Nginx Documentation

[mayamcdougall]

Rough draft is complete. Still needs further revision and editing, but I wanted to share what I've gotten done so far.

View-able at http://smcdougall.github.io/Pico/nginx/

Any input is appreciated. 😃

[PhrozenByte]

Not used

[mayamcdougall]

I wasn't sure about those. I had just based it on another page, so I left them in. Thanks.

[PhrozenByte]

Missing ';'

[mayamcdougall]

Thanks, those semi-colons are the bane of my existence. I leave them off at least once every time I edit a config file. >.<

Unfortunately, it won't work in the Pico location block. It needs to send the variable externally to PHP, and because of how the blocks are processed, it won't "remember" it from the Pico block when it gets to the php block.

It's a two-step process, first the url is rewritten to "/?some/page/url" using the Pico block, then it checks it again and matches it against the PHP block. It then sends the page to php-fpm for external processing, which is when it needs to know the variable.

[PhrozenByte]

Ah, ic, thanks for the explanation 😃

[PhrozenByte]

GitHub Pages (i.e. Kramdown) unfortunately doesn't support fenced code blocks correctly (three different Markdown parses are a pain...). See http://smcdougall.github.io/Pico/docs/#nginx-configuration. But indentation works fine 😃

[mayamcdougall]

Huh, wow, I did not notice that. Why does it work in nginx.md then? Wouldn't they be processed the same?

(I put it in a code block because the * in the example was messing up my syntax highlighting in Atom.)

[mayamcdougall]

Oops, that was supposed to reissue the same commit... guess I did it wrong. 😆

(Figured it out)

[PhrozenByte]

Ah, no, Kramdown does support fenced code blocks, but it requires you to add a empty line before and after the fenced code block.

[mayamcdougall]

Ah, okay. Should be fixed now.

[PhrozenByte]

/pico/index.php?$1&$args;, see above

[mayamcdougall]

Reading this, we can save a round trip by directly rewriting to /index.php?$uri&$args.

I don't know if it really saves a "round trip" or not. My assumption for how it works is that it would just "tack on" the name of the index file if unspecified.

Either way, I'll add index.php to match it up closer with .htaccess.

[PhrozenByte]

I think it's a good idea to let the components, i.e.

An easier solution might be to place all the common components (index, access denials, php rules) into a separate file

directly link to the appropriate sections above 😃

[mayamcdougall]

Considering you're from Germany.... it would probably be in poor taste to call you a "Documentation Nazi", huh? 😒

Seriously though, I appreciate all the help. 😉

[mayamcdougall]

I think it's a good idea to let the components directly link to the appropriate sections above 😃

👍

[mayamcdougall]

I've tested test try_files $uri =404; and it seems to work properly. Oddly enough, even with cgi.fix_pathinfo = 1, my server returned an "Access Denied" message from PHP (it was not a message from Nginx). There must be another security option somewhere else in Ubuntu's default config that I don't know about.

[mayamcdougall]

😒 I just realized I could have replied to each of your comments inside the line-note.

I don't know, I guess I just thought that button was for adding a new note. 😞

[PhrozenByte]

Okay, I've finished reading. Reading and fixing should never happen simultaneous 😉 You can btw directly answer to my comments by clicking the Add a line note button, otherwise the comments get completely out of order and it's extremely hard to follow the discussion. (#edit: I've just noticed that you've found it already 😄)

Anyway, I'll answer your comments here this time.

General notes:
I love it! ❤️ Sure, there are small issues, but none of them is even close to being "mission critical" 😃 As you've already noticed (:smile:) I'm a perfectionist (:wink:), so please don't be offended by so many comments - they are all just very minor issues I stumbled over. I could have fixed them after merge myself, but it's your document, so I thought it would be better to tell you where I see open issues instead.

After you've finished your work I'll read it again and merge it (that's not urgent! Do it whenever you've time for it). Again, I cannot emphasise enough that the document is great! 👍

Section "Getting Started", first paragraph: #345 (comment)

While the example... starting point, here we will provide a more in-depth look at Nginx configuration.

Yeah, I like that! 👍

Splitting the document into subsections: #345 (comment)

I used "Getting Started" as an introduction to the tutorial portion of the page.

True. "Nginx Configuration" sounds good. This is completely up to you, it just came to my mind immediately after reading this sentence.

How to name blocks: #345 (comment)
Then maybe simply just "Nginx's server configuration is broken into blocks." or something like that? I just stumbled over it while reading 😄

Nginx and HTTPS: #345 (comment) + #345 (comment)
Yeah, I'm using Let's Encrypt, too (and I love it). 353a17b is a absolute perfect solution! 👍

Directory listing (autoindex off; and Options -Indexes): #345 (comment)
Ah, I see. Yeah, then it's probably best to simply remove the half sentence in brackets as it doesn't apply to nginx anyway.

Denying access globally: #345 (comment)
I look forward to your solution for it 😃

Moving the "Deny access" section below "PHP Configuration": #345 (comment)
Ah, okay, thanks for clarifying this!

PHP with nginx vs. PHP with Apache: #345 (comment)
Yep, simply remove the comparison, it's just fine then 😃

OS-Dependant examples: #345 (comment)
Hmm... I don't have a real solution for this. But you had one 😉 353a17b is just fine!

try_files instead of the very complex location regex, fastcgi_split_path_info and if: #345 (comment) + #345 (comment)
Yes, I've tested it, works like a charm. 😃

[PhrozenByte]

Can you please move the file to in-depth/nginx.md?

[mayamcdougall]

[That line you removed about answering me this one time]

My excuse is that I was thinking that adding a new line note would put it at the end of the thread anyway. I didn't realize until I clicked on it that it would create a little sub-thread for the reply. It makes sense though, and seems handy. I'll use that next time.

I'm a perfectionist (:wink:)

Me too. I understand. 😆

[mayamcdougall]

try_files instead of the very complex location regex, fastcgi_split_path_info and if

So it's safe to remove fastcgi_split_path_info? I haven't tried that myself, but the point of the line seems to be to separate out any path following the .php file (example.com/index.php/some/url) and give it to PHP as a variable. Since Pico instead uses a query string internally, I can see why that wouldn't be needed. Just wanted to make sure there's no other purpose it might server for us.

Honestly, I've just been including the line because I've seen it a lot in examples... I don't actually know what purpose it serves on the PHP side of things or what that path information is used for. 😅

[PhrozenByte]

Yes, you can safely remove fastcgi_split_path_info. You can also use a much simpler regex like location ~ \.php$ { }.

The purpose of this directive is to imitate the PATH_INFO feature to allow SEO-like URLs out-of-the-box. PATH_INFO actually is part of the official CGI specification (see https://tools.ietf.org/html/rfc3875#section-4.1.5), but is practically limited to Apache (see https://httpd.apache.org/docs/2.2/mod/core.html#acceptpathinfo). Alternative webservers (like nginx - or IIS, lighttpd, httpd...)support PATH_INFO with workarounds only. Many configurations out there don't have those workarounds enabled. Thus it's usually a bad idea to use PATH_INFO. However, there are (better) alternatives - like QUERY_STRING.

[mayamcdougall]

sigh So I don't really have a better option for the denial rule at the moment. I added a little note about it in-case it causes issues. I don't really think it's worth the extra effort at this point when I'll probably have to rewrite half the document for 1.1 anyway.

In the future, a solution might be a location block containing all the Pico rules. Using a setup like that, there should be a way to state Pico's location once and have all the other rules conform to it.

I experimented a little while back with adding a separate root declaration inside of a location block and it did successfully change the $document_root variable inside the location block. The problem was that it didn't impact $uri at all. I think this was due to the change being after Nginx had created the $uri (it was inside the rewrite rule block).

Perhaps by declaring a Pico location with a new root, we could treat all the nested locations (the existing blocks) as if Pico were installed in Document Root. If this worked, we could potentially provide one Nginx example that would work no matter where Pico was installed. You'd enter Pico's location once and all subsequent rules would use it. This would also make all our rules affect only Pico, and eliminate the need to worry about interfering other software on the same virtual host.

Just speculating at the point, but it would be worth looking into in the future. 😄

---

Also, in regards to adding a new subsection to the document where Getting Started is... I'm not sure it's necessary. I'm just looking at the rendered page and imagining adding a new header. It feels a little redundant. There would only be two sections not inside it (Example Config and Advanced Tips), so it feels a bit like the entire document would be inside the new section. The document as a whole is about "Nginx Configuration", and every section in it is directly related to that topic (except for where I've already broken it down).

I don't know. As always, I'm open to any arguments you have in favor of it, I just don't think it adds any benefit right now.

---

And, I think that's everything. Let me know if I've forgotten to address any points we discussed.

And sorry for the extra long reply. 😅

[PhrozenByte]

Using root sounds promising, I look forward to your changes for Pico 1.1. I'm fine with not adding a superior section, it was just an idea. Maybe when you update the document for Pico 1.1. We'll see 😃

I've merged your PR with some very minor changes (see fa07158). 🎉 Thank you for your efforts @smcdougall, absolutely great work! 👍 😃