Hello Devz,
Here are the simple steps to configure your existing web server:
Create the directory for your website’s files
Lets make our first simple website. I’m hosting all mine on the external USB drive I mounted earlier. In the directory /data. Type:
sudo mkdir -p /data/mysite.com/www
sudo mkdir -p /data/mysite.com/logs
All your PHP/HTML/CSS etc will live in /data/mysite.com/www, and all of the access and error logs related to that site will go into /data/mysite.com/logs. Just so we can test the site is working later, lets create a minimalist HTML file in /data/mysite.com/www:
sudo nano /data/mysite.com/www/index.html
Write a short message or bit of HTML. Quit and save changes. Now we want to secure the /data/mysite.com files and directories a little bit – they’re currently owned by root, and in order for nginx to have access they need to be owned by a special user and group called ‘www-data’.
sudo chown -R www-data:www-data /data/mysite.com
This changes the mysite directory and all of its contents to have the www-data owner and group.
Configure nginx to serve the website
We’ll start by making a copy of the default website config that ships with nginx, then customising it. “Available” sites are all stored as individual configuration files inside the directory /etc/nginx/sites-available – we need to create a new one for ‘mysite.com’
cd /etc/nginx/sites-available
sudo cp default mysite.com
That’s made a site available (to nginx) but it is not yet enabled (i.e., it’s not yet used by nginx); to enable it we create a ‘symbolic link’ inside /etc/nginx/sites-enabled to the file we just created:
sudo ln -s /etc/nginx/sites-available/mysite.com /etc/nginx/sites-enabled/mysite.com
If we ever want to disable a website all we need to do is delete the symbolic link from the sites-enabled directory (which leaves the file in sites-available where it is). We’ll remove the default website while we’re here:
sudo rm /etc/nginx/sites-enabled/default
Now lets re-load nginx so our changes all take effect:
sudo /etc/init.d/nginx reload
With those re-loaded lets get the settings for ‘mysite’ correct:
sudo nano /etc/nginx/sites-available/mysite.com
This will be full of stuff. Once we start working with PhpMyAdmin and Owncloud we need to change more than Matt’s guide shows, but lets stick to this simple website first. A copy of the default website configuration with lots of comments to help you out. We need to make some changes: Inside the server { … } block, change the following lines (they won’t all be together, just look through and edit):
root /data/mysite.com/www
index index.php index.html index.htm
server_name mysite.com.local mysite.com
We also want to add a few lines:
error_log /data/mysite.com/logs/error.log error;
access_log /data/mysite.com/logs/access.log;
Save your edits and quit by pressing Ctrl + X, Y, Enter. Now we can reload the configuration files so nginx uses the new values:
sudo /etc/init.d/nginx reload
Once that completes open a new browser window on your computer and try to access http://mysite.com.local – you should see the HTML file you created earlier. If so, congratulations, you’ve got a basic server working on your Pi!
Configure the PHP Processor
We still need to make a slight configuration change to make our setup more secure.
Open the main php5-fpm configuration file with root privileges:
sudo nano /etc/php5/fpm/php.ini
What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.
This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.
We will change both of these conditions by uncommenting the line and setting it to “0” like this:
cgi.fix_pathinfo=0
Save and close the file when you are finished.
Now, we just need to restart our PHP processor by typing:
sudo service php5-fpm restart
This will implement the change that we made.
Enjoy! 🙂
