new article: owncloud 5 and nginx

2013-04-19 23:33:50 +02:00 · 2013-04-19 23:33:50 +02:00 · f175b20e43
commit f175b20e43
parent 47abf0492d
1 changed files with 101 additions and 0 deletions
--- a/source/_posts/2013-04-19-owncloud-5-and-nginx.markdown
+++ b/source/_posts/2013-04-19-owncloud-5-and-nginx.markdown
@ -0,0 +1,101 @@
+---
+layout: post
+title: "Owncloud 5 and nginx"
+date: 2013-04-19 22:54
+comments: true
+categories: 
+- nginx
+- owncloud
+description: "My nginx configuration used for owncloud"
+---
+
+Since my last [post](http://localhost:4000/2012/06/03/owncloud-4-and-nginx/)
+owncloud has added [offical documentation for nginx](http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html#nginx-configuration).
+Unfortunately the documentation there didn't worked for me out of the box:
+
+```plain error.log
+2013/04/19 22:14:38 [error] 32402#0: *251 FastCGI sent in stderr: "Access to the
+script '/var/www/cloud' has been denied (see security.limit_extensions)" while
+reading response header from upstream,  client: ::1,  server:
+cloud.higgsboson.tk,  request: "GET /index.php HTTP/1.1",  upstream:
+"fastcgi://unix:/var/run/php-fpm.sock:",  host: "cloud.higgsboson.tk"
+```
+
+The problem here was again a missing fastcgi_params option.
+
+To solve the problem include the following line either in '/etc/nginx/fastcgi_params'
+
+```nginx /etc/nginx/fastcgi_params
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+# ...
+```
+
+or in the owncloud block in nginx.conf:
+
+``` nginx /etc/nginx/nginx.conf
+server {
+  listen 80;
+  server_name cloud.example.com;
+  return  https://$server_name$request_uri;  # enforce https
+}
+
+server {
+  listen 443 ssl;
+  server_name cloud.example.com;
+
+  ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
+  ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
+
+  # Path to the root of your installation
+  root /var/www/;
+
+  client_max_body_size 10G; # set max upload size
+  fastcgi_buffers 64 4K;
+
+  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+  index index.php;
+  error_page 403 = /core/templates/403.php;
+  error_page 404 = /core/templates/404.php;
+
+  location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
+    deny all;
+  }
+
+  location / {
+    # The following 2 rules are only needed with webfinger
+    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+last;
+
+    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+
+    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+
+    try_files $uri $uri/ index.php;
+  }
+
+  location ~ ^(.+?\.php)(/.*)?$ {
+    try_files $1 = 404;
+
+    include fastcgi_params;
+    fastcgi_param PATH_INFO $2;
+    fastcgi_param HTTPS on;
+    # THIS LINE WAS ADDED
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_pass 127.0.0.1:9000;
+    # Or use unix-socket with 'fastcgi_pass unix:/var/run/php5-fpm.sock;'
+  }
+
+  # Optional: set long EXPIRES header on static assets
+  location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
+    expires 30d;
+    # Optional: Don't log access to assets
+    access_log off;
+  }
+
+}
+```