Topic: Installation of ConfTool on nginx Web Servers  (Read 35614 times)

We don't use Apache, but nginx as web server: http://nginx.org/
Can we use ConfTool on this platform, too?

We haven't installed ConfTool on nginx ourselves yet, but users reported that it works well.

We got the following example configuration file from Kristien Clayton from UNSW Australia.
We hope it will help others to make ConfTool run on their nginx machine as well.

Please note: as PHP is running as CGI in nginx, there might be problems with large up- and downloads or long-running processes e.g. the data export.
Please remember to do corresponding tests before you start using your installation.

Code: [Select]
########
# NGINX 1.8 with ConfTool Standard 1.8.4 under FreeBSD-10.0-RELEASE (with SSL/HTTPS)
# Other packages involved:
# * MySQL 5.6
# * PHP 5.6 (extensions: iconv,curl,mbstring,gd)
########
server {
        listen 443 ssl;
        server_name register.eg.fqdn.org;

        ssl_certificate servercert_eg_fqdn_bundle.pem;
        ssl_certificate_key serverkey_eg_fqdn.pem;
        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

# For this example ConfTool appears at https://register.eg.fqdn.org/
        root /usr/local/www/conftool/htdocs;
        index index.php index.html index.htm;

        access_log /var/log/nginx-conftool-access.log;
        error_log  /var/log/nginx-conftool-error.log info;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location ~* \.(txt|log)$ {
                allow 127.0.0.1;
                deny all;
        }

        location ~ \..*/.*\.php {
                return 403;
        }

# See: https://www.conftool.net/en/technical-documentation/installation-instructions.html
# Note *.ph_ is a local addition
        location ~* (\.bak|\.BAK|\~|.ph_)$ {
                return 403;
        }

        location / {
                try_files $uri $uri/ index.html;
                expires max;
        }

# Chain to php-fpm
        location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PHP_VALUE "include_path=.:/usr/local/www/conftool/etc";
                fastcgi_intercept_errors on;
                include fastcgi_params;
        }
}

# TLS only: we're dealing with personal data as well as login details entered in Web forms.
server {
        listen 80;
        return 301 https://$host$request_uri;
}