FreshTomato Wiki

User Tools

Site Tools

Trace: clearing_iptables
web-nginx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
web-nginx [2024/07/16 14:17] – [Advanced Settings] pedroweb-nginx [2024/11/27 02:12] (current) – [Advanced Settings] hogwild
Line 1: Line 1:
 ====== Nginx & PHP ====== ====== Nginx & PHP ======
  
-This menu contains settings for FreshTomato's internal web server (Nginx) and optional support for PHP.  Note that FreshTomato also has a built-in (httpd) web server used only for router administration. This additional minimal web server is based on a more modern version of Nginx.  +This menu contains settings for FreshTomato's internal web server (Nginx) and optional support for PHP. 
- \\    + 
- \\+Note that FreshTomato also has a built-in (httpd) web server used only for router administration. Httpd is based on a more modern version of Nginx.   \\   \\ 
 ===== Status ===== ===== Status =====
  
  \\  {{:pasted:20220215-152554.png}} \\   \\   \\  \\  {{:pasted:20220215-152554.png}} \\   \\   \\
  
-**NGINX is currently running:** This displays the service status. Clicking [Stop Now] immediately stops the service.+**NGINX is currently running:** displays the service status. Clicking [Stop Now] stops the service.
  
-**NGINX is currently stopped:** This displays the service status. Clicking [Start Now] immediately stops the service.+ \\
  
-**Enable Server on Start:**  Enabling this causes the nginx service to load at boot time at each boot.+**NGINX is currently stopped:** displays the service status. Clicking [Start Now] stops the service.
  
-**Enable PHP support:**  Enabling this will cause any PHP pages served by the webserver to be interpreted.+ \\ 
 + 
 +**Enable Server on Start:**  enabling this causes the nginx service to load at boot. 
 + 
 + \\ 
 + 
 +**Enable PHP support:** enabling this causes PHP pages served by the webserver to be interpreted. 
 + 
 + \\
  
-**Run As:**  The option chosen here specifies under which system account the nginx daemon will run.+**Run As:**  specifies under which system account the nginx daemon will run.
  
   * root - The nginx daemon will run under the root account.   * root - The nginx daemon will run under the root account.
Line 28: Line 37:
 **Keep Config files: TBD** **Keep Config files: TBD**
  
-**Web Server Port:** This specifies on which LAN port Web content will be served. Traditionally, the default HTTP port is 80. However, a conflict might occur if the httpd web server were configured to use the same port (See: [[admin_access|Admin Access]]). Thus, it was decided port 85 would be the default for Nginx.+ \\
  
-**Upload file size limit:** This enforces a hard-coded limit for the maximum amount of data to be uploaded in a single session.+**Web Server Port:** here, enter the LAN port on which Web content is served.
  
-**Allow Remote Access:** Enabling this chooses whether Nginx content will be visible from the WANIf enabledcontent is served on the same port as the LAN'"Web Server Port"\\+Traditionally, the default HTTP port is 80Howeverconflicts can occur if httpd web server is configured with the same port (See: [[admin_access|Admin Access]]). Thus, port 85 was chosen to be Nginx'default.
  
- \\ {{:pasted:20220215-153925.png}}  \\   \\   \\ **Web Server Name:**  Here, enter the web server's name. (Default: Tomato).+ \\
  
-**Document Root Path:**  Here, specify the filesystem location of the root folder where content/pages are located.+**Upload file size limit:** enforces a specified limit for the maximum amount of data to be uploaded in one session.
  
-**Server Priority:**  This set the "nice" value for the nginx process. This value assigns the Webserver process a CPU priority, relative to other processes. Valid settings are between -20 (highest priority) and 19 (lowest priority).+ \\
  
-**Enable h5ai support:**  h5ai is a modern file indexer for HTTP webservers with focus on your files. Its php code displays "boring" file/folder lists in an a more appealing way.+**Allow Remote Access:** sets whether Nginx content is available via the WAN.
  
-In order to benefit from h5ai, you must:+Content is served on the "Web Server Port". \\
  
-  - Enable the h5ai support option + \\ {{:pasted:20220215-153925.png}}  \\   \\   \\ **Web Server Name:**  here, enter the web server's name. (Default: Tomato). 
-  - Enable PHP on this menu+ 
 + \\ 
 + 
 +**Document Root Path:**  the filesystem location of the content/pages root folder. 
 + 
 + \\ 
 + 
 +**Server Priority:**  sets the "nice" value for nginx. 
 + 
 +This value assigns the Webserver process a CPU priority relative to other processes. Valid settings are from -20 (highest) to 19 (lowest). 
 + 
 + \\ 
 + 
 +**Enable h5ai support:**  h5ai is a modern file indexer for HTTP webservers emphasizing file listings. Its PHP code displays plain file/folder lists in an a nicely-formatted, easy-to-read way. 
 + 
 + \\ 
 + 
 +To benefit from h5ai, you must: 
 + 
 + \\ 
 + 
 +  - Enable h5ai support. 
 +  - Enable PHP on this menu.
   - Download [[https://github.com/lrsjng/h5ai|h5ai]] and copy the "_h5ai" folder directly under the Document Root Path   - Download [[https://github.com/lrsjng/h5ai|h5ai]] and copy the "_h5ai" folder directly under the Document Root Path
  
Line 51: Line 82:
 ===== Advanced Settings ===== ===== Advanced Settings =====
  
-These fields let you add custom settings to tweak default behaviour. For more details, please consult the official NGINX [[https://nginx.org/en/|documentation]].+Here, you can add custom settings to tweak default behaviour. For details, please consult the Nginx [[https://nginx.org/en/|Documentation]].
  
  \\  \\
Line 61: Line 92:
 {{:pasted:20220215-164428.png}}\\  \\ {{:pasted:20220215-164428.png}}\\  \\
  
-**Use user config file:**  Here, choose whether a custom configuration file will be used. This will override some web interface settings.+**Use user config file:**  here, choose whether a custom configuration file is used.
  
-**User config file path:**  Here, specify a custom path for the nginx configuration file. The settings in this file will be active only if //Use user config file// is enabled. When //Use user config file// is disabled, the path remains in the field, but is inactive.+This will override some web interface settings. 
 + 
 + \\ 
 + 
 +**User config file path:**  a custom path for the nginx configuration file. 
 + 
 +Settings in this file will be active only if //Use user config file// is enabled. When //Use user config file// is disabled, the path remains in the field, but is inactive.
  
 \\ \\ \\ \\
  
 **Example configuration of the HTTP section for an SSL server:** **Example configuration of the HTTP section for an SSL server:**
 +
 + \\
  
 > server {\\  listen 444 ssl;\\  server_name FreshTomato SSL;\\  access_log /var/log/nginx/access.log main;\\  http2 on;\\  ssl_certificate /etc/cert.pem;\\  ssl_certificate_key /etc/key.pem;\\  ssl_session_timeout 1d;\\  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions\\  ssl_session_tickets off;\\  # curl [[https://ssl-config.mozilla.org/ffdhe2048.txt]] > /path/to/dhparam\\  ssl_dhparam /opt/etc/nginx/dhparam;\\  # intermediate configuration\\  ssl_protocols TLSv1.2;\\   ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA;\\  ssl_prefer_server_ciphers off;\\  # HSTS (ngx_http_headers_module is required) (63072000 seconds)\\  add_header Strict-Transport-Security "max-age=63072000" always;\\  location / {\\   root /opt/share/www;\\   index index.html index.htm index.php ;\\   error_page 404 /404.html;\\   error_page 500 502 503 504 /50x.html;\\   location /50x.html {\\    root /opt/share/www;\\   }\\   location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {\\    try_files $script_name = 404;\\    include /etc/nginx/fastcgi.conf;\\    fastcgi_param PATH_INFO $path_info;\\    fastcgi_pass unix:/var/run/php-fpm.sock;\\   }\\   location ~ ^/(images|javascript|js|css|flash|media|static)/ {\\    root /opt/share/www;\\    expires 10d;\\   }\\  }\\  autoindex on;\\  autoindex_exact_size off;\\  autoindex_localtime on;\\  charset utf-8;\\ } > server {\\  listen 444 ssl;\\  server_name FreshTomato SSL;\\  access_log /var/log/nginx/access.log main;\\  http2 on;\\  ssl_certificate /etc/cert.pem;\\  ssl_certificate_key /etc/key.pem;\\  ssl_session_timeout 1d;\\  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions\\  ssl_session_tickets off;\\  # curl [[https://ssl-config.mozilla.org/ffdhe2048.txt]] > /path/to/dhparam\\  ssl_dhparam /opt/etc/nginx/dhparam;\\  # intermediate configuration\\  ssl_protocols TLSv1.2;\\   ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA;\\  ssl_prefer_server_ciphers off;\\  # HSTS (ngx_http_headers_module is required) (63072000 seconds)\\  add_header Strict-Transport-Security "max-age=63072000" always;\\  location / {\\   root /opt/share/www;\\   index index.html index.htm index.php ;\\   error_page 404 /404.html;\\   error_page 500 502 503 504 /50x.html;\\   location /50x.html {\\    root /opt/share/www;\\   }\\   location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {\\    try_files $script_name = 404;\\    include /etc/nginx/fastcgi.conf;\\    fastcgi_param PATH_INFO $path_info;\\    fastcgi_pass unix:/var/run/php-fpm.sock;\\   }\\   location ~ ^/(images|javascript|js|css|flash|media|static)/ {\\    root /opt/share/www;\\    expires 10d;\\   }\\  }\\  autoindex on;\\  autoindex_exact_size off;\\  autoindex_localtime on;\\  charset utf-8;\\ }
  
-\\ \\+\\  \\ \\  \\
  
  
web-nginx.1721135847.txt.gz · Last modified: 2024/07/16 14:17 by pedro

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki