Neste momento, eu tenho o nginx trabalhando com 3 serviços: 1. Minha página da Web em my.example.com/~ignacio, meu servidor Rstudio em meu.exemplo.com/rstudio e meu servidor Shiny em my.example.com/ brilhante.
Este é o meu arquivo de configuração agora:
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13$
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/shiny/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
}
Agora estou tentando instalar o owncloud depois do tutorial . Eu tenho que mudar meu arquivo de configuração do nginx para adicionar o owncloud em my.example.com/owncloud, mas eu não sei exatamente como (e eu realmente prefiro não quebrar o que eu tenho trabalhando agora)
O que devo ter no meu arquivo de configuração para ter tudo funcionando?
Isso é o que eu tenho agora, depois de tentar adicionar o owncloud:
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/owncloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
location /owncloud/ {
alias /var/www/owncloud/;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
}
Shiny, Rstudio e / ~ ignacio estão funcionando. Se eu acessar meu.exemplo.com, o navegador faz o download de um arquivo e / owncloud não pode ser acessado.
Eu também tenho uma versão que tem Shiny, Rstudio e owncloud funcionando, mas / ~ ignacio não funciona: (
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# ownCloud blacklist
location ~ ^/owncloud/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
error_page 403 = /owncloud/core/templates/403.php;
}
location / {
index index.php index.html;
}
location /owncloud/ {
error_page 403 = /owncloud/core/templates/403.php;
error_page 404 = /owncloud/core/templates/404.php;
rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect;
rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;
# The following rules are only needed with webfinger
rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;
try_files $uri $uri/ index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf))$ {
expires 30d;
access_log off; # Optional: Don't log access to assets
}
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
}