This menu contains settings for FreshTomato's internal web server (Nginx) and optional support for PHP.
Note that FreshTomato also has a built-in (httpd) web server used only for router administration. Httpd is based on a more modern version of Nginx.
NGINX is currently running: displays the service status. Clicking [Stop Now] stops the service.
NGINX is currently stopped: displays the service status. Clicking [Start Now] stops the service.
Enable Server on Start: enabling this causes the nginx service to load at boot.
Enable PHP support: enabling this causes PHP pages served by the webserver to be interpreted.
Run As: specifies under which system account the nginx daemon will run.
Keep Config files: TBD
Web Server Port: here, enter the LAN port on which Web content is served.
Traditionally, the default HTTP port is 80. However, conflicts can occur if httpd web server is configured with the same port (See: Admin Access). Thus, port 85 was chosen to be Nginx's default.
Upload file size limit: enforces a specified limit for the maximum amount of data to be uploaded in one session.
Allow Remote Access: sets whether Nginx content is available via the WAN.
Content is served on the “Web Server Port”.
Web Server Name: here, enter the web server's name. (Default: Tomato).
Document Root Path: the filesystem location of the content/pages root folder.
Server Priority: sets the “nice” value for nginx.
This value assigns the Webserver process a CPU priority relative to other processes. Valid settings are from -20 (highest) to 19 (lowest).
Enable h5ai support: h5ai is a modern file indexer for HTTP webservers emphasizing file listings. Its PHP code displays plain file/folder lists in an a nicely-formatted, easy-to-read way.
To benefit from h5ai, you must:
Here, you can add custom settings to tweak default behaviour. For details, please consult the Nginx Documentation.
Use user config file: here, choose whether a custom configuration file is used.
This will override some web interface settings.
User config file path: a custom path for the nginx configuration file.
Settings in this file will be active only if Use user config file is enabled. When Use user config file is disabled, the path remains in the field, but is inactive.
Example configuration of the HTTP section for an SSL server:
server {
listen 444 ssl;
server_name FreshTomato SSL;
access_log /var/log/nginx/access.log main;
http2 on;
ssl_certificate /etc/cert.pem;
ssl_certificate_key /etc/key.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /opt/etc/nginx/dhparam;
# intermediate configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security “max-age=63072000” always;
location / {
root /opt/share/www;
index index.html index.htm index.php ;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location /50x.html {
root /opt/share/www;
}
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
try_files $script_name = 404;
include /etc/nginx/fastcgi.conf;
fastcgi_param PATH_INFO $path_info;
fastcgi_pass unix:/var/run/php-fpm.sock;
}
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /opt/share/www;
expires 10d;
}
}
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8;
}