digiclear:nginx

NGINX Configuration for DigiCleaR V4

You want to create a config file for digiclear (=digiclear.conf) in etc/nginx/conf.d.

This file will contain the server configuration block of your digiclear server, and will be loaded inside the http configuration block in the main nginx configuration file.

Create your server block and add the listen and server_name parameters : 

server {
   listen 80;
   server_name digiclear www.digiclear;
}

listen 80; indicates that nginx will serve requests comming on the port 80 with this server block.
server_name is useful if your nginx is serving multiples names, this will determine which server block will process the request. Nginx will use the first server block if no server_names match the current request. Meaning that this parameter is useless if your nginx is only serving digiclear, or if the digiclear block is the first block being loaded in the main configuration file.

All the following blocks and parameters have to be written inside your new server block.

root

The root directory should be set on /public. Meaning that only files within that folder will be accessible from outside. If you're on windows don't forget to use backslashes '\' instead of unix forward slashes in the folder path. 

root /your/path/here/git/digiclear-v4/public/;

index

The index must be index.php 

index index.php;

This is used when requesting the root url (digiclear/), it tells nginx to process index.php instead of the root folder.

location block

you must put a location block matching all requests and redirecting them to index.php if they don't already point to an existing file : 

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

the try_files line means that nginx will try to find a file at $uri (=request url), $uri/ (=request url + / at the end), and if it can't find anything it will rewrite the uri to index.php + ? + the GET parameters of the request.

you can add autoindex on; to make browsing public files easier (useful for debugging or if you plan on putting documentation folders in /public/) It doesn't affect security since everything that's in public is supposed to be client-side files anyway, but it can be confusing for users.

php block

Now we need to tell nginx to process php files by giving them to php-cgi instead of directly sending the source code to the users. This can be done with the following block : 

location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
    include        fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

fastcgi_pass indicates on which IP and at which port is the php-cgi service listening.
include fastcgi_params; , afaik, pass all the parameters contained in the request (GET variables, POST files, etc).
fastcgi_param pass the the file path to php-cgi.

In the end your config file should look approximately like this : 

server {
    listen 80;
    server_name localhost baby 127.0.0.1;

    root /home/stephane/git/digiclear-v4/public;

    client_max_body_size 20M;

    index index.php index.html index.htm;

    # Make site accessible from http://localhost

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.php?$query_string;
        }

#    location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }

            # Pass PHP scripts to PHP-FPM
        location ~ .php$ {
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
         }

    }

If you're on windows, your digiclear server block could look like this :

#digiclear
server {
    listen 80;
    server_name  digiclear www.digiclear;

    root   D:\Documents\git\digiclear4\public;

    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        include        fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

If you plan on having a 3rd party software connect to DigiCleaR with the user's credentials (in order to automatically fill-up a form in place of the user for example), don't forget to add the CORS header here. 

add_header 'Access-Control-Allow-Origin' 'your/3rd/party/domain/name/here';

you can also use '*' in place of the domain to allow CORS from everywhere, but if you do that make sure that DigiCleaR is only accessible from an internal network.

Apply changes

Do not forget to restart the NGINX server to apply changes in the configuration file 

sudo service nginx restart

  • digiclear/nginx.txt
  • Last modified: 2021/06/04 12:03
  • by stephane