Welcome to Centmin Mod Community
Register Now

Xenforo X-Accel-Redirect Nginx Configuration help for Xenforo

Discussion in 'Forum software usage' started by Sunka, Feb 2, 2016.

Tags:
  1. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    @eva2000 could you help me with this:
    First part will going into my SSL conf domain
    so this part:
    Code:
    location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow MY IP;
            deny all;
        }
    will become this:
    Code:
    location /internal_data/ {
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            internal;
         }

    But this part
    Code:
    location ~ [^/]*\.php$ {
    try_files $fastcgi_script_name =404;
    include fastcgi.conf;
    fastcgi_pass_header Etag;
    }
    Should be added into (nginx) staticfiles.conf?
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    don't need add_header for
    Code:
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
    in /internal_data as it's an internal; set so general web public won't be accessing that

    edit your /usr/local/nginx/conf/php.conf includes via cmd shortcut phpinc or if you copied /usr/local/nginx/conf/php.conf to a new file to include in your vhosts i.e. wordpress setups
     
    Last edited: Feb 2, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    You can find all your php.conf include copies via grep for open_basedir
    Code:
    grep -rl 'open_basedir' /usr/local/nginx/conf/*
    Code:
    grep -rl 'open_basedir' /usr/local/nginx/conf/*
    /usr/local/nginx/conf/php-pool2.conf
    /usr/local/nginx/conf/php-pool3.conf
    /usr/local/nginx/conf/php-pool4.conf
    /usr/local/nginx/conf/php-pool5.conf
    /usr/local/nginx/conf/php.conf
    /usr/local/nginx/conf/phpalt.conf
    /usr/local/nginx/conf/phpssl.conf
     
    • Informative Informative x 1
  4. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    so this ((nginx) php.conf) part:
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    to this:
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        try_files $fastcgi_script_name =404;
        include fastcgi.conf;
        fastcgi_pass_header Etag;
    }
    Don't needed at all, or not needed add_header part?

    I am lost again :unsure:
     
  5. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    yup and yup
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    oh you don't need this part for centmin mod as it's all in php.conf already
    Code:
    include fastcgi.conf;
     
    • Agree Agree x 1
  7. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    And if I see right, "}" is extra

    So it will be this (just two last rows):
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        try_files $fastcgi_script_name =404;
        fastcgi_pass_header Etag;
    And another code for domain.conf I do not need? I need just two new rows in code above?
    Code:
    add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    not sure if that is needed since this already exists
    Code:
    try_files $uri =404;
     
  9. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Ok, then just one change (last row)
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        fastcgi_pass_header Etag;

    What about second code change in internal data in domain.conf
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
     
  10. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Sorry for wrong thread postings, have many tabs opened at the moment
     
  11. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    should be good for both
     
  12. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Sorry, I do not understand
     
  13. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
  14. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    But second part was a question.
    Should I change also domain.conf and somehow add/merge below code, or not?
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
    Btw, this is link to github
     
  15. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    just saying that syntax looks correct, whether you use it, merge it or alter your existing version is up to you as I no idea what that/your trying to do with that code heh
     
  16. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    oh if it's XAR - Attachment | XenForo Community then just follow that instructed outline

    Code:
    location ^~ /internal_data/ {
      add_header Etag $upstream_http_etag;
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Content-Type-Options nosniff;
      internal;
    }
     
  17. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    ah reading up on XAR Attachment addon seems won't benefit me at all as I use bd Attachment addon already XAR - Attachment | Page 2 | XenForo Community :)

    @Xon quote
     
    • Agree Agree x 1
  18. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    I do not know too..
    I asked Yoskaldyr, Xon and you Eva2000, and with help from all of you I can not do that correct way.

    It is not XAR - attahment mode, because Yoskaldyr addon (beside rest) also has this part integrated, and I have to have installed that addon because another two addons from Yoskaldyr. So, his addon (beside rest) do same thing like Xon's addon, but it will be unlogical to have installed two addons with same purpose.
    I just can not understand how to integrate that 2 codes.

    cmf_core/toc.md at master · Yoskaldyr/cmf_core · GitHub

    OK, for first part it is just 1 line into nginx php, but another part is going inot domain.conf, but all I can do from my level of knowledge is to integrate this
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
    into this:
    Code:
    location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow 46.101.130.248;
            deny all;
        }
    and will become this on the end
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
    Deleted stuff is this:
    Code:
    location /internal_data/ {
    allow 127.0.0.1;
    allow 46.101.130.248;
    deny all;
     
  19. eva2000

    eva2000 Administrator Staff Member

    29,012
    6,581
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,771
    Local Time:
    1:16 AM
    Nginx 1.13.x
    MariaDB 5.5
    just
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
        }
     
  20. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    5:16 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Conclusion...

    from this suggested part of code I will use only one row:
    Code:
    location ~ [^/]*\.php$ {
    try_files $fastcgi_script_name =404;
    include fastcgi.conf;
    fastcgi_pass_header Etag;
    }
    In (nginx) php.conf add just that one row (last in code)

    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
        fastcgi_pass_header Etag;
    -------------------------------------------------------------------

    And regarding second suggested code:
    Code:
    location ^~ /internal_data/ {
            if ($upstream_http_etag != "") {
                add_header Etag $upstream_http_etag;
            }
            internal;
    I just put it into SSL domain.conf

    Replacing this code:
    Code:
    location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow MY IP;
            deny all;
        }