-#Server configuration
*Example virtual host configurations for popular web servers*
-- [Apache](#apache)[](.html)
-- [Nginx](#nginx)[](.html)
+- [Apache](#apache)
+- [Nginx](#nginx)
## Prerequisites
### Shaarli
### HTTPS, TLS and self-signed certificates
Related guides:
-* [How to Create Self-Signed SSL Certificates with OpenSSL](http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php)[](.html)
-* [How do I create my own Certificate Authority?](https://workaround.org/certificate-authority)[](.html)
+* [How to Create Self-Signed SSL Certificates with OpenSSL](http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php)
+* [How do I create my own Certificate Authority?](https://workaround.org/certificate-authority)
* Generate a self-signed certificate (will trigger browser warnings) with apache2: `make-ssl-cert generate-default-snakeoil --force-overwrite` will create `/etc/ssl/certs/ssl-cert-snakeoil.pem` and `/etc/ssl/private/ssl-cert-snakeoil.key`
### Proxies
- `X-Forwarded-Host`;
- `X-Forwarded-For`.
-See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%93&q=label%3Aproxy+) issues.[](.html)
+See also [proxy-related](https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%93&q=label%3Aproxy+) issues.
## Apache
### Minimal
This configuration will log both Apache and PHP errors, which may prove useful to identify server configuration errors.
See:
-* [Apache/PHP - error log per VirtualHost](http://stackoverflow.com/q/176) (StackOverflow)[](.html)
-* [PHP: php_value vs php_admin_value and the use of php_flag explained](https://ma.ttias.be/php-php_value-vs-php_admin_value-and-the-use-of-php_flag-explained/)[](.html)
+* [Apache/PHP - error log per VirtualHost](http://stackoverflow.com/q/176) (StackOverflow)
+* [PHP: php_value vs php_admin_value and the use of php_flag explained](https://ma.ttias.be/php-php_value-vs-php_admin_value-and-the-use-of-php_flag-explained/)
```apache
<VirtualHost *:80>
```
### Paranoid - Redirect HTTP (:80) to HTTPS (:443)
-See [Server-side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS#Apache) (Mozilla).[](.html)
+See [Server-side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS#Apache) (Mozilla).
```apache
<VirtualHost *:443>
Shaarli use `.htaccess` Apache files to deny access to files that shouldn't be directly accessed (datastore, config, etc.). You need the directive `AllowOverride All` in your virtual host configuration for them to work.
-**Warning**: If you use Apache 2.2 or lower, you need [mod_version](https://httpd.apache.org/docs/current/mod/mod_version.html) to be installed and enabled.[](.html)
+**Warning**: If you use Apache 2.2 or lower, you need [mod_version](https://httpd.apache.org/docs/current/mod/mod_version.html) to be installed and enabled.
Apache module `mod_rewrite` **must** be enabled to use the REST API. URL rewriting rules for the Slim microframework are stated in the root `.htaccess` file.
## Nginx
### Foreword
-Nginx does not natively interpret PHP scripts; to this effect, we will run a [FastCGI](https://en.wikipedia.org/wiki/FastCGI) service, to which Nginx's FastCGI module will proxy all requests to PHP resources.[](.html)
+Nginx does not natively interpret PHP scripts; to this effect, we will run a [FastCGI](https://en.wikipedia.org/wiki/FastCGI) service, to which Nginx's FastCGI module will proxy all requests to PHP resources.
Required packages:
-- [nginx](http://nginx.org)[](.html)
-- [php-fpm](http://php-fpm.org) - PHP FastCGI Process Manager[](.html)
+- [nginx](http://nginx.org)
+- [php-fpm](http://php-fpm.org) - PHP FastCGI Process Manager
Official documentation:
-- [Beginner's guide](http://nginx.org/en/docs/beginners_guide.html)[](.html)
-- [ngx_http_fastcgi_module](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html)[](.html)
-- [Pitfalls](http://wiki.nginx.org/Pitfalls)[](.html)
+- [Beginner's guide](http://nginx.org/en/docs/beginners_guide.html)
+- [ngx_http_fastcgi_module](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html)
+- [Pitfalls](http://wiki.nginx.org/Pitfalls)
Community resources:
-- [Server-side TLS (Nginx)](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) (Mozilla)[](.html)
-- [PHP configuration examples](http://kbeezie.com/nginx-configuration-examples/) (Karl Blessing)[](.html)
+- [Server-side TLS (Nginx)](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) (Mozilla)
+- [PHP configuration examples](http://kbeezie.com/nginx-configuration-examples/) (Karl Blessing)
### Common setup
Once Nginx and PHP-FPM are installed, we need to ensure:
user = john
group = users
-[...][](.html)
+[...]
listen.owner = john
listen.group = users
```
user john users;
http {
- [...][](.html)
+ [...]
}
```
# /etc/nginx/nginx.conf
http {
- [...][](.html)
+ [...]
client_max_body_size 10m;
- [...][](.html)
+ [...]
}
```
```ini
# /etc/php5/fpm/php.ini
-[...][](.html)
+[...]
post_max_size = 10M
-[...][](.html)
+[...]
upload_max_filesize = 10M
```
```nginx
# /etc/nginx/nginx.conf
-[...][](.html)
+[...]
http {
- [...][](.html)
+ [...]
root /home/john/web;
access_log /var/log/nginx/access.log;
```nginx
# /etc/nginx/nginx.conf
-[...][](.html)
+[...]
http {
- [...][](.html)
+ [...]
index index.html index.php;