Update INSTALL.en.md

c79717ff · Patrick Barroca · 9a559e40 · c79717ff
Commit c79717ff authored 7 years ago by Patrick Barroca
--- a/INSTALL.en.md
+++ b/INSTALL.en.md
@@ -50,7 +50,7 @@ cd opacce



-#  Apache / PHP Configuration:
+#  Apache webserver:

 ## Activate the following modules :

@@ -75,22 +75,6 @@ Deactivate negotiation module which is in conflict with Zend Framework on index/
 a2dismod negotiation
 ```

-## Configure PHP
-
-In /etc/php5/apache2/php.ini (ArchLinux: /etc/php/php.ini), configure the following variables:
-```
-post_max_size = 10M
-upload_max_filesize = 10M
-error_reporting  =  E_ALL & ~E_NOTICE & ~E_DEPRECATED
-```
-
-Activate the following extensions if they are not already actived (they should be): 
-```
-php5enmod calendar curl gd gettext iconv mcrypt mysql pdo_mysql openssl soap imagick
-```
-
-On Archinux uncomment the corresponding lines.
-
 ## Configure Apache

 In Apache conf, delete indexes option (file list) and authorise .htaccess: 
@@ -114,13 +98,166 @@ Warning: For apache 2.4
 </Directory>
 ```

+# Nginx webserver (experimental)
+
+Using Nginx imply using PHP in PHP-FPM mode.
+
+Recommaded configuration use 2 files.
+This provides a mean to have factorised Bokeh configuration and a custom configuration for each Bokeh instance.
+
+## Include file « bokeh.inc », store it for example in /etc/nginx/conf-enabled
+
+```
+# Include directives for Bokeh portal
+
+location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+    expires 30d;
+    log_not_found off;
+}
+
+location = /favicon.ico {
+    log_not_found off;
+    access_log off;
+}
+
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
+
+# Deny access to sensitive files.
+location ~ (\.inc\.php|\.tpl|\.sql|\.tpl\.php|\.db)$ {
+    #deny all;
+    return 403;
+}
+
+location ~ /(\.|\.htaccess|config\.(ini|php)) {
+    #deny all;
+    return 403;
+}

-# User rights on temp folder
+# Path without redirection
+location ~ /(xhprof_html|ckeditor|\.well-known) {
+}
+
+# Serve PHP
+location ~ /cosmogramme/cosmozend {
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    include fastcgi_params;
+    #fastcgi_index  index.php;
+    fastcgi_param  SCRIPT_FILENAME    $document_root/cosmogramme/cosmozend/index.php;
+    fastcgi_param  SCRIPT_NAME        /cosmogramme/cosmozend/index.php;
+    fastcgi_buffer_size 128k;
+    fastcgi_buffers 256 4k;
+    fastcgi_busy_buffers_size 256k;
+    fastcgi_temp_file_write_size 256k;
+    fastcgi_intercept_errors on;
+    fastcgi_pass bokeh-dock:9000;
+}
+
+location ~ (\.php$|/(cosmogramme|exploit/(test\.php|fpm-ping|fpm-status))) {
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    include fastcgi_params;
+    fastcgi_index  index.php;
+    fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+    fastcgi_buffer_size 128k;
+    fastcgi_buffers 256 4k;
+    fastcgi_busy_buffers_size 256k;
+    fastcgi_temp_file_write_size 256k;
+    fastcgi_intercept_errors on;
+    fastcgi_pass bokeh-dock:9000;
+}
+```
+ 
+## Vhost file, adapt it to your needs (change URL_Bokeh, Path_Bokeh_Dir, Bokeh_Dir, …)

 ```
+server {
+    listen  80;
+    index  index.php;
+    server_name <URL_Bokeh>;
+    root        <Path_Bokeh_Dir>/<Bokeh_Dir>;
+    access_log  "<Path_Nginx_Log>/<URL_Bokeh>_access.log";
+    error_log   "<Path_Nginx_Log>/<URL_Bokeh>_error.log";
+
+    location / {
+        try_files $uri $uri/ @rewrite;
+    }
+
+    # if the requested file exists, return it immediately
+    if (-f $request_filename) {
+        break;
+    }
+
+    location @rewrite {
+        rewrite ^(.*)$ /index.php last;
+    }
+
+    include /etc/nginx/conf-enabled/bokeh.inc;
+}
+```
+
+## Example content of etc/nginx/fastcgi_params
+
+```
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
+```
+
+
+# Configure PHP
+
+In /etc/php5/apache2/php.ini (ArchLinux: /etc/php/php.ini), configure the following variables:
+```
+post_max_size = 10M
+upload_max_filesize = 10M
+error_reporting  =  E_ALL & ~E_NOTICE & ~E_DEPRECATED
+```
+
+Activate the following extensions if they are not already actived (they should be): 
+```
+php5enmod calendar curl gd gettext iconv mcrypt mysql pdo_mysql openssl soap imagick
+```
+
+On Archinux uncomment the corresponding lines.
+
+
+# Write permission on directories
+- userfiles hold all uploaded files and files harvested from digital resources.
+- temp hold cache files, edit history and files generated by Bokeh.
+
+Example:
+```
+chmod -R 777 opacce/userfiles
 chmod -R 777 opacce/temp
 ```
-  
+If you don't want to give write permission to anybody, you must give it to the user who owns the PHP process at least.
+
+
 # MySQL config

 ## Finalise the installation (ArchLinux)