Add Nginx sample configuration file

[joenepraat]

Please add a sample configuration file for Nginx.

I successfully start php artisan horizon, but now like to access it via the webbrowser. So I'm stuck at the last step.

[trwnh]

It's probably going to be similar to deploying any other PHP/Laravel app. Here's what that might look like, based on what I usually use for these kinds of apps:

server {
server_name             pixelfed.example.com;
listen                  443 ssl;

# ssl cert stuff goes here, generate it yourself or e.g. with certbot
ssl_certificate         /path/to/fullchain.pem;
ssl_certificate_key     /path/to/privkey.pem;
include                 /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam             /path/to/ssl-dhparams.pem;


root                    /path/to/pixelfed/public;
index                   index.php;
access_log              logs/pixelfed-access.log main;
error_log               logs/pixelfed-error.log;

include                 snippets/php.conf;
include                 snippets/expires.conf;
}

# redirect http to https
server {
    server_name             pixelfed.example.com;
    listen                  80;
    return 301              https://$host$request_uri;
}

php.conf:

location ~ \.php$ {
include        fastcgi_params;
fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
}

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

expires.conf:

location ~*  \.(jpg|jpeg|png|gif|ico|css|js|pdf|svg)$ {
    expires 365d;
}

options-ssl-nginx.conf (part of certbot):

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

Note: tailor these to your preferences, and also, I haven't actually tested this on Pixelfed. But you should be able to get this to work at minimum with

• server_name
• listen
• root
• index
• snippets/php.conf
• the ssl stuff, if you'd like to use https

[joenepraat]

Thank you. With the help of other examples on the internet I can now access it via Nginx. But I still have problems accessing things. I now get 404 errors for /login and /register.

[joenepraat]

Ok, that works now too. I will publish my nginx vhost file when all works like it should.

[asonix]

Here's my configs
On my reverse proxy:

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

upstream pixelweb {
        ip_hash;
        keepalive_timeout 10800;
        server 192.168.2.8:80;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name pooltoy.club;

        ssl_protocols TLSv1.2;
        ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_certificate /etc/letsencrypt/live/pooltoy.club/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/pooltoy.club/privkey.pem; # managed by Certbot

        keepalive_timeout       10800;
        sendfile                on;
        client_max_body_size    0;

        access_log      /var/log/nginx/pixelfed.access.log;

        add_header      X-Clacks-Overhead "GNU Natalie Nguyen";

        location / {
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto https;
                proxy_set_header        Proxy "";
                proxy_pass_header       Server;
                proxy_read_timeout      10800s;

                proxy_pass              http://pixelweb;
                proxy_buffering         off;
                proxy_redirect          off;
                proxy_http_version      1.1;
                proxy_set_header        Upgrade $http_upgrade;
                proxy_set_header        Connection $connection_upgrade;
                # proxy_set_header      Connection "";

                proxy_redirect          http://pixelweb https://pooltoy.club;
                tcp_nodelay             on;
        }
}

On my box

upstream php {
        server unix:/run/php/php7.2-fpm.sock;
}

server {
        listen 80;
        listen [::]:80;
        server_name 192.168.2.8;

        index index.php index.html;
        root /home/pixelfed/live/public;

        client_max_body_size 64M;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param HTTPS on;
                fastcgi_pass php;
                fastcgi_index index.php;
        }
}

[joenepraat]

I have this thing working now, maybe I missed something. I keep the issue open, cause people still need a correct Nginx config.

[joenepraat]

For your information: this is the Nginx vhost file I created (hostname.tld has to be changed of course):

server {
listen               80 default_server;
listen               [::]:80 default_server;
server_name   hostname.tld;

location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }

}

server {
server_name       hostname.tld;
listen                  443 ssl default_server;
listen                  [::]:443 ssl default_server;

ssl on;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/hostname.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hostname.tld/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/dhparam.pem;

root                    /var/www/pixelfed/public;
index                   index.php index.html index.htm;

client_max_body_size 8M;

try_files $uri $uri/ @rewrite;
location @rewrite {
       rewrite ^/(.*)$ /index.php?_url=/$1;
}

location ~ \.php$ {
        include         fastcgi_params;
        fastcgi_pass    unix:/run/php/php7.2-fpm.sock;
        fastcgi_index   /index.php;
        fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO       $fastcgi_path_info;
        fastcgi_param   PATH_TRANSLATED $document_root$fastcgi_path_info;
}

location ~*  \.(jpg|jpeg|png|gif|ico|css|js|pdf|svg)$ {
    expires 365d;
}

location ~ /\.ht {
    deny all;
}

}

[dansup]

@jeroenpraat You can find an example here: https://laravel.com/docs/5.7/deployment#nginx

Also this is the nginx config I use for pixelfed.social:

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name .pixelfed.social;
    root /home/forge/pixelfed.social/public;

    ssl_certificate /etc/nginx/ssl/pixelfed.social/******/server.crt;
    ssl_certificate_key /etc/nginx/ssl/pixelfed.social/******/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/pixelfed.social-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

[dansup]

Oops, didn't mean to close the issue. I will add an example config to the repo when I have a chance!

[capmisson]

Finally went thru all, was a bit of mixings but all good now, I did an alpha guide on how to install pixelfed, with scripts in it too and my nginx config file
https://github.com/capmisson/pixelfedinstall

[joenepraat]

@capmisson Why did you install Elixir and those Erlang packages?

[capmisson]

In fact some part of dependencies I took it directly from a script I found somewhere to install pleroma + pixelfed deps, might not be needed neither. Gonna update it, thanks @jeroenpraat

[capmisson]

Updated it on:
https://github.com/capmisson/pixelfed & nginx @ https://github.com/capmisson/pixelfed/blob/dev/example.com.conf

[trwnh]

https://docs.pixelfed.org/master/requirements.html#webserver-configuration now includes an example nginx config