ServZoo Posted June 10, 2014 Report Share Posted June 10, 2014 So, I'm not an expert on Blesta or NGINX, but I have learned the easy way to make the two work and wanted to share. Credit to cloudrck for starting the project on github (I have used a lot of his work in the config.) 1.) Fire up a fresh install of Ubuntu 14.04 64-Bit (DigitalOcean works great for testing) 2.) Install EasyEngine (easy way to setup a LEMP server) curl -sL rt.cx/ee | sudo bash ee system install 3.) Create your site with EasyEngine ee site create youdomainname.com --mysql 4.) Install Ioncube cd /usr/local sudo wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz sudo tar xzf ioncube_loaders_lin_x86-64.tar.gz mv /usr/local/ioncube/* /usr/lib/php5/20121212/ nano /etc/php5/fpm/php.ini zend_extension = /usr/lib/php5/20121212/ioncube_loader_lin_5.5.so service php5-fpm restart 5.) Apply PHP 5.5 Hotfix Prepare your files before you upload. Copy the "blesta" folder from the PHP5.5 Hotfix folder to the main "blesta" folder. This will overwrite the files that need to be replaced. Zip up your "blesta" folder contents and upload to your new server instance. 6.) Edit your NGINX Conf cd /etc/nginx/sites-available/ cp *yourdomain.com *yourdomain.com.backup nano You can use the following NGINX config as a starting point (it should work out of the box for you after you edit the paths.) # MYSQL NGINX CONFIGURATION server { listen 80; listen 443 ssl; server_name *your FQN*; access_log /var/log/nginx/*log directory & file* rt_cache; error_log /var/log/nginx/*log directory & file*; root *local directory for Blesta install*; index index.php index.htm index.html; server_name *your FQN*; ssl_certificate *SSL Cert File*.crt; ssl_certificate_key *SSL Key File*.key; location / { error_page 404 = @blesta; #IF file doesn't exist log_not_found off; } #Core rewrite location @blesta { rewrite ^(.*)$ /index.php last; # rewrite ^(.*)$ /index.php/(.*) /$1 permanent; } location ~ \.php$ { try_files $uri =404; # Tweak for Nginx to work with PHP from vendors fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; # Buffer settings increase to compensate for increased time/size due to SSL fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; # fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; fastcgi_pass php; fastcgi_index index.php; include fastcgi_params; } # Disallow access to any file with .pdt extension location ~ (\.pdt) { return 403; } if (!-e $request_filename){ rewrite ^(.*)$ /index.php; } #Core rewrite location @blesta { rewrite ^(.*)$/index.php/(.*) /$1 permanent; } include common/locations.conf; } Now save the file as *yourdomain.com (Press CRTL-X, then Y and type it in.) This should have overwritten the current config (the one you just made a backup of.) 7.) Test & Restart NGINX nginx -t (if all goes well, you will see successful) If successful, then restart service nginx restart 8.) Set database password and create a database (assuming using root user for this tutorial) mysqladmin -u root password YOURnewPASSWORD mysql -u root -p *ENTER PASSWORD* create database DATABASEname; flush privileges; exit 9.) Install Blesta Follow installation instructions. 10.) Make the SEF URL's work cd /var/www/*yourdomain.com/htdocs nano lib/init.php Find the HTACCESS line and replace with this: define("HTACCESS", true); Note: This tutorial does not address security or hardening in any way. I will leave that up to you. I am simply sharing a good starting point to get Blesta up and running. I'm using Ubuntu in this instance as it works great for starting out with EasyEngine and UFW. Feel free to add to this and let me know if I have missed anything! Michael, Blesta Addons, Paul and 2 others 5 Quote Link to comment Share on other sites More sharing options...
Blesta Addons Posted June 10, 2014 Report Share Posted June 10, 2014 Thanks Fort the share . ServZoo 1 Quote Link to comment Share on other sites More sharing options...
Michael Posted June 10, 2014 Report Share Posted June 10, 2014 Thanks mate that's a great addition to the contribute hopefully will help a lot of people . ServZoo 1 Quote Link to comment Share on other sites More sharing options...
Paul Posted June 10, 2014 Report Share Posted June 10, 2014 Nice tutorial, thanks for the contribution! ServZoo 1 Quote Link to comment Share on other sites More sharing options...
cloudrck Posted June 12, 2014 Report Share Posted June 12, 2014 As far as I can tell this line is unneeded The @blesta function takes care of what you're trying to accomplish here. What issues were you having without this? if (!-e $request_filename){ rewrite ^(.*)$ /index.php; } Quote Link to comment Share on other sites More sharing options...
ServZoo Posted June 13, 2014 Author Report Share Posted June 13, 2014 As far as I can tell this line is unneeded The @blesta function takes care of what you're trying to accomplish here. What issues were you having without this? if (!-e $request_filename){ rewrite ^(.*)$ /index.php; } It broke the CSS for me when I commented it out. I had the same thought as you; it was not necessary, until I noticed my CSS wasn't loading without it. Quote Link to comment Share on other sites More sharing options...
cloudrck Posted June 13, 2014 Report Share Posted June 13, 2014 I've found the IF to be very funny acting in Nginx, especially when trying to mimic Apache mod_rewrite such as with the !-e $request_filename line, and should be avoided whenever possible. Try this inside your location / instead try_files $uri /index.php?$args; Which version of Nginx are you using, I never had this issue with my confguration. Quote Link to comment Share on other sites More sharing options...
ServZoo Posted June 13, 2014 Author Report Share Posted June 13, 2014 I will test that out on my dev box and see what happens. I love Nginx, but it has given me many gray hairs! nginx version: nginx/1.6.0 Quote Link to comment Share on other sites More sharing options...
cloudrck Posted June 14, 2014 Report Share Posted June 14, 2014 I know what you mean, a lot of it has to do with Nginx being new and lacking documentation. This is what I was referring to http://wiki.nginx.org/IfIsEvil Quote Link to comment Share on other sites More sharing options...
ServZoo Posted June 14, 2014 Author Report Share Posted June 14, 2014 Agreed. But, it does such a great job. I have another website that does almost a million views a month and it's literally powered by 3 NGINX servers in a cluster. Just 3 cheap VPS too. Apache would have called home and committed suicide by now. :-) It's on my list to check into tonight. I appreciate the advice! I take all that I can; especially with NGINX. Quote Link to comment Share on other sites More sharing options...
eva2000 Posted May 25, 2015 Report Share Posted May 25, 2015 Any of you folks come across this issue http://www.blesta.com/forums/index.php?/topic/4519-nginx-rewrite-oddity-front-end-links-ok-backend-links-not/ ? Quote Link to comment Share on other sites More sharing options...
EidolonHost Posted May 25, 2015 Report Share Posted May 25, 2015 Any of you folks come across this issue http://www.blesta.com/forums/index.php?/topic/4519-nginx-rewrite-oddity-front-end-links-ok-backend-links-not/ ? Freshly installed nginx/apache2 setup on eidolonhost.com; nope. Frontend and backend links work A-OK. Michael 1 Quote Link to comment Share on other sites More sharing options...
will Posted May 26, 2015 Report Share Posted May 26, 2015 (edited) Don't forget to configure your SSL for stronger security! See https://mozilla.github.io/server-side-tls/ssl-config-generator/ to help you decide on what level of security you want to employ. The trade-off that comes with the strongest of security is dropping support for older browsers. For most of Blesta's markets, I suspect you won't be breaking things for very many customers if you go with "modern" security, and chances of breaking things for *any* customers are slim if you go with "intermediate" security. "Old" security includes support for SSLv3 which is known to be broken. Do not use the "old" option unless you absolutely have to. (Warning: if you haven't configued OCSP stapling or HSTS before, I strongly recommend you test them on a non-production server first, as screwing the config up make your site inaccessible... potentially for the duration of max-age. Use a very small max-age while testing.) The config generator mentions a "dhparam.pem." You can generate a DH parameter file with openssl dhparam -out dhparam.pem 2048 You want at least 2048 bits in light of the Logjam attack. We force SSL for all connections to Blesta. (Also, if you want to support ipv6, you'll need to specify that you want to listen on ipv6 interfaces.) server { listen 80; listen [::]:80 ipv6only=on; # This last flag can fix some issues nginx can have with binding to ports. server_name mydomain.com; return 301 https://$server_name$request_uri; #Force SSL } server { listen 443; #SSL Only listen [::]:443 ipv6only=on; #For ipv6 server_name mydomain.com; # The rest of the config goes down here } EDIT: If you want to be paranoid (e.g. security bonus points) your config directory should be readable by PHP, but not nginx. Similarly, your SSL certs should be readable by nginx, but not PHP. On top of that, your DB should be protected by your firewall - there's no reason for it to be listening to any requests except local ones. One more thing: you can tell nginx to ignore requests for sensitive files or folders. location ~ ^/(cache|config|errors|helpers|internal|language|lib|index.php/api|api) { deny all; return 404; } # If you're using your API with some kind of external service, you can remove those last two. # If that service has a static IP, you can add "allow x.x.x.x;" on the previous line, where x.x.x.x is the service's IP. Edited May 26, 2015 by will eva2000 1 Quote Link to comment Share on other sites More sharing options...
eva2000 Posted May 26, 2015 Report Share Posted May 26, 2015 thanks guys got it sorted with my Centmin Mod LEMP stack and working vhost config i posted at http://www.blesta.com/forums/index.php?/topic/4519-nginx-rewrite-oddity-front-end-links-ok-backend-links-not/#entry33677 also have SPDY SSL guide for my Centmin Mod LEMP stack at http://centminmod.com/nginx_configure_https_ssl_spdy.html Michael 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.