The nginx webserver is a fast and powerfull webserver, which usually used in production for loadbalancing.
Here is the describiton:
https://eksith.wordpress.com/2008/12/08/nginx-php-on-windows/
On Windows7 x64 a lib Visual C++ Redistributable for Visual Studio 2012 Update 4 has to be installed, for php-cgi.exe to work. Otherwise it throws an exception
The program can't start because MSVCR110.dll is missing from your computer. Try reinstalling the problem to fix this problem."
Both versions, 32 and x64 bit have to be installed for the php-cgi to work:
http://www.microsoft.com/en-us/download/details.aspx?id=30679
Php in configured in php.ini. You can check where it should be located by checking the *Configuration File (php.ini) Path* among the output of
<?php phpinfo(); ?>
Alternatively you can pass the php.ini explicitely to the service php-cgi which serves the cgi requests.
"c:\nginx\php\php-cgi.exe" -b 127.0.0.1:9000 -c c:\Windows\php.ini
This config redirects all requests with all methods (GET, POST, PUT, DELETE) to the file index.php. The originally requested path may be retrieved from the $_SERVER variable. The GET / POST parameters are available as well.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
# this guy redirects any path to /api.json
rewrite ^.*$ /index.php last;
location / {
root html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
set $path_info $uri;
fastcgi_param PATH_INFO $fastcgi_script_name;
}
}
}
To retrieve the requested method do the following inside the index.php
<?php
echo "hello \n";
# requested method (PUT GET POST DELETE)
echo getServerVariable('REQUEST_METHOD') . "\n";
# REQUEST_URI as string
$requesturi = getServerVariable('REQUEST_URI');
echo requesturi . "\n";
# REQUEST_URI as an array of path segments
$requesturiArray = explode('/', $requesturi);
echo implode($requesturiArray) . "\n";
function getServerVariable($variable){
if(isset($_SERVER[$variable])){
$pmethod = $_SERVER[$variable];
return $pmethod;
}else{
return "$variable undefined";
}
}
?>
Generated config from reverse_proxy nginx
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
root@f5ae19524493:/# cat /etc/nginx/conf.d/default.conf# nginx-proxy version : 1.3.0# Networks available to the container running docker-gen (which are assumed to# match the networks available to the container running nginx):# docker_network# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the# scheme used to connect to this servermap $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto; '' $scheme;}map $http_x_forwarded_host $proxy_x_forwarded_host { default $http_x_forwarded_host; '' $http_host;}# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the# server port the client connected tomap $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; '' $server_port;}# If the request from the downstream client has an "Upgrade:" header (set to any# non-empty value), pass "Connection: upgrade" to the upstream (backend) server.# Otherwise, the value for the "Connection" header depends on whether the user# has enabled keepalive to the upstream server.map $http_upgrade $proxy_connection { default upgrade; '' $proxy_connection_noupgrade;}map $upstream_keepalive $proxy_connection_noupgrade { # Preserve nginx's default behavior (send "Connection: close"). default close; # Use an empty string to cancel nginx's default behavior. true '';}# Abuse the map directive (see <https://stackoverflow.com/q/14433309>) to ensure# that $upstream_keepalive is always defined. This is necessary because:# - The $proxy_connection variable is indirectly derived from# $upstream_keepalive, so $upstream_keepalive must be defined whenever# $proxy_connection is resolved.# - The $proxy_connection variable is used in a proxy_set_header directive in# the http block, so it is always fully resolved for every request -- even# those where proxy_pass is not used (e.g., unknown virtual host).map "" $upstream_keepalive { # The value here should not matter because it should always be overridden in # a location block (see the "location" template) for all requests where the # value actually matters. default false;}# Apply fix for very long server namesserver_names_hash_bucket_size 128;# Default dhparamssl_dhparam /etc/nginx/dhparam/dhparam.pem;# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_protomap $proxy_x_forwarded_proto $proxy_x_forwarded_ssl { default off; https on;}gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;log_format vhost '$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_addr"';access_log off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers off;error_log /dev/stderr;resolver 127.0.0.11;# HTTP 1.1 supportproxy_http_version 1.1;proxy_buffering off;proxy_set_header Host $http_host;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection $proxy_connection;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;proxy_set_header X-Original-URI $request_uri;# Mitigate httpoxy attack (see README for details)proxy_set_header Proxy "";server { server_name _; # This is just an invalid value which will never trigger on a real hostname. server_tokens off; listen 80; listen 443 ssl http2; access_log /var/log/nginx/access.log vhost; # No default.crt certificate found for this vhost, so force nginx to emit a # TLS error if the client connects via https. ssl_ciphers aNULL; set $empty ""; ssl_certificate data:$empty; ssl_certificate_key data:$empty; if ($https) { return 444; } return 503;}# alf.digital/upstream alf.digital { # Container: businesscard_s3 # networks: # docker_network (reachable) # IP address: 172.18.0.3 # exposed ports: 80/tcp 8081/tcp # default port: 80 # using port: 8081 # /!\ WARNING: Virtual port published on host. Clients # might be able to bypass nginx-proxy and # access the container's server directly. server 172.18.0.3:8081;}server { server_name alf.digital; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let's Encrypt ACME challenge location ^~ /.well-known/acme-challenge/ { auth_basic off; auth_request off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; }}server { server_name alf.digital; access_log /var/log/nginx/access.log vhost; listen 443 ssl http2 ; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/alf.digital.crt; ssl_certificate_key /etc/nginx/certs/alf.digital.key; set $sts_header ""; if ($https) { set $sts_header "max-age=31536000"; } add_header Strict-Transport-Security $sts_header always; location / { proxy_pass http://alf.digital; set $upstream_keepalive false; }}# card.alf.digital/upstream card.alf.digital { # Container: businesscard_s3 # networks: # docker_network (reachable) # IP address: 172.18.0.3 # exposed ports: 80/tcp 8081/tcp # default port: 80 # using port: 8081 # /!\ WARNING: Virtual port published on host. Clients # might be able to bypass nginx-proxy and # access the container's server directly. server 172.18.0.3:8081;}server { server_name card.alf.digital; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let's Encrypt ACME challenge location ^~ /.well-known/acme-challenge/ { auth_basic off; auth_request off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; }}server { server_name card.alf.digital; access_log /var/log/nginx/access.log vhost; listen 443 ssl http2 ; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/alf.digital.crt; ssl_certificate_key /etc/nginx/certs/alf.digital.key; set $sts_header ""; if ($https) { set $sts_header "max-age=31536000"; } add_header Strict-Transport-Security $sts_header always; location / { proxy_pass http://card.alf.digital; set $upstream_keepalive false; }}# wiki.alf.digital/upstream wiki.alf.digital { # Container: wiki_localhost # networks: # docker_network (reachable) # IP address: 172.18.0.2 # exposed ports: 8080/tcp 8443/tcp # default port: 80 # using port: 8080 # /!\ WARNING: Virtual port published on host. Clients # might be able to bypass nginx-proxy and # access the container's server directly. server 172.18.0.2:8080;}server { server_name wiki.alf.digital; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let's Encrypt ACME challenge location ^~ /.well-known/acme-challenge/ { auth_basic off; auth_request off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; }}server { server_name wiki.alf.digital; access_log /var/log/nginx/access.log vhost; listen 443 ssl http2 ; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/alf.digital.crt; ssl_certificate_key /etc/nginx/certs/alf.digital.key; set $sts_header ""; if ($https) { set $sts_header "max-age=31536000"; } add_header Strict-Transport-Security $sts_header always; location / { proxy_pass http://wiki.alf.digital; set $upstream_keepalive false; }}# www.alf.digital/upstream www.alf.digital { # Container: businesscard_s3 # networks: # docker_network (reachable) # IP address: 172.18.0.3 # exposed ports: 80/tcp 8081/tcp # default port: 80 # using port: 8081 # /!\ WARNING: Virtual port published on host. Clients # might be able to bypass nginx-proxy and # access the container's server directly. server 172.18.0.3:8081;}server { server_name www.alf.digital; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let's Encrypt ACME challenge location ^~ /.well-known/acme-challenge/ { auth_basic off; auth_request off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; }}server { server_name www.alf.digital; access_log /var/log/nginx/access.log vhost; listen 443 ssl http2 ; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/alf.digital.crt; ssl_certificate_key /etc/nginx/certs/alf.digital.key; set $sts_header ""; if ($https) { set $sts_header "max-age=31536000"; } add_header Strict-Transport-Security $sts_header always; location / { proxy_pass http://www.alf.digital; set $upstream_keepalive false; }} |