Nginx configuration for SquirrelMail
This is a nginx configuration for SquirrelMail. A webmail application written in PHP.
Filtering of invalid HTTP
Specific locations for all the scripts and plugins.
Matching of all
.htaccessfiles protections with Nginx.
Use of the open files cache for faster static file serving.
All documents are protected.
HTTPS enabled host.
Support for safely running the
datadirectories outside of the
Protection against running unauthorized PHP scripts.
Disable of crawling with inline
IPv6 and IPv4
The configuration of the example vhosts uses separate sockets for
IPv6 and IPv4. This way is simpler for those not (yet) having IPv6
support to disable it by commenting out the
directive with the
Note that the IPv6 address uses an IP stolen from the IPv6 Wikipedia page. You must replace the indicated address by your address.
1. Move the old `/etc/nginx` directory to `/etc/nginx.old`.
Clone the git repository from github:
git clone https://github.com/perusio/squirrelmail-nginx.git /etc/nginx
sites-available/secure.webmail.com.confwhen using the HTTPS host configuration file(s) to suit your needs. Especially replace stats.example.com with your domain.
Since the credentials are sent over the wire from your browser to the server it's highly recommended that you use an HTTPS host rather than a mere HTTP host.
Setup the PHP handling method. It can be:
Upstream HTTP server like Apache with mod_php. To use this method comment out the
include upstream_phpcgi.conf;line in
nginx.confand uncomment the lines:
include reverse_proxy.conf; include upstream_phpapache.conf;
Now you must set the proper address and port for your backend(s) in the
upstream_phpapache.conf. By default it assumes the loopback
127.0.0.1interface on port
8080. Adjust accordingly to reflect your setup.
Comment out all
stats.example.com.confUncomment out all the
proxy_passdirectives. They have a comment around them, stating these instructions.
FastCGI process using php-cgi. In this case an init script is required. This is how the server is configured out of the box. It uses UNIX sockets. You can use TCP sockets if you prefer.
PHP FPM, this requires you to configure your fpm setup, in Debian/Ubuntu this is done in the
Look here for an example configuration of
Check that the socket is properly created and is listening. This can be done with
netstat, like this for UNIX sockets:
netstat --unix -l
or like this for TCP sockets:
netstat -t -l
It should display the PHP CGI socket.
Note that the default socket type is UNIX and the config assumes it to be listening on
unix:/tmp/php-cgi/php-cgi.socket, if using the
php-cgi, or in
php-fpmand that you should change to reflect your setup by editing
/etc/nginx/sites-enableddirectory and enable the virtual host using one of the methods described below.
Note that if you're using the nginx_ensite script described below it creates the
/etc/nginx/sites-enableddirectory if it doesn't exist the first time you run it for enabling a site.
Check that your site is working using your browser.
Getting the latest Nginx packaged for Debian or Ubuntu
It may work or not on Ubuntu. Since Ubuntu seems to appreciate more finding semi-witty names for their releases instead of making clear what's the status of the software included. Is it stable? Is it testing? Is it unstable? The package may work with your currently installed environment or not. I don't have the faintest idea which release to advise. So you're on your own. Generally the APT machinery will sort out for you any dependencies issues that might exist.
Other Nginx configs on github
Securing your PHP configuration
There's a small shell script that parses your
sets a sane environment, be it for development or
Grab it here.