Any improvements to the Nginx configuration would surely be appreciated! Thanks.
Great! I will provide you the config later this evening.
Below is the nginx conf. Hope it’s useful.
server {
listen 80;
server_name yourservername.com;
root /path/to/your/webroot/grav;
#index index.html index.htm index.php;
# NOTE: Should be already in the http block. If so, not needed here.
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* \.php$ {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
try_files $uri $uri/ =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
If you are using TCP/IP connection instead of unix socket, change fastcgi_pass to:
fastcgi_pass 127.0.0.1:9000;
Note: socket connections are faster than TCP/IP connections.
Thanks!
Yw :-)!
@duskop what about the restrictions we have to stop access to certain folders?
https://github.com/getgrav/grav/blob/develop/nginx.conf#L29-L49
Thanks for the checking rhukster! On my systems, the directories from those lines are “403 Forbidden” when accessed with web browsers (“301 Moved Permanently” with curl); e.g. if I try myservername.com/vendor, I get 403 error. For exact path, e.g. system/src/Grav/Common/User/Authentication.php, it’s not redirected to the Error page (as with the “rewrite” directive). Instead, it’s readable but not executed – my file permissions on the server are configured such that files are read/write and owned by a regular user without elevated privileges. Similarly, for files in the bin directory, which need to be set to executable on the server, they are not executed, e.g. for bin/gpm, the web browser opens/downloads it for reading. Would that be considered expected behaviour?
I wanted to simplify Nginx config as much as possible… If the above method is not a good practice, “rewrite” directive lines in my settings will need to come back.
Also, I wanted to avoid using If, as per Nginx documentation, IfIsEvil: http://wiki.nginx.org/IfIsEvil.
Just for the record, I installed a Centos 7 VM and then installed latest Openlitespeed. After a little work getting Centos into shape so I could recompile PHP, i built PHP5.6 and ran it with the LSAPI interface for lshttpd. I configured a new Virtual Host for the grav blog skeleton, and eve pasted in the .htaccess rewrite stuff as-is. Works great!
So runs fine on Openlitespeed no problem, and I had already tested it on the commercial version of Litespeed also. So chalk that one up in the win column!