nginx configs

README.md

@@ -4,22 +4,27 @@ using a web interface, and provides some basic data summaries.  For more
 advanced analysis, you can export the contributor data as a CSV.  While there is
 basic authentication, it's probably best to run it on a private machine.
 
-To get up and running quickly, check out the 
+To get up and running quickly, check out the
 <a href="https://github.com/brianwarner/facade/wiki/Getting-started">Getting
 Started</a> guide.
 
-To get a feeling for how Facade works, you can also find a 
+To get a feeling for how Facade works, you can also find a
 <a href="https://osg.facade-oss.org">live demo</a> with a variety of projects.
 
 Facade is licensed under Apache 2.0.
 
+### Web Server Configuration Notes
+The default configuration uses the Apache web server. If you want to use nginx, there are two steps that are slightly different:
+1. [install your nginx server](./nginx-facade.md)
+2. [configure nginx server blocks (like virtual hosts in apache)](nginx-facade-server-blocks.md)
+3. There is also an nginx dependency installation script located in the utilities folder.
+> install_deps-nginx.sh
+
+
 ### Some tips and tricks
 
-System requirements:
- * Ubuntu 16.10+ or Debian Stretch+
- * Python 3
- * PHP 7.0.18+
- * mysql 5.7.17+
+Facade is known to work on Linux Mint 18, with Apache 2.4.18, Python 3, PHP
+7.0.18, and mysql 5.7.17. For best results, try these versions (or higher).
 
 Facade works by cloning a git repo, calculating the parents of HEAD (bounded by
 the start date), and scraping each patch for statistics. It calculates lines

nginx-facade-server-blocks.md

@@ -0,0 +1,105 @@
+Here is how I configured the nginx server to serve up facade .... 
+
+
+## Setting Up Server Blocks (Pretty much necessary if you are running more than one website on the server.)
+
+When using the Nginx web server, you can use server blocks (similar to virtual hosts in Apache) to encapsulate configuration details and host more than one domain from a single server. We will set up a domain called facade, but you should replace this with your own domain name.
+
+Create the directory for facade, using the -p flag to create any necessary parent directories:
+
+> sudo mkdir -p /var/www/facade/html
+
+Assign ownership of the directory:
+
+>sudo chown -R $USER:$USER /var/www/facade/html
+
+The permissions of your web roots should be correct if you haven't modified your umask value, but you can make sure by typing:
+
+>sudo chmod -R 755 /var/www/facade
+
+Create a sample index.html page using nano or your favorite editor:
+
+>nano /var/www/facade/html/index.html
+
+Inside, add the following sample HTML:
+
+/var/www/facade/html/index.html
+
+```html
+<html>
+    <head>
+        <title>Welcome to facade!</title>
+    </head>
+    <body>
+        <h1>Success!  The facade server block is working!</h1>
+    </body>
+</html>
+```
+
+Save and close the file when you are finished.
+
+Make a new server block at /etc/nginx/sites-available/facade:
+
+> sudo nano /etc/nginx/sites-available/facade
+
+Paste in the following configuration block, updated for our new directory and domain name:
+
+
+/etc/nginx/sites-available/facade
+
+```bash
+server {
+        listen 80;
+        listen [::]:80;
+
+        root /var/www/facade/html;
+        index index.html index.htm index.nginx-debian.html;
+
+        server_name facade www.facade;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+}
+```
+
+
+Save and close the file when you are finished.
+
+Enable the file by creating a link from it to the sites-enabled directory:
+
+> sudo ln -s /etc/nginx/sites-available/facade
+
+/etc/nginx/sites-enabled/
+
+Two server blocks are now enabled and configured to respond to requests based on their listen and server_name directives:
+
+facade: Will respond to requests for facade and www.facade.
+default: Will respond to any requests on port 80 that do not match the other two blocks.
+To avoid a possible hash bucket memory problem that can arise from adding additional server names, it is necessary to adjust a single value in the /etc/nginx/nginx.conf file. Open the file:
+
+> sudo nano /etc/nginx/nginx.conf
+
+Find the server_names_hash_bucket_size directive and remove the # symbol to uncomment the line:
+
+/etc/nginx/nginx.conf
+
+```bash
+http {
+    ...
+    server_names_hash_bucket_size 64;
+    ...
+}
+```
+
+Test for syntax errors:
+
+> sudo nginx -t
+
+Restart Nginx to enable your changes:
+
+> sudo systemctl restart nginx
+
+Nginx should now be serving your domain name. You can test this by navigating to http://facade, where you should see something like this:
+
+Nginx first server block

nginx-facade.md

@@ -0,0 +1,118 @@
+## Step 1: Install the php-fpm and php-mysql things
+ - sudo apt-get install php-fpm php-mysql
+
+## Step 2: Configure the PHP Processor
+We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.
+
+Open the main php-fpm configuration file with root privileges:
+
+> sudo vi /etc/php/7.2/fpm/php.ini
+
+What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to "1" by default.
+
+This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if the requested PHP file cannot be found. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn't be allowed to execute.
+
+We will change both of these conditions by uncommenting the line and setting it to "0" like this:
+
+*/etc/php/7.2/fpm/php.ini*
+>cgi.fix_pathinfo=0
+
+Save and close the file when you are finished.
+
+Now, we just need to restart our PHP processor by typing:
+
+> sudo systemctl restart php7.0-fpm
+
+This will implement the change that we made.
+
+## Step 3: Configure Nginx to Use the PHP Processor
+Now, we have all of the required components installed. The only configuration change we still need is to tell Nginx to use our PHP processor for dynamic content.
+
+We do this on the server block level (server blocks are similar to Apache's virtual hosts). Open the default Nginx server block configuration file by typing:
+
+> sudo vi /etc/nginx/sites-available/default
+
+Currently, with the comments removed, the Nginx default server block file looks like this:
+
+>/etc/nginx/sites-available/default
+server {
+>    listen 80 default_server;
+>    listen [::]:80 default_server;
+
+>    root /var/www/html;
+>    index index.html index.htm index.nginx-debian.html;
+
+>    server_name \_;
+
+>    location / {
+>        try_files $uri $uri/ =404;
+>    }
+>}
+
+We need to make some changes to this file for our site.
+
+First, we need to add index.php as the first value of our index directive so that files named index.php are served, if available, when a directory is requested.
+
+We can modify the server_name directive to point to our server's domain name or public IP address.
+
+For the actual PHP processing, we just need to uncomment a segment of the file that handles PHP requests by removing the pound symbols (#) from in front of each line. This will be the location ~\.php$ location block, the included fastcgi-php.conf snippet, and the socket associated with php-fpm.
+
+We will also uncomment the location block dealing with .htaccess files using the same method. Nginx doesn't process these files. If any of these files happen to find their way into the document root, they should not be served to visitors.
+
+The file should look like what's below:
+
+/etc/nginx/sites-available/default
+
+>server {
+>    listen 80 default_server;
+>    listen [::]:80 default_server;
+
+>    root /var/www/html;
+>    index index.php index.html index.htm index.nginx-debian.html;
+
+>    server_name server_domain_or_IP;
+
+>    location / {
+>        try_files $uri $uri/ =404;
+>    }
+
+>    location ~ \.php$ {
+>        include snippets/fastcgi-php.conf;
+>        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+>    }
+
+>    location ~ /\.ht {
+>        deny all;
+>    }
+>}
+
+When you've made the above changes, you can save and close the file.
+
+Test your configuration file for syntax errors by typing:
+
+>sudo nginx -t
+
+If any errors are reported, go back and recheck your file before continuing.
+
+When you are ready, reload Nginx to make the necessary changes:
+
+> sudo systemctl reload nginx
+
+## Step 4: Create a PHP File to Test Configuration
+Your LEMP stack should now be completely set up. We can test it to validate that Nginx can correctly hand .php files off to our PHP processor.
+
+We can do this by creating a test PHP file in our document root. Open a new file called info.php within your document root in your text editor:
+
+> sudo vi /var/www/html/info.php
+
+Type or paste the following lines into the new file. This is valid PHP code that will return information about our server:
+
+/var/www/html/info.php
+
+><?php
+> phpinfo();
+When you are finished, save and close the file.
+
+Now, you can visit this page in your web browser by visiting your server's domain name or public IP address followed by /info.php:
+
+http://server_domain_or_IP/info.php

utilities/install_deps-nginx.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Copyright 2016-2018 Brian Warner
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier:      Apache-2.0
+
+echo "
+This script will install the necessary dependencies to run Facade in either
+headless mode or using the web UI.  It will install nginx and the required PHP
+packages.  You can use either the web UI or the CLI to configure Facade and
+export analysis data.
+
+Installing any missing dependencies...
+"
+
+sudo apt-get install nginx  php-cli php-mysql \
+python3 python3-mysqldb php-fpm php-dom php-curl python3-bcrypt \
+python3-xlsxwriter python3-texttable
+
+echo "
+If everything went well, your next step is to run setup:
+ $ ./setup.py
+"