellent package but it does have a learning curve and it's quirks. Indeed a negative levelled at all these 'static' or 'flat file' generators etc is they can be more trouble than simple good ol fashioned HTML

    On an Apache server I have a learn2 setup with the git-sync plugin, I can edit the docs via Gravs admin interface and upon save it posts a commit to gitlab and the site is updated, it's what all the cool kids are doing :) where it has an advantage would be via pulls so anyone can update the docs and a new pull triggers a new build.
     
  5. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    Super, I had realised that this was added to the domain.conf but it's great to have clarification. Is there any mileage to be had using an include directive?

    Code (Text):
    include /usr/local/nginx/conf/grav.conf;
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    2:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    probably could put in grav.conf the security settings
    Code (Text):
    ## Begin - Security
    # deny all direct access for these folders
    location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
    ## End - Security
    

    Nice :)
     
    • Informative Informative x 1
  7. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    Still not managing it, even witha non SSL setup am getting 502 errors now :( am going to try again tommmorow. Need to able to figure this out, but important that I get it over SSL too.Keeping at it...
     
  8. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    Well I now have the white screen again, am showing no errors for ngxrestart and fpmrestart so am to assume all the ngix confs are now correct (I have included a grav.conf for the security directives)

    but I cannot see any logs, all my logs at /var/log/php-fpm and nginx are empty??

    Seems I AM looking in the wrong place, I have found the error log an it's pointing to a permissions error so am off to read the Grav docs :)

    Code (Text):
    FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught exception 'RuntimeException' with message 'Creating directory '/home/nginx/domains/xxxxxxxxxxxxxxxxxxx/public/cache//compiled/files' failed on error mkdir(): Permission denied' in /home/nginx/domains/xxxxxxxxxxxxxxxx/public/vendor/rockettheme/toolbox/File/src/File.php:420
    
     
    Last edited: May 7, 2017
  9. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    Yay :) I read Permissions | Grav Documentation and changed the cache folder permissions and eh voila, I have not installed yet but suffice to say seeing the Grav admin screen after 2/3 days of frustration has made me a happy camper :)

    will keep this thread updated to share the steps but essentially thanks to @eva2000 and @Colin for the pointers.

    Have now been able to login and the pages are displaying but am having to manually set permissions which is not ideal. The Grav docs provide this script:

    Code (Text):
    #!/bin/sh
    chown -R joeblow:staff .
    find . -type f | xargs chmod 664
    find ./bin -type f | xargs chmod 775
    find . -type d | xargs chmod 775
    find . -type d | xargs chmod +s
    umask 0002
    


    When I run this after setting permissions I get a 'bad interpreter' error whic after reading Bash script: bad interpreter is exactly what the issue was I created the file on Windoze...
     
    Last edited: May 7, 2017
    • Informative Informative x 1
  10. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    I just updated the Form plugin via Grav dashboard 2.5.0 > 2.6.0 without issues so it's starting to seem that I have cracked it. I will keep playing but at some point will write up a quick guide for the community and share the nginx conf files too
     
  11. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    2:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    You had a busy 24hrs :)

    so nginx:nginx user/group don't work and as to be nginx:root ? you should be able to use nginx:nginx
     
  13. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    I think it's due to the fact I use winSCP as root, I haven't investigated in depth I just made a quick call, it's only a private test site so I can blitz & break things but will investigate permissions properly it's to important. Just been a great learning experience :)

    2017-05-08 00_05_11-Provision VPS _ RTFM Centminmod.png 2017-05-08 00_04_06-Provision VPS _ RTFM Centminmod.png

    Permissions set as suggested :)
     
    Last edited: May 8, 2017
  14. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    2:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Informative Informative x 1
  15. apidevlab

    apidevlab Member

    88
    30
    18
    Mar 22, 2016
    /dev/null
    Ratings:
    +54
    Local Time:
    5:21 PM
    1.11.1
    5.2.14-122
    • Like Like x 1