The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "Package:Tengine"
Threesixes (talk | contribs) m (add stuff) |
(security updates and joomla compatibility) |
||
(14 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
|Summary=Robust, small and high performance http and reverse proxy server | |Summary=Robust, small and high performance http and reverse proxy server | ||
|CatPkg=www-servers/tengine | |CatPkg=www-servers/tengine | ||
|Homepage=http://tengine.taobao.org | |Homepage=http://tengine.taobao.org | ||
}} | }} | ||
Tengine is an {{package|www-servers/nginx}} fork. It supports DSO module loading, meaning it can have external modules without the need to compile them in. | Tengine is an {{package|www-servers/nginx}} fork. It supports DSO module loading, meaning it can have external modules without the need to compile them in. Tengine is a good back end web server node choice. As tengine is missing from many upstream gentoo web-server-stack packages, emerge nginx also, and direct the system to use nginx instead of apache to prevent apache from being pulled in. | ||
===Installation=== | ===Installation=== | ||
==== Shared & Static Modules ==== | |||
If you happen to want all modules installed dynamically, you, still, need to install some static modules. Make sure to add this to your {{c|/etc/portage/make.conf}} file: | If you happen to want all modules installed dynamically, you, still, need to install some static modules. Make sure to add this to your {{c|/etc/portage/make.conf}} file: | ||
Line 17: | Line 17: | ||
}} | }} | ||
Then | ==== External Modules ==== | ||
Passenger is an easy method to serve ruby, python, node.js, and Meteor cms' or web applications. | |||
If you want to run passenger: | |||
{{file|name=/etc/portage/make.conf|desc=build the passenger module|body= | |||
TENGINE_EXTERNAL_MODULES_HTTP="passenger" | |||
}} | |||
Then merge: | |||
{{console|body=###i## emerge tengine}} | {{console|body=###i## emerge tengine}} | ||
Line 31: | Line 39: | ||
load ngx_http_fastcgi_module.so; | load ngx_http_fastcgi_module.so; | ||
load ngx_http_rewrite_module.so; | load ngx_http_rewrite_module.so; | ||
load ngx_http_access_module.so; ## added because you want most likely use allow & deny on certain positions | |||
} | } | ||
... | ... | ||
}} | }} | ||
{{file|name=/etc/tengine/tengine.conf|desc=make life easier|body= | |||
#user tengine tengine; | |||
user apache apache; | |||
... | |||
http { | |||
... | |||
# disable_symlinks if_not_owner; | |||
disable_symlinks off; | |||
... | |||
}} | |||
===Tengine=== | ===Tengine=== | ||
{{c|/etc/tengine/tengine.conf}} contains engine specific configurations. | {{c|/etc/tengine/tengine.conf}} contains engine specific configurations. | ||
Line 41: | Line 60: | ||
{{c|/etc/tengine/sites-available/localhost}} has site specific configurations. Generally localhost is copied to domain.tld file formats in the {{c|/etc/tengine/sites-available/}} directory. | {{c|/etc/tengine/sites-available/localhost}} has site specific configurations. Generally localhost is copied to domain.tld file formats in the {{c|/etc/tengine/sites-available/}} directory. | ||
=== SSL Encryption === | |||
Follow these instructions [[HOWTO:WebServer_SSL]] | |||
===Redirection / Rewriting === | |||
Tengine has a number of features that allow you to redirect users from one URL to another or rewrite the incoming URL so your site sees it differently. If you are familiar with regular expressions, you're in luck as you'll be using them. If you aren't, you might want to learn them. | |||
Do not use redirection to redirect from http to https as this opens up the possibility of a man-in-the-middle attack. Instead, use HTTP Strict Transport Security. This is just a single line and its already in the above SSL configuration. | |||
=== Unix Socket === | |||
To listen on a unix socket & 127.0.0.1: | |||
{{file|name=/etc/tengine/sites-available/localhost|desc=Listen on a unix socket|body= | |||
server{ | |||
listen 127.0.0.1; | |||
listen unix:/var/run/tengine.sock; | |||
... | |||
} | |||
}} | |||
===PHP-FPM=== | ===PHP-FPM=== | ||
Tengine does not natively support php, so we delegate that responsibility to [[Package:PHP#Fpm | php-fpm]] | Tengine does not natively support php, so we delegate that responsibility to [[Package:PHP#Fpm | php-fpm]] | ||
Line 49: | Line 85: | ||
index index.php index.cgi index.htm index.html; | index index.php index.cgi index.htm index.html; | ||
location ~ \.php$ { | location ~ \.php$ { | ||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |||
# fastcgi_pass 127.0.0.1:9000; #uncomment this line, and comment the socket line above to use tcp | |||
include fastcgi.conf; | include fastcgi.conf; | ||
} | } | ||
Line 55: | Line 92: | ||
} | } | ||
}} | }} | ||
=== Content Management Systems === | |||
The above PHP configuration is a bare-minimal default. If you are using a content management system where your URL doesn't end in .PHP, the above will fail. A full description of how to set up Joomla is beyond the scope of this article, but you can start with this. And like in the above example, if your PHP-FPM is running via TCP/IP you can change to an IP address instead of a Unix socket, although the most common reason for that is if you have the web server and PHP on different servers (and so you replace 127.0.0.1 with the PHP-FPM server's IP); otherwise, Unix domain is faster. Also the try_files line should always end in =404 for security reasons. | |||
<pre> | |||
server { | |||
... | |||
#- Support Clean (aka Search Engine Friendly) URLs | |||
location / { | |||
try_files $uri $uri/ /index.php?$args =404; | |||
break; | |||
} | |||
#- deny running scripts inside writable directories | |||
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { | |||
return 403; | |||
error_page 403 /error/403.html; | |||
} | |||
#- magic needed to make joomla URLs work | |||
location ~ [^/]\.php(/|$) { | |||
gzip off; | |||
fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |||
if (!-f $document_root$fastcgi_script_name) { | |||
return 404; | |||
} | |||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |||
fastcgi_index index.php; | |||
include /etc/tengine/fastcgi.conf; | |||
} | |||
... | |||
} | |||
</pre> | |||
=== Passenger === | |||
Passenger's app environments: | |||
#test | |||
#development | |||
#production | |||
{{note|Anything the internet can touch should be in production mode.}} | |||
==== Ruby on Rails ==== | |||
To serve with passenger, change the root statement below to point to your application's public directory: | |||
{{file|name=/etc/tengine/sites-available/localhost|desc=passenger configuration|body= | |||
passenger_root /usr/libexec/passenger/locations.ini; | |||
passenger_ruby /usr/bin/ruby; | |||
server { | |||
passenger_enabled on; | |||
passenger_app_env development; | |||
root /home/$USER/ror/public; | |||
... | |||
} | |||
}} | |||
==== Node.js ==== | |||
{{file|name=/etc/tengine/sites-available/localhost|desc=passenger configuration|body= | |||
passenger_root /usr/libexec/passenger/locations.ini; | |||
passenger_ruby /usr/bin/ruby; | |||
server { | |||
passenger_enabled on; | |||
passenger_app_env development; | |||
root /home/$USER/node/public; | |||
... | |||
} | |||
}} | |||
Create the public directory: | |||
{{console|body=###i## mkdir /home/$USER/node/public}} | |||
Passenger's node entry point is app.js, the entry point must be named this for passenger to serve it. | |||
Create a node hello world: | |||
{{file|name=/home/$USER/node/app.js|desc=node hello world|body= | |||
// Load the http module to create an http server. | |||
var http = require('http'); | |||
// Configure our HTTP server to respond with Hello World to all requests. | |||
var server = http.createServer(function (request, response) { | |||
response.writeHead(200, {"Content-Type": "text/plain"}); | |||
response.end("Hello World From Node.js\n"); | |||
}); | |||
//**only for instances started via node app.js** Listen on port 8000, IP defaults to 127.0.0.1 | |||
server.listen(8000); | |||
//**only for instances started via node app.js** Put a friendly message on the terminal | |||
console.log("Server running at http://127.0.0.1:8000/");}} | |||
==== Python ==== | |||
{{SectionNeedsUpdates}} | |||
Currently (01:52, May 19, 2015 (UTC)) python 3.x doesn't clash well with passenger, however python 2.7 runs well. | |||
{{console|body=###i## eselect python set python2.7}} | |||
===Usage=== | ===Usage=== | ||
Line 61: | Line 193: | ||
{{console|body=###i## rc-update add tengine default | {{console|body=###i## rc-update add tengine default | ||
###i## rc}} | ###i## rc}} | ||
{{EbuildFooter}} | {{EbuildFooter}} |
Latest revision as of 06:26, July 9, 2015
Tengine
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
Tengine is an www-servers/nginx fork. It supports DSO module loading, meaning it can have external modules without the need to compile them in. Tengine is a good back end web server node choice. As tengine is missing from many upstream gentoo web-server-stack packages, emerge nginx also, and direct the system to use nginx instead of apache to prevent apache from being pulled in.
Installation
If you happen to want all modules installed dynamically, you, still, need to install some static modules. Make sure to add this to your /etc/portage/make.conf
file:
/etc/portage/make.conf
- Tengine all-modules build...
TENGINE_SHARED_MODULES_HTTP="access addition autoindex browser charset_filter empty_gif fastcgi flv footer_filter geoip image_filter limit_conn limit_req lua map memcached mp4 random_index referer reqstat rewrite scgi secure_link slice split_clients sub sysguard tfs trim_filter upstream_ip_hash upstream_least_conn upstream_session_sticky user_agent userid_filter uwsgi xslt"
TENGINE_STATIC_MODULES_HTTP="concat dav degradation geo gunzip gzip gzip_static perl proxy realip spdy ssi ssl stub_status upstream-rbtree upstream_check upstream_consistent_hash upstream_keepalive"
...
External Modules
Passenger is an easy method to serve ruby, python, node.js, and Meteor cms' or web applications.
If you want to run passenger:
/etc/portage/make.conf
- build the passenger moduleTENGINE_EXTERNAL_MODULES_HTTP="passenger"
Then merge:
root # emerge tengine
Configuration
Files for configuration are located at /etc/tengine
The major differing point in tengine from nginx is that you have to specifically declare which modules are loaded. Available modules are located at /var/lib/tengine/modules
.
/etc/tengine/tengine.conf
- DSO module statements...
dso {
load ngx_http_charset_filter_module.so;
load ngx_http_fastcgi_module.so;
load ngx_http_rewrite_module.so;
load ngx_http_access_module.so; ## added because you want most likely use allow & deny on certain positions
}
...
/etc/tengine/tengine.conf
- make life easier#user tengine tengine;
user apache apache;
...
http {
...
# disable_symlinks if_not_owner;
disable_symlinks off;
...
Tengine
/etc/tengine/tengine.conf
contains engine specific configurations.
Sites
/etc/tengine/sites-available/localhost
has site specific configurations. Generally localhost is copied to domain.tld file formats in the /etc/tengine/sites-available/
directory.
SSL Encryption
Follow these instructions HOWTO:WebServer_SSL
Redirection / Rewriting
Tengine has a number of features that allow you to redirect users from one URL to another or rewrite the incoming URL so your site sees it differently. If you are familiar with regular expressions, you're in luck as you'll be using them. If you aren't, you might want to learn them.
Do not use redirection to redirect from http to https as this opens up the possibility of a man-in-the-middle attack. Instead, use HTTP Strict Transport Security. This is just a single line and its already in the above SSL configuration.
Unix Socket
To listen on a unix socket & 127.0.0.1:
/etc/tengine/sites-available/localhost
- Listen on a unix socketserver{
listen 127.0.0.1;
listen unix:/var/run/tengine.sock;
...
}
PHP-FPM
Tengine does not natively support php, so we delegate that responsibility to php-fpm
/etc/tengine/sites-available/localhost
- fpm tcp/ip configurationserver {
...
index index.php index.cgi index.htm index.html;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
# fastcgi_pass 127.0.0.1:9000; #uncomment this line, and comment the socket line above to use tcp
include fastcgi.conf;
}
...
}
Content Management Systems
The above PHP configuration is a bare-minimal default. If you are using a content management system where your URL doesn't end in .PHP, the above will fail. A full description of how to set up Joomla is beyond the scope of this article, but you can start with this. And like in the above example, if your PHP-FPM is running via TCP/IP you can change to an IP address instead of a Unix socket, although the most common reason for that is if you have the web server and PHP on different servers (and so you replace 127.0.0.1 with the PHP-FPM server's IP); otherwise, Unix domain is faster. Also the try_files line should always end in =404 for security reasons.
server { ... #- Support Clean (aka Search Engine Friendly) URLs location / { try_files $uri $uri/ /index.php?$args =404; break; } #- deny running scripts inside writable directories location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { return 403; error_page 403 /error/403.html; } #- magic needed to make joomla URLs work location ~ [^/]\.php(/|$) { gzip off; fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; include /etc/tengine/fastcgi.conf; } ... }
Passenger
Passenger's app environments:
- test
- development
- production
Anything the internet can touch should be in production mode.
Ruby on Rails
To serve with passenger, change the root statement below to point to your application's public directory:
/etc/tengine/sites-available/localhost
- passenger configurationpassenger_root /usr/libexec/passenger/locations.ini;
passenger_ruby /usr/bin/ruby;
server {
passenger_enabled on;
passenger_app_env development;
root /home/$USER/ror/public;
...
}
Node.js
/etc/tengine/sites-available/localhost
- passenger configurationpassenger_root /usr/libexec/passenger/locations.ini;
passenger_ruby /usr/bin/ruby;
server {
passenger_enabled on;
passenger_app_env development;
root /home/$USER/node/public;
...
}
Create the public directory:
root # mkdir /home/$USER/node/public
Passenger's node entry point is app.js, the entry point must be named this for passenger to serve it.
Create a node hello world:
/home/$USER/node/app.js
- node hello world// Load the http module to create an http server.
var http = require('http');
// Configure our HTTP server to respond with Hello World to all requests.
var server = http.createServer(function (request, response) {
response.writeHead(200, {"Content-Type": "text/plain"});
response.end("Hello World From Node.js\n");
});
//**only for instances started via node app.js** Listen on port 8000, IP defaults to 127.0.0.1
server.listen(8000);
//**only for instances started via node app.js** Put a friendly message on the terminal
console.log("Server running at http://127.0.0.1:8000/");
Python
This section is in need of updates.
Currently (01:52, May 19, 2015 (UTC)) python 3.x doesn't clash well with passenger, however python 2.7 runs well.
root # eselect python set python2.7
Usage
To start the tengine server:
root # rc-update add tengine default root # rc