OpenWrt Forum Archive

Topic: Anyone have Nginx up and running?

The content of this topic has been archived on 17 Jun 2017. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
JW0914
21 Jun 2016, 10:10

Does anyone have Nginx up and running?  If so, could you please post your /etc/nginx/nginx.conf and /etc/php.ini

Unfortunately, the Nginx OpenWrt wiki is either incomplete or something vital to the config has changed between AA and DD.


Currently, I'm getting the output of /www/cgi-bin/luci when I navigate to the WebGUI:

#!/usr/bin/lua require "luci.cacheloader" require "luci.sgi.cgi" luci.dispatcher.indexcache = "/tmp/luci-indexcache" luci.sgi.cgi.run()

  • I am able to utilize uhttpd to access the WebGUI [uhttpd utilizes 443, Nginx 8443], and I'm leaning towards a cgi option missing from the Nginx config, but as to what that might be, I'm not certain.


nginx.conf

  • No errors are contained within error.log, so Nginx is up and running without issue.

user                    nobody nogroup;

error_log               /var/log/nginx/error.log;
worker_processes        2;


events { worker_connections 1024; }


http {
    include             mime.types;
    index               index.php index.html index.htm;
    default_type        text/html;

    sendfile            on;
    keepalive_timeout   65;
    gzip                on;

    gzip_min_length     1k;
    gzip_buffers        4 16k;
    gzip_http_version   1.1;
    gzip_comp_level     2;
    gzip_types          text/plain application/x-javascript text/css application/xml;
    gzip_vary           on;

    ssl_protocols       TLSv1.1 TLSv1.2;
    ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!LOW:!DES:!MD5:!PSK:!RC4:!3DES:!EXP:!SRP:!DSS;

    ssl_session_cache           shared:SSL:10m;
    ssl_session_timeout         30m;
    ssl_prefer_server_ciphers   on;


    server {
        listen          8080;
        server_name     192.168.200.60;
        return          301 https://$server_name$request_uri;

        add_header      X-Frame-Options "SAMEORIGIN";
    }


    server {
        listen          8443 ssl;
        server_name     192.168.200.60;

        root            /www;

        ssl_dhparam             dhparam.pem;
        ssl_certificate         nginx.crt;
        ssl_certificate_key     nginx.key;


        add_header      Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
        add_header      X-Content-Type-Options nosniff;
        add_header      X-Frame-Options "SAMEORIGIN";
        add_header      X-XSS-Protection "1; mode=block";
        add_header      X-Robots-Tag none;
        add_header      X-Download-Options noopen;
        add_header      X-Permitted-Cross-Domain-Policies none;


        fastcgi_connect_timeout         300;
        fastcgi_send_timeout            300;
        fastcgi_read_timeout            300;

        fastcgi_buffer_size             32k;
        fastcgi_buffers                 4 32k;


        client_body_timeout             10;
        client_header_timeout           10;
        send_timeout                    60;

        output_buffers                  1 32k;
        postpone_output                 1460;


        fastcgi_busy_buffers_size       32k;
        fastcgi_temp_file_write_size    32k;


        location ~      \.php$ {
            fastcgi_index       index.php;
            include             fastcgi_params;

            fastcgi_param       SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param       HTTPS on;
            fastcgi_param       modHeadersAvailable true;

            if (-f $request_filename) {
                fastcgi_pass    127.0.0.1:1026;
            }
        }


        location ~*     \.(?:css|js)$ {
            try_files       $uri /index.php$uri$is_args$args;

            add_header      Cache-Control "public, max-age=7200";
            add_header      Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
            add_header      X-Content-Type-Options nosniff;
            add_header      X-Frame-Options "SAMEORIGIN";
            add_header      X-XSS-Protection "1; mode=block";
            add_header      X-Robots-Tag none;
            add_header      X-Download-Options noopen;
            add_header      X-Permitted-Cross-Domain-Policies none;
        }
    }
}

php.ini

[PHP]

zend.ze1_compatibility_mode         = Off

engine                              = On
precision                           = 12
y2k_compliance                      = On
output_buffering                    = Off
zlib.output_compression             = Off
implicit_flush                      = Off
unserialize_callback_func           =
serialize_precision                 = 100
disable_functions                   =
disable_classes                     =
expose_php                          = On

max_execution_time                  = 30
max_input_time                      = 60
memory_limit                        = 8M
error_reporting                     = E_ALL & ~E_NOTICE & ~E_STRICT

display_errors                      = On
display_startup_errors              = Off
log_errors                          = Off
log_errors_max_len                  = 1024
ignore_repeated_errors              = Off
ignore_repeated_source              = Off
report_memleaks                     = On
track_errors                        = Off
variables_order                     = "EGPCS"
request_order                       = "GP"
register_globals                    = Off
register_long_arrays                = Off
register_argc_argv                  = On
auto_globals_jit                    = On
post_max_size                       = 8M
magic_quotes_runtime                = Off
magic_quotes_sybase                 = Off
auto_prepend_file                   =
auto_append_file                    =
default_mimetype                    = "text/html"
doc_root                            = "/www"
user_dir                            =
extension_dir                       = "/usr/lib/php"
enable_dl                           = On
cgi.force_redirect                  = 1
cgi.redirect_status_env             = "yes"
cgi.fix_pathinfo                    = 1
fastcgi.logging                     = 1

file_uploads                        = On
upload_tmp_dir                      = "/tmp"
upload_max_filesize                 = 2M
max_file_uploads                    = 20

allow_url_fopen                     = On
allow_url_include                   = Off
default_socket_timeout              = 60

extension               = ctype.so
extension               = curl.so
;extension              = dom.so
;extension              = exif.so
;extension              = ftp.so
extension               = gd.so
;extension              = gmp.so
;extension              = hash.so
;extension              = iconv.so
;extension              = json.so
;extension              = ldap.so
extension               = mbstring.so
extension               = mcrypt.so
;extension              = mysql.so
extension               = openssl.so
;extension              = pcre.so
extension               = pdo.so
;extension              = pdo-mysql.so
;extension              = pdo-pgsql.so
;extension              = pdo_sqlite.so
;extension              = pgsql.so
extension               = session.so
;extension              = soap.so
extension               = sockets.so
;extension              = sqlite.so
;extension              = sqlite3.so
extension               = tokenizer.so
extension               = xml.so
;extension              = xmlreader.so
;extension              = xmlwriter.so

[APC]
apc.enabled                         = 1
apc.shm_segments                    = 1
apc.shm_size                        = 4M

[Pdo_mysql]
pdo_mysql.cache_size                = 2000
pdo_mysql.default_socket            =

[MySQL]
mysql.allow_local_infile            = On
mysql.allow_persistent              = On
mysql.cache_size                    = 2000
mysql.max_persistent                = -1
mysql.max_links                     = -1
mysql.default_port                  =
mysql.default_socket                =
mysql.default_host                  =
mysql.default_user                  =
mysql.default_password              =
mysql.connect_timeout               = 60
mysql.trace_mode                    = Off

[PostgresSQL]
pgsql.allow_persistent              = On
pgsql.auto_reset_persistent         = Off
pgsql.max_persistent                = -1
pgsql.max_links                     = -1
pgsql.ignore_notice                 = 0
pgsql.log_notice                    = 0

[Session]
session.save_handler                = files
session.save_path                   = "/tmp"
session.use_cookies                 = 1
session.use_only_cookies            = 1
session.name                        = PHPSESSID
session.auto_start                  = 0
session.cookie_lifetime             = 0
session.cookie_path                 = /
session.cookie_domain               =
session.cookie_httponly             =
session.serialize_handler           = php
session.gc_probability              = 1
session.gc_divisor                  = 100
session.gc_maxlifetime              = 1440
session.bug_compat_42               = On
session.bug_compat_warn             = On
session.referer_check               =
session.entropy_length              = 0
session.entropy_file                =
session.cache_limiter               = nocache
session.cache_expire                = 180
session.use_trans_sid               = 0
session.hash_function               = 0
session.hash_bits_per_character     = 4
url_rewriter.tags                   = "a=href,area=href,frame=src,input=src,form=,fieldset="

[soap]
soap.wsdl_cache_enabled             = 1
soap.wsdl_cache_dir                 = "/tmp"
soap.wsdl_cache_ttl                 = 86400
soap.wsdl_cache_limit               = 5

[ldap]
ldap.max_links                      = -1

[opcache]
opcache.max_accelerated_files       = 200
opcache.enable_cli                  = 1
opcache.enable                      = 1

(Last edited by JW0914 on 21 Jun 2016, 21:20)

Post #2
Max Hopper
21 Jun 2016, 10:26

CHANGE ME!

nginx.conf wrote:

server {
        <snip>
        root            /www;
        ... }

Post #3
PonyoSunshine
21 Jun 2016, 20:08

I literally set this up yesterday for the first time with OpenWRT

conf-enabled/default.conf:

server {
        server_name _;
        listen 9999 default_server;

        server_name_in_redirect off;

        root /usr/share/nginx/html/;

        include mime.types;

        default_type "text/html; charset=UTF-8";

        index index.php index.html index.htm;

        location ~ \.php$ {
                        fastcgi_index  index.php;
                        include        fastcgi_params;
                        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

                        if (-f $request_filename) {
                                # Only throw it at PHP-FPM if the file exists (prevents some PHP exploits)
                                fastcgi_pass    127.0.0.1:1026;     # The upstream determined above
                        }
                }
}

nginx.conf:

user nobody nogroup;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    #default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;

    include /etc/nginx/conf-enabled/*.conf;

}

php.ini:

[PHP]

zend.ze1_compatibility_mode = Off

; Language Options

engine = On
;short_open_tag = Off
precision    =  12
y2k_compliance = On
output_buffering = Off
;output_handler =
zlib.output_compression = Off
;zlib.output_compression_level = -1
;zlib.output_handler =
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 100

;open_basedir =
disable_functions =
disable_classes =

; Colors for Syntax Highlighting mode.  Anything that's acceptable in
; <span style="color: ???????"> would work.
;highlight.string  = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.bg      = #FFFFFF
;highlight.default = #0000BB
;highlight.html    = #000000

;ignore_user_abort = On
;realpath_cache_size = 16k
;realpath_cache_ttl = 120

; Miscellaneous

expose_php = On

; Resource Limits

max_execution_time = 30 ; Maximum execution time of each script, in seconds.
max_input_time = 60     ; Maximum amount of time each script may spend parsing request data.
;max_input_nesting_level = 64
memory_limit = 8M       ; Maximum amount of memory a script may consume.

; Error handling and logging

; Error Level Constants:
; E_ALL             - All errors and warnings (includes E_STRICT as of PHP 6.0.0)
; E_ERROR           - fatal run-time errors
; E_RECOVERABLE_ERROR  - almost fatal run-time errors
; E_WARNING         - run-time warnings (non-fatal errors)
; E_PARSE           - compile-time parse errors
; E_NOTICE          - run-time notices (these are warnings which often result
;                     from a bug in your code, but it's possible that it was
;                     intentional (e.g., using an uninitialized variable and
;                     relying on the fact it's automatically initialized to an
;                     empty string)
; E_STRICT                      - run-time notices, enable to have PHP suggest changes
;                     to your code which will ensure the best interoperability
;                     and forward compatibility of your code
; E_CORE_ERROR      - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING    - warnings (non-fatal errors) that occur during PHP's
;                     initial startup
; E_COMPILE_ERROR   - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
; E_USER_ERROR      - user-generated error message
; E_USER_WARNING    - user-generated warning message
; E_USER_NOTICE     - user-generated notice message
; E_DEPRECATED      - warn about code that will not work in future versions
;                     of PHP
; E_USER_DEPRECATED - user-generated deprecation warnings
;
; Common Values:
;   E_ALL & ~E_NOTICE  (Show all errors, except for notices and coding standards warnings.)
;   E_ALL & ~E_NOTICE | E_STRICT  (Show all errors, except for notices)
;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
;   E_ALL | E_STRICT  (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
error_reporting  =  E_ALL & ~E_NOTICE & ~E_STRICT

display_errors = On
display_startup_errors = Off
log_errors = Off
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
;report_zend_debug = 0
track_errors = Off
;html_errors = Off
;docref_root = "/phpmanual/"
;docref_ext = .html
;error_prepend_string = "<font color=#ff0000>"
;error_append_string = "</font>"
; Log errors to specified file.
;error_log = /var/log/php_errors.log
; Log errors to syslog.
;error_log = syslog

; Data Handling

;arg_separator.output = "&amp;"
;arg_separator.input = ";&"
variables_order = "EGPCS"
request_order = "GP"
register_globals = Off
register_long_arrays = Off
register_argc_argv = On
auto_globals_jit = On
post_max_size = 8M
;magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
;default_charset = "iso-8859-1"
;always_populate_raw_post_data = On

; Paths and Directories

; UNIX: "/path1:/path2"
;include_path = ".:/php/includes"
doc_root = "/usr/share/nginx/html"
user_dir =
extension_dir = "/usr/lib/php"
enable_dl = On
cgi.force_redirect = 1
;cgi.nph = 1
cgi.redirect_status_env = "yes";
cgi.fix_pathinfo=1
;fastcgi.impersonate = 1;
;fastcgi.logging = 0
;cgi.rfc2616_headers = 0

; File Uploads

file_uploads = On
upload_tmp_dir = "/tmp"
upload_max_filesize = 2M
max_file_uploads = 20

; Fopen wrappers

allow_url_fopen = On
allow_url_include = Off
;from="john@doe.com"
;user_agent="PHP"
default_socket_timeout = 60
;auto_detect_line_endings = Off

; Dynamic Extensions

;extension=ctype.so
;extension=curl.so
;extension=dom.so
;extension=exif.so
;extension=ftp.so
;extension=gd.so
;extension=gmp.so
;extension=hash.so
;extension=iconv.so
;extension=json.so
;extension=ldap.so
;extension=mbstring.so
;extension=mcrypt.so
;extension=mysql.so
;extension=openssl.so
;extension=pcre.so
;extension=pdo.so
;extension=pdo-mysql.so
;extension=pdo-pgsql.so
;extension=pdo_sqlite.so
;extension=pgsql.so
;extension=session.so
;extension=soap.so
;extension=sockets.so
;extension=sqlite.so
;extension=sqlite3.so
;extension=tokenizer.so
;extension=xml.so
;extension=xmlreader.so
;extension=xmlwriter.so

; Module Settings

[APC]
apc.enabled = 1
apc.shm_segments = 1    ;The number of shared memory segments to allocate for the compiler cache.
apc.shm_size = 4M       ;The size of each shared memory segment.

[Date]
;date.timezone =
;date.default_latitude = 31.7667
;date.default_longitude = 35.2333
;date.sunrise_zenith = 90.583333
;date.sunset_zenith = 90.583333

[filter]
;filter.default = unsafe_raw
;filter.default_flags =

[iconv]
;iconv.input_encoding = ISO-8859-1
;iconv.internal_encoding = ISO-8859-1
;iconv.output_encoding = ISO-8859-1

[sqlite]
;sqlite.assoc_case = 0

[sqlite3]
;sqlite3.extension_dir =

[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=

[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off

[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0

[Session]
session.save_handler = files
session.save_path = "/tmp"
session.use_cookies = 1
;session.cookie_secure =
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = On
session.bug_compat_warn = On
session.referer_check =
session.entropy_length = 0
;session.entropy_file = /dev/urandom
session.entropy_file =
;session.entropy_length = 16
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 4
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

[mbstring]
;mbstring.language = Japanese
;mbstring.internal_encoding = EUC-JP
;mbstring.http_input = auto
;mbstring.http_output = SJIS
;mbstring.encoding_translation = Off
;mbstring.detect_order = auto
;mbstring.substitute_character = none;
;mbstring.func_overload = 0
;mbstring.strict_detection = Off
;mbstring.http_output_conv_mimetype=
;mbstring.script_encoding=

[gd]
;gd.jpeg_ignore_warning = 0

[exif]
;exif.encode_unicode = ISO-8859-15
;exif.decode_unicode_motorola = UCS-2BE
;exif.decode_unicode_intel    = UCS-2LE
;exif.encode_jis =
;exif.decode_jis_motorola = JIS
;exif.decode_jis_intel    = JIS

[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5

[sysvshm]
;sysvshm.init_mem = 10000

[ldap]
ldap.max_links = -1

[mcrypt]
;mcrypt.algorithms_dir=
;mcrypt.modes_dir=

[opcache]
;opcache.memory_consumption=8           ; 8M is the allowed minimum
;opcache.interned_strings_buffer=1
opcache.max_accelerated_files=200       ; 200 is the allowed minimum
;opcache.revalidate_freq=60
;opcache.fast_shutdown=1
opcache.enable_cli=1
opcache.enable=1
;opcache.log_verbosity_level=4
Post #4
JW0914
21 Jun 2016, 20:11

Thanks! =]

Post #5
JW0914
21 Jun 2016, 20:59
PonyoSunshine wrote:

I literally set this up yesterday for the first time with OpenWRT

...And you're using nginx for the WebGUI?

How exactly do you have everything set up, as your configs aren't for an OpenWRT default setup.   I'm assuming you've configured nginx as a webserver for something other than the WebGUI, as the locations you've referenced aren't utilized on OpenWRT (they're what's utilized in majority of BSD/*nix distros).

I have tried them, and I get the same result as I had with my configs, simply the output of /www/cgi-bin/luci.  There seems to be a cgi value that's missing somewhere, as I've tried the nginx configs I have set up for my ownCloud server with the same result.

(Last edited by JW0914 on 21 Jun 2016, 21:27)

The discussion might have continued from here.