Help creating a Grav config & site setup

apidevlab · May 6, 2017

Please fill in any relevant information that applies to you:

CentOS Version: CentOS 7 64bit

Centmin Mod Version Installed: 123.09beta01

Nginx Version Installed: i.e. 1.13.0

PHP Version Installed: i.e. 5.6.30

MariaDB MySQL Version Installed:

When was last time updated Centmin Mod code base ? :

Persistent Config:

Am back again with a request for help to configure & setup a Grav site using the official (or not) nginx.conf they suggest at Nginx | Grav Documentation

I have been trying to configure the learn2 with git-sync plugin (skeleton) and am faced with a blank (white) page when I try to view the index page on install.

Normally this would redirect to the /admin to allow setup of the system so I figured it was the setup of nginx.conf

CM writes all the configuration files to /usr/local/nginx/conf

so I tried to 'merge' the relevant content 'blocks' of the shipped (Learn2) nginx.conf and 'include' this via the main /usr/local/nginx/conf/conf.d/host.example.com.conf and then restarted (without error) nginx this however did not fix the issue.

Does anyone fancy helping me get this working so I can document and share the steps with the community? Nginx Configuration Examples - CentminMod.com LEMP Nginx web stack for CentOS

I am using the learn 2 skeleton but would expect the standard grav package and admin plugin would be a better demonstration.

I have read up a little on the nginx.conf files but often see references to /sites-enabled so have gotten more than a little confused.

I am sure some here would be able to do this in minutes and may already have a Grav instance running under CM I would just welcome the opportunity to do the same and share the steps with the community.

REF LINKS:

Nginx | Grav Documentation
Learn2 with Git Sync | Grav CMS Open (Education) Resource Projects
Learn2 with Git Sync nginx.conf · GitHub

Colin · May 7, 2017

I'd not heard of GRAV until this post. Thanks for that initially. I've been reviewing static site generators recently and exploring JAM stack stuff. Including a natty React CMS thing from netlify which uses github api and build triggers, as such is not a server deployed site in the traditional way.

Anyhow to the problem in hand. The white page says it all. One of your php error logs will have more info for a white screen of death event. I tend to wind it back to basic echo tests when that has happened.

Looking at the sample conf there are a few 'security' lines which will be needed in the long run, and the try files section almost definitely.

Don't worry about sites-enabled/sites-available, this is just a concept, the centminmod install does away and just has the /usr/local/nginx/conf/conf.d/host.example.com.conf. So any notes made toward sites-enabled, use the CM conf file.

I'd hazard for a normal CM install you'd only need the following in your host.example.com.conf file and replacing your location block.
Code:
## Begin - Index
    # for subfolders, simply adjust:
    # `location /subfolder {`
    # and the rewrite to use `/subfolder/index.php`
    location / {
        try_files $uri $uri/ /index.php?_url=$uri&$query_string;
    }
    ## End - Index

    ## Begin - Security
    # deny all direct access for these folders
    location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
    ## End - Security
If it's still not playing ball, move the index.php out of the way, create a new index.php with a simple echo phpinfo, to sanity check php, check requirements etc, then go forward again.

The smoking gun of your post is

apidevlab said: ↑

learn2 with git-sync plugin (skeleton)
Click to expand...

I'd have to dig more on that plugin specifically... It looks like a nice tool overall. On my reading list.

eva2000 · May 7, 2017

FYI @Colin for sample vhosts you can use vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS which are nginx vhost templates for 123.08stable so slightly different from 123.09beta01 until it is stable

But if you run centmin.sh menu option 2, 22 or nv commands to create Nginx vhost first you can just edit the domain.com.conf and/or domain.com.ssl.conf that is generated.

But from brief look at Grav docs, do not add anything into Centmin Mod nginx.conf, all of them should be added to just your site nginx vhost file for your domain

example of vhost generator generated domain.com non-HTTPS vhost file

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name domain.com;
#            return 301 $scheme://www.domain.com$request_uri;
#       }

server {
  server_name domain.com www.domain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

change it for Grav

Leaving off php context block completely as Centmin Mod has a include /usr/local/nginx/conf/php.conf file for that php processing
Of the 3 security headers nginx.conf Grav example adds, 2 are already included but commented out in default Centmin Mod Nginx vhosts and just missing one for add_header "X-UA-Compatible" "IE=Edge"

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name domain.com;
#            return 301 $scheme://www.domain.com$request_uri;
#       }

server {
  server_name domain.com www.domain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  # force the latest IE version
  add_header "X-UA-Compatible" "IE=Edge";

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

  location / {
    try_files $uri $uri/ /index.php?_url=$uri&$query_string;
  }

## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

apidevlab · May 7, 2017

Colin said: ↑
I'd hazard for a normal CM install you'd only need the following in your host.example.com.conf file and replacing your location block.
Code:
## Begin - Index
    # for subfolders, simply adjust:
    # `location /subfolder {`
    # and the rewrite to use `/subfolder/index.php`
    location / {
        try_files $uri $uri/ /index.php?_url=$uri&$query_string;
    }
    ## End - Index

    ## Begin - Security
    # deny all direct access for these folders
    location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
    ## End - Security
.
Click to expand...
That is exactly what I had done, so at least I was in the 'ballpark' so to speak. Many thanks for the detailed reply. I will keep at it and use @eva2000 post too.

As for Grav it's an excellent package but it does have a learning curve and it's quirks. Indeed a negative levelled at all these 'static' or 'flat file' generators etc is they can be more trouble than simple good ol fashioned HTML

On an Apache server I have a learn2 setup with the git-sync plugin, I can edit the docs via Gravs admin interface and upon save it posts a commit to gitlab and the site is updated, it's what all the cool kids are doing where it has an advantage would be via pulls so anyone can update the docs and a new pull triggers a new build.

apidevlab · May 7, 2017

eva2000 said: ↑

FYI @Colin

But from brief look at Grav docs, do not add anything into Centmin Mod nginx.conf, all of them should be added to just your site nginx vhost file for your domain...

change it for Grav

Leaving off php context block completely as Centmin Mod has a include /usr/local/nginx/conf/php.conf file for that php processing
Of the 3 security headers nginx.conf Grav example adds, 2 are already included but commented out in default Centmin Mod Nginx vhosts and just missing one for add_header "X-UA-Compatible" "IE=Edge"

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name domain.com;
#            return 301 $scheme://www.domain.com$request_uri;
#       }

server {
  server_name domain.com www.domain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  # force the latest IE version
  add_header "X-UA-Compatible" "IE=Edge";

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

  location / {
    try_files $uri $uri/ /index.php?_url=$uri&$query_string;
  }

## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Click to expand...

Super, I had realised that this was added to the domain.conf but it's great to have clarification. Is there any mileage to be had using an include directive?

Code (Text):

include /usr/local/nginx/conf/grav.conf;

eva2000 · May 7, 2017

probably could put in grav.conf the security settings
Code (Text):
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
apidevlab said: ↑

On an Apache server I have a learn2 setup with the git-sync plugin, I can edit the docs via Gravs admin interface and upon save it posts a commit to gitlab and the site is updated, it's what all the cool kids are doing where it has an advantage would be via pulls so anyone can update the docs and a new pull triggers a new build.
Click to expand...

Nice

apidevlab · May 7, 2017

Still not managing it, even witha non SSL setup am getting 502 errors now am going to try again tommmorow. Need to able to figure this out, but important that I get it over SSL too.Keeping at it...

apidevlab · May 7, 2017

Well I now have the white screen again, am showing no errors for ngxrestart and fpmrestart so am to assume all the ngix confs are now correct (I have included a grav.conf for the security directives)

but I cannot see any logs, all my logs at /var/log/php-fpm and nginx are empty??

Seems I AM looking in the wrong place, I have found the error log an it's pointing to a permissions error so am off to read the Grav docs
Code (Text):
FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught exception 'RuntimeException' with message 'Creating directory '/home/nginx/domains/xxxxxxxxxxxxxxxxxxx/public/cache//compiled/files' failed on error mkdir(): Permission denied' in /home/nginx/domains/xxxxxxxxxxxxxxxx/public/vendor/rockettheme/toolbox/File/src/File.php:420

apidevlab · May 7, 2017

apidevlab said: ↑
I have found the error log an it's pointing to a permissions error so am off to read the Grav docs
Code (Text):
FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught exception 'RuntimeException' with message 'Creating directory '/home/nginx/domains/xxxxxxxxxxxxxxxxxxx/public/cache//compiled/files' failed on error mkdir(): Permission denied' in /home/nginx/domains/xxxxxxxxxxxxxxxx/public/vendor/rockettheme/toolbox/File/src/File.php:420
Click to expand...
Yay I read Permissions | Grav Documentation and changed the cache folder permissions and eh voila, I have not installed yet but suffice to say seeing the Grav admin screen after 2/3 days of frustration has made me a happy camper

will keep this thread updated to share the steps but essentially thanks to @eva2000 and @Colin for the pointers.

Have now been able to login and the pages are displaying but am having to manually set permissions which is not ideal. The Grav docs provide this script:
Code (Text):
#!/bin/sh
chown -R joeblow:staff .
find . -type f | xargs chmod 664
find ./bin -type f | xargs chmod 775
find . -type d | xargs chmod 775
find . -type d | xargs chmod +s
umask 0002
When I run this after setting permissions I get a 'bad interpreter' error whic after reading Bash script: bad interpreter is exactly what the issue was I created the file on Windoze...

apidevlab · May 7, 2017

I just updated the Form plugin via Grav dashboard 2.5.0 > 2.6.0 without issues so it's starting to seem that I have cracked it. I will keep playing but at some point will write up a quick guide for the community and share the nginx conf files too

apidevlab · May 8, 2017

As promised (and a great way to spend a few hours on a Sunday afternoon)

Creating a Grav site under nginx and php-fpm

eva2000 · May 8, 2017

You had a busy 24hrs

so nginx:nginx user/group don't work and as to be nginx:root ? you should be able to use nginx:nginx

apidevlab · May 8, 2017

eva2000 said: ↑

so nginx:nginx user/group don't work and as to be nginx:root ? y
Click to expand...

I think it's due to the fact I use winSCP as root, I haven't investigated in depth I just made a quick call, it's only a private test site so I can blitz & break things but will investigate permissions properly it's to important. Just been a great learning experience

Permissions set as suggested

eva2000 · May 8, 2017

Ah Getting Started Step 2 https://centminmod.com/getstarted.html
Whenever you completed uploading new files, you'd need to give them correct user and group permissions within SSH window as root user type:
Code (Text):
chown -R nginx:nginx /home/nginx/domains/newdomain.com/public
Click to expand...
you can also use backup-perm.sh tool https://community.centminmod.com/th...kup-restore-file-directory-permissions.10633/ to setup cronjob for nginx:nginx permission chown runs

apidevlab · May 8, 2017

eva2000 said: ↑

Ah Getting Started Step 2 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS

you can also use backup-perm.sh tool https://community.centminmod.com/th...kup-restore-file-directory-permissions.10633/ to setup cronjob for nginx:nginx permission chown runs
Click to expand...

Permissions updated and another link added to my ever expanding reading list, have updatedmy wiki page too, many thanks for the pointers.

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Help creating a Grav config & site setup

apidevlab Member

Colin Premium Member Premium Member

eva2000 Administrator Staff Member

apidevlab Member

apidevlab Member

eva2000 Administrator Staff Member

apidevlab Member

apidevlab Member

apidevlab Member

apidevlab Member

apidevlab Member

eva2000 Administrator Staff Member

apidevlab Member

eva2000 Administrator Staff Member

apidevlab Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Help creating a Grav config & site setup

apidevlab Member

Colin Premium Member Premium Member

eva2000 Administrator Staff Member

apidevlab Member

apidevlab Member

eva2000 Administrator Staff Member

apidevlab Member

apidevlab Member

apidevlab Member

apidevlab Member

apidevlab Member

eva2000 Administrator Staff Member

apidevlab Member

eva2000 Administrator Staff Member

apidevlab Member

.