Note:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "Package:Tengine"

From Funtoo
Jump to navigation Jump to search
m (more details)
(security updates and joomla compatibility)
 
(One intermediate revision by one other user not shown)
Line 44: Line 44:
}}
}}


{{file|name=/etc/tengine/tengine.conf|desc=make life easier|body=
#user tengine tengine;
user apache apache;
...
http {
...
# disable_symlinks if_not_owner;
disable_symlinks off;
...
}}
===Tengine===
===Tengine===
{{c|/etc/tengine/tengine.conf}} contains engine specific configurations.
{{c|/etc/tengine/tengine.conf}} contains engine specific configurations.
Line 50: Line 60:
{{c|/etc/tengine/sites-available/localhost}} has site specific configurations.  Generally localhost is copied to domain.tld file formats in the {{c|/etc/tengine/sites-available/}} directory.
{{c|/etc/tengine/sites-available/localhost}} has site specific configurations.  Generally localhost is copied to domain.tld file formats in the {{c|/etc/tengine/sites-available/}} directory.


===Redirection===
=== SSL Encryption ===
These days, it is usual to have anything on https to protect your users regarding login and privacy where it comes handy to automatically redirect requests from http which are often a result of the browsers autocompletion. To achieve that, we need a server listening on http and redirecting to our main server on https like this :
Follow these instructions [[HOWTO:WebServer_SSL]]


{{file|name=/etc/tengine/sites-available/redir|desc=redirection from http to https|body=
===Redirection / Rewriting ===
Tengine has a number of features that allow you to redirect users from one URL to another or rewrite the incoming URL so your site sees it differently.  If you are familiar with regular expressions, you're in luck as you'll be using them.  If you aren't, you might want to learn them.


server {
Do not use redirection to redirect from http to https as this opens up the possibility of a man-in-the-middle attackInstead, use HTTP Strict Transport Security. This is just a single line and its already in the above SSL configuration.
        server_name domain.tld;
        listen 80;
return 302 https://www.domain.tld$request_uri;
}
}}


=== Unix Socket ===
=== Unix Socket ===
Line 86: Line 92:
}
}
}}
}}
=== Content Management Systems ===
The above PHP configuration is a bare-minimal default.  If you are using a content management system where your URL doesn't end in .PHP, the above will fail.  A full description of how to set up Joomla is beyond the scope of this article, but you can start with this.  And like in the above example, if your PHP-FPM is running via TCP/IP you can change to an IP address instead of a Unix socket, although the most common reason for that is if you have the web server and PHP on different servers (and so you replace 127.0.0.1 with the PHP-FPM server's IP); otherwise, Unix domain is faster.  Also the try_files line should always end in =404 for security reasons.
<pre>
server {
        ...
      #- Support Clean (aka Search Engine Friendly) URLs
        location / {
            try_files $uri $uri/ /index.php?$args =404;
                        break;
        }
      #- deny running scripts inside writable directories
        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
                return 403;
                error_page 403 /error/403.html;
        }
        #- magic needed to make joomla URLs work
        location ~ [^/]\.php(/|$) {
                gzip off;
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
                include /etc/tengine/fastcgi.conf;
        }
        ...
}
</pre>


=== Passenger ===
=== Passenger ===

Latest revision as of 06:26, July 9, 2015

Tengine

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Tengine is an www-servers/nginx fork. It supports DSO module loading, meaning it can have external modules without the need to compile them in. Tengine is a good back end web server node choice. As tengine is missing from many upstream gentoo web-server-stack packages, emerge nginx also, and direct the system to use nginx instead of apache to prevent apache from being pulled in.

Installation

Shared & Static Modules

If you happen to want all modules installed dynamically, you, still, need to install some static modules. Make sure to add this to your /etc/portage/make.conf file:

   /etc/portage/make.conf - Tengine all-modules build
...
TENGINE_SHARED_MODULES_HTTP="access addition autoindex browser charset_filter empty_gif fastcgi flv footer_filter geoip image_filter limit_conn limit_req lua map memcached mp4 random_index referer reqstat rewrite scgi secure_link slice split_clients sub sysguard tfs trim_filter upstream_ip_hash upstream_least_conn upstream_session_sticky user_agent userid_filter uwsgi xslt"
TENGINE_STATIC_MODULES_HTTP="concat dav degradation geo gunzip gzip gzip_static perl proxy realip spdy ssi ssl stub_status upstream-rbtree upstream_check upstream_consistent_hash upstream_keepalive"
...

External Modules

Passenger is an easy method to serve ruby, python, node.js, and Meteor cms' or web applications.

If you want to run passenger:

   /etc/portage/make.conf - build the passenger module
TENGINE_EXTERNAL_MODULES_HTTP="passenger"

Then merge:

root # emerge tengine

Configuration

Files for configuration are located at /etc/tengine

The major differing point in tengine from nginx is that you have to specifically declare which modules are loaded. Available modules are located at /var/lib/tengine/modules.

   /etc/tengine/tengine.conf - DSO module statements
...
dso {
	load ngx_http_charset_filter_module.so;
	load ngx_http_fastcgi_module.so;
	load ngx_http_rewrite_module.so;
	load ngx_http_access_module.so; ## added because you want most likely use allow & deny on certain positions
}
...
   /etc/tengine/tengine.conf - make life easier
#user tengine tengine;
user apache apache;
...
http {
...
#	disable_symlinks if_not_owner;
	disable_symlinks off;
...

Tengine

/etc/tengine/tengine.conf contains engine specific configurations.

Sites

/etc/tengine/sites-available/localhost has site specific configurations. Generally localhost is copied to domain.tld file formats in the /etc/tengine/sites-available/ directory.

SSL Encryption

Follow these instructions HOWTO:WebServer_SSL

Redirection / Rewriting

Tengine has a number of features that allow you to redirect users from one URL to another or rewrite the incoming URL so your site sees it differently. If you are familiar with regular expressions, you're in luck as you'll be using them. If you aren't, you might want to learn them.

Do not use redirection to redirect from http to https as this opens up the possibility of a man-in-the-middle attack. Instead, use HTTP Strict Transport Security. This is just a single line and its already in the above SSL configuration.

Unix Socket

To listen on a unix socket & 127.0.0.1:

   /etc/tengine/sites-available/localhost - Listen on a unix socket
server{
	listen 127.0.0.1;
	listen unix:/var/run/tengine.sock;
...
}

PHP-FPM

Tengine does not natively support php, so we delegate that responsibility to php-fpm

   /etc/tengine/sites-available/localhost - fpm tcp/ip configuration
server {
        ...
	index index.php index.cgi index.htm index.html;
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#	        fastcgi_pass 127.0.0.1:9000;   #uncomment this line, and comment the socket line above to use tcp
		include fastcgi.conf;
        }
        ...
}

Content Management Systems

The above PHP configuration is a bare-minimal default. If you are using a content management system where your URL doesn't end in .PHP, the above will fail. A full description of how to set up Joomla is beyond the scope of this article, but you can start with this. And like in the above example, if your PHP-FPM is running via TCP/IP you can change to an IP address instead of a Unix socket, although the most common reason for that is if you have the web server and PHP on different servers (and so you replace 127.0.0.1 with the PHP-FPM server's IP); otherwise, Unix domain is faster. Also the try_files line should always end in =404 for security reasons.

server {
        ...
       #- Support Clean (aka Search Engine Friendly) URLs
        location / {
            try_files $uri $uri/ /index.php?$args =404;
                        break;
        }

       #- deny running scripts inside writable directories
        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
                return 403;
                error_page 403 /error/403.html;
        }

        #- magic needed to make joomla URLs work
        location ~ [^/]\.php(/|$) {
                gzip off;
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
                include /etc/tengine/fastcgi.conf;
        }
        ...
}

Passenger

Passenger's app environments:

  1. test
  2. development
  3. production
   Note

Anything the internet can touch should be in production mode.

Ruby on Rails

To serve with passenger, change the root statement below to point to your application's public directory:

   /etc/tengine/sites-available/localhost - passenger configuration
passenger_root /usr/libexec/passenger/locations.ini;
passenger_ruby /usr/bin/ruby;

server {
        passenger_enabled on;
	passenger_app_env development;
	root /home/$USER/ror/public;
        ...
}

Node.js

   /etc/tengine/sites-available/localhost - passenger configuration
passenger_root /usr/libexec/passenger/locations.ini;
passenger_ruby /usr/bin/ruby;

server {
        passenger_enabled on;
	passenger_app_env development;
	root /home/$USER/node/public;
        ...
}

Create the public directory:

root # mkdir /home/$USER/node/public

Passenger's node entry point is app.js, the entry point must be named this for passenger to serve it.

Create a node hello world:

   /home/$USER/node/app.js - node hello world
// Load the http module to create an http server.
var http = require('http');

// Configure our HTTP server to respond with Hello World to all requests.
var server = http.createServer(function (request, response) {
  response.writeHead(200, {"Content-Type": "text/plain"});
  response.end("Hello World From Node.js\n");
});

//**only for instances started via node app.js** Listen on port 8000, IP defaults to 127.0.0.1
server.listen(8000);

//**only for instances started via node app.js** Put a friendly message on the terminal
console.log("Server running at http://127.0.0.1:8000/");

Python

   Important

This section is in need of updates.

Currently (01:52, May 19, 2015 (UTC)) python 3.x doesn't clash well with passenger, however python 2.7 runs well.

root # eselect python set  python2.7

Usage

To start the tengine server:

root # rc-update add tengine default
root # rc