I am setting up cmsimple (currently 2.9 + security fix) under the nginx webserver using fastcgi due to its smaller memory footprint. Things are configured in analogy to the hints of using drupal 4.7 with nginx. Two vhosts using different cmsimple setups are affected.
I almost works.
What does not work: logins.
Affected are both logins to the system itself as well as logins to protected pages.
In addition not all images will be displayed.
Everything is working with apache 2.2.2 + mod_php
The current setup uses port 888 for nginx and port 80 for apache; both web servers access the same directory structure.
Any suggestions?
THX
Beate
cmsimple / nginx / fastcgi
Re: cmsimple / nginx / fastcgi
Well, no suggestions, but al lot of reads
After some testing i found a solution, even without the need of the rewrite rule given on the cmsimple site. It is already slightly optimized, but i guess there might be room for further improvement. Maybe it is of interest.
The code snippet below refers to a typical vhost section. It should be noted that passing image files through nginx' gzip module might lead to truncation of the data. So it is advisable not onloy for performance to serve these files statically.
in addition, the following settings have to be added to /etc/nginx/fastcgi_params
Beate
Edit: added protection of critical pages
After some testing i found a solution, even without the need of the rewrite rule given on the cmsimple site. It is already slightly optimized, but i guess there might be room for further improvement. Maybe it is of interest.
The code snippet below refers to a typical vhost section. It should be noted that passing image files through nginx' gzip module might lead to truncation of the data. So it is advisable not onloy for performance to serve these files statically.
Code: Select all
server {
listen 80;
server_name www.example.com;
location / {
root /var/www/example.com/;
index index.html;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/example.com$fastcgi_script_n\
ame;
fastcgi_param QUERY_STRING $query_string;
if (-f $request_filename) {
break;
}
# CMSIMPLE specific: don't allow dynamic files in certain directories
if ( $uri !~ "/(images|downloads)/" ) {
fastcgi_pass 127.0.0.1:9999;
}
}
# security: protect critical directories
location ~ /(cmsimple|templates|content)/ {
deny all;
}
# serve static files directly
location ^/.*+.(jpg|jpeg|gif|css|png|js|ico|htm|html)$ {
root /var/www/example.com;
access_log off;
expires 30d;
}
# userdir simulation
location ~ /~([a-zA-Z0-9]*)/(.*) {
# the [a-zA-Z0-9] is for the greedy .
root /home/;
autoindex on;
index index.html;
rewrite ^/~([a-zA-Z0-9]*)/(.*)$ /$1/public_html/$2 break;
}
}
Code: Select all
## bea ++
fastcgi_pass_header Authorization;
fastcgi_intercept_errors off;
Beate
Edit: added protection of critical pages
Last edited by beate_r on Sun Jun 01, 2008 10:19 am, edited 2 times in total.
Re: cmsimple / nginx / fastcgi
Beate,
as this is a very valuable information relating to a very special situation, why not add this to http://www.cmsimplewiki.com/?
That would be great help!
as this is a very valuable information relating to a very special situation, why not add this to http://www.cmsimplewiki.com/?
That would be great help!
|---
Connie Müller-Gödecke, http://www.webdeerns.de
Connie Müller-Gödecke, http://www.webdeerns.de
Re: cmsimple / nginx / fastcgi
done
Beate
Beate
Re: cmsimple / nginx / fastcgi
When i wrote my server configuration i did not consider that nginx does not recognize apache/ncsa conformant .htaccess pages. Therefore any protective measures must be taken within the configuration of each vhost in nginx.
Here the missing code (which i added to my original posting as well):
This addition is crucial - missing protection allows intruders to access the login password.
Beate
Here the missing code (which i added to my original posting as well):
Code: Select all
location ~ /(cmsimple|templates|content)/ {
deny all;
}
Beate