Learn about Centmin Mod LEMP Stack today
Become a Member

Xenforo X-Accel-Redirect Nginx Configuration help for Xenforo

Discussion in 'Forum software usage' started by Sunka, Feb 2, 2016.

Tags:
  1. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    @eva2000 could you help me with this:
    First part will going into my SSL conf domain
    so this part:
    Code:
    location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow MY IP;
            deny all;
        }
    will become this:
    Code:
    location /internal_data/ {
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            internal;
         }

    But this part
    Code:
    location ~ [^/]*\.php$ {
    try_files $fastcgi_script_name =404;
    include fastcgi.conf;
    fastcgi_pass_header Etag;
    }
    Should be added into (nginx) staticfiles.conf?

     
  2. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    don't need add_header for
    Code:
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
    in /internal_data as it's an internal; set so general web public won't be accessing that

    edit your /usr/local/nginx/conf/php.conf includes via cmd shortcut phpinc or if you copied /usr/local/nginx/conf/php.conf to a new file to include in your vhosts i.e. wordpress setups
     
    Last edited: Feb 2, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You can find all your php.conf include copies via grep for open_basedir
    Code:
    grep -rl 'open_basedir' /usr/local/nginx/conf/*
    Code:
    grep -rl 'open_basedir' /usr/local/nginx/conf/*
    /usr/local/nginx/conf/php-pool2.conf
    /usr/local/nginx/conf/php-pool3.conf
    /usr/local/nginx/conf/php-pool4.conf
    /usr/local/nginx/conf/php-pool5.conf
    /usr/local/nginx/conf/php.conf
    /usr/local/nginx/conf/phpalt.conf
    /usr/local/nginx/conf/phpssl.conf
     
  4. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    so this ((nginx) php.conf) part:
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    to this:
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        try_files $fastcgi_script_name =404;
        include fastcgi.conf;
        fastcgi_pass_header Etag;
    }
    Don't needed at all, or not needed add_header part?

    I am lost again :unsure:
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup and yup
     
  6. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    oh you don't need this part for centmin mod as it's all in php.conf already
    Code:
    include fastcgi.conf;
     
  7. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    And if I see right, "}" is extra

    So it will be this (just two last rows):
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        try_files $fastcgi_script_name =404;
        fastcgi_pass_header Etag;
    And another code for domain.conf I do not need? I need just two new rows in code above?
    Code:
    add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
     
  8. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    not sure if that is needed since this already exists
    Code:
    try_files $uri =404;
     
  9. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Ok, then just one change (last row)
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        fastcgi_pass_header Etag;

    What about second code change in internal data in domain.conf
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
     
  10. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Sorry for wrong thread postings, have many tabs opened at the moment
     
  11. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    should be good for both
     
  12. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Sorry, I do not understand
     
  13. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  14. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    But second part was a question.
    Should I change also domain.conf and somehow add/merge below code, or not?
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
    Btw, this is link to github
     
  15. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    just saying that syntax looks correct, whether you use it, merge it or alter your existing version is up to you as I no idea what that/your trying to do with that code heh
     
  16. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    oh if it's XAR - Attachment | XenForo Community then just follow that instructed outline

    Code:
    location ^~ /internal_data/ {
      add_header Etag $upstream_http_etag;
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Content-Type-Options nosniff;
      internal;
    }
     
  17. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah reading up on XAR Attachment addon seems won't benefit me at all as I use bd Attachment addon already XAR - Attachment | Page 2 | XenForo Community :)

    @Xon quote
     
  18. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    I do not know too..
    I asked Yoskaldyr, Xon and you Eva2000, and with help from all of you I can not do that correct way.

    It is not XAR - attahment mode, because Yoskaldyr addon (beside rest) also has this part integrated, and I have to have installed that addon because another two addons from Yoskaldyr. So, his addon (beside rest) do same thing like Xon's addon, but it will be unlogical to have installed two addons with same purpose.
    I just can not understand how to integrate that 2 codes.

    cmf_core/toc.md at master · Yoskaldyr/cmf_core · GitHub

    OK, for first part it is just 1 line into nginx php, but another part is going inot domain.conf, but all I can do from my level of knowledge is to integrate this
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
    into this:
    Code:
    location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow 46.101.130.248;
            deny all;
        }
    and will become this on the end
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
    Deleted stuff is this:
    Code:
    location /internal_data/ {
    allow 127.0.0.1;
    allow 46.101.130.248;
    deny all;
     
  19. eva2000

    eva2000 Administrator Staff Member

    55,942
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    5:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    just
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
     
  20. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:09 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Conclusion...

    from this suggested part of code I will use only one row:
    Code:
    location ~ [^/]*\.php$ {
    try_files $fastcgi_script_name =404;
    include fastcgi.conf;
    fastcgi_pass_header Etag;
    }
    In (nginx) php.conf add just that one row (last in code)

    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        fastcgi_pass_header Etag;
    -------------------------------------------------------------------

    And regarding second suggested code:
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
    I just put it into SSL domain.conf

    Replacing this code:
    Code:
    location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow MY IP;
            deny all;
        }