aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/html/Server-configuration
diff options
context:
space:
mode:
authornodiscc <nodiscc@gmail.com>2017-07-04 21:37:30 +0200
committerGitHub <noreply@github.com>2017-07-04 21:37:30 +0200
commit5b25a9635fe808bc1c4f3eee8cdf8485115da75d (patch)
treed5c46525f3c739d9c63de860427e0b3cadd688e5 /doc/html/Server-configuration
parentd5d22a6d07917865c44148ad76f43c65a929a890 (diff)
parent8bf94136e10c64496711c8f66a4f58f89c515360 (diff)
downloadShaarli-5b25a9635fe808bc1c4f3eee8cdf8485115da75d.tar.gz
Shaarli-5b25a9635fe808bc1c4f3eee8cdf8485115da75d.tar.zst
Shaarli-5b25a9635fe808bc1c4f3eee8cdf8485115da75d.zip
Merge pull request #772 from nodiscc/rtfd
Generate HTML documentation using MkDocs
Diffstat (limited to 'doc/html/Server-configuration')
-rw-r--r--doc/html/Server-configuration/index.html735
1 files changed, 735 insertions, 0 deletions
diff --git a/doc/html/Server-configuration/index.html b/doc/html/Server-configuration/index.html
new file mode 100644
index 00000000..6e798b4b
--- /dev/null
+++ b/doc/html/Server-configuration/index.html
@@ -0,0 +1,735 @@
1<!DOCTYPE html>
2<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
3<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
4<head>
5 <meta charset="utf-8">
6 <meta http-equiv="X-UA-Compatible" content="IE=edge">
7 <meta name="viewport" content="width=device-width, initial-scale=1.0">
8
9
10 <link rel="shortcut icon" href="../img/favicon.ico">
11 <title>Server configuration - Shaarli Documentation</title>
12 <link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
13
14 <link rel="stylesheet" href="../css/theme.css" type="text/css" />
15 <link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
16 <link rel="stylesheet" href="../css/highlight.css">
17 <link href="../github-markdown.css" rel="stylesheet">
18
19 <script>
20 // Current page data
21 var mkdocs_page_name = "Server configuration";
22 var mkdocs_page_input_path = "Server-configuration.md";
23 var mkdocs_page_url = "/Server-configuration/";
24 </script>
25
26 <script src="../js/jquery-2.1.1.min.js"></script>
27 <script src="../js/modernizr-2.8.3.min.js"></script>
28 <script type="text/javascript" src="../js/highlight.pack.js"></script>
29
30</head>
31
32<body class="wy-body-for-nav" role="document">
33
34 <div class="wy-grid-for-nav">
35
36
37 <nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
38 <div class="wy-side-nav-search">
39 <a href=".." class="icon icon-home"> Shaarli Documentation</a>
40 <div role="search">
41 <form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
42 <input type="text" name="q" placeholder="Search docs" />
43 </form>
44</div>
45 </div>
46
47 <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
48 <ul class="current">
49
50
51 <li class="toctree-l1">
52
53 <a class="" href="..">Home</a>
54 </li>
55
56 <li class="toctree-l1">
57
58 <span class="caption-text">Setup</span>
59 <ul class="subnav">
60 <li class="">
61
62 <a class="" href="../Download-and-Installation/">Download and Installation</a>
63 </li>
64 <li class="">
65
66 <a class="" href="../Upgrade-and-migration/">Upgrade and migration</a>
67 </li>
68 <li class="">
69
70 <a class="" href="../Server-requirements/">Server requirements</a>
71 </li>
72 <li class=" current">
73
74 <a class="current" href="./">Server configuration</a>
75 <ul class="subnav">
76
77 <li class="toctree-l3"><a href="#prerequisites">Prerequisites</a></li>
78
79 <ul>
80
81 <li><a class="toctree-l4" href="#shaarli">Shaarli</a></li>
82
83 <li><a class="toctree-l4" href="#https-tls-and-self-signed-certificates">HTTPS, TLS and self-signed certificates</a></li>
84
85 <li><a class="toctree-l4" href="#proxies">Proxies</a></li>
86
87 </ul>
88
89
90 <li class="toctree-l3"><a href="#apache">Apache</a></li>
91
92 <ul>
93
94 <li><a class="toctree-l4" href="#minimal">Minimal</a></li>
95
96 <li><a class="toctree-l4" href="#debug-log-all-the-things">Debug - Log all the things!</a></li>
97
98 <li><a class="toctree-l4" href="#standard-keep-access-and-error-logs">Standard - Keep access and error logs</a></li>
99
100 <li><a class="toctree-l4" href="#paranoid-redirect-http-80-to-https-443">Paranoid - Redirect HTTP (:80) to HTTPS (:443)</a></li>
101
102 <li><a class="toctree-l4" href="#htaccess">.htaccess</a></li>
103
104 </ul>
105
106
107 <li class="toctree-l3"><a href="#lighthttpd">LightHttpd</a></li>
108
109
110 <li class="toctree-l3"><a href="#nginx">Nginx</a></li>
111
112 <ul>
113
114 <li><a class="toctree-l4" href="#foreword">Foreword</a></li>
115
116 <li><a class="toctree-l4" href="#common-setup">Common setup</a></li>
117
118 <li><a class="toctree-l4" href="#optional-increase-the-maximum-file-upload-size">(Optional) Increase the maximum file upload size</a></li>
119
120 <li><a class="toctree-l4" href="#minimal_1">Minimal</a></li>
121
122 <li><a class="toctree-l4" href="#modular">Modular</a></li>
123
124 <li><a class="toctree-l4" href="#redirect-http-to-https">Redirect HTTP to HTTPS</a></li>
125
126 </ul>
127
128
129 </ul>
130 </li>
131 <li class="">
132
133 <a class="" href="../Server-security/">Server security</a>
134 </li>
135 <li class="">
136
137 <a class="" href="../Shaarli-configuration/">Shaarli configuration</a>
138 </li>
139 <li class="">
140
141 <a class="" href="../Plugins/">Plugins</a>
142 </li>
143 </ul>
144 </li>
145
146 <li class="toctree-l1">
147
148 <span class="caption-text">Docker</span>
149 <ul class="subnav">
150 <li class="">
151
152 <a class="" href="../Docker-101/">Docker 101</a>
153 </li>
154 <li class="">
155
156 <a class="" href="../Shaarli-images/">Shaarli images</a>
157 </li>
158 <li class="">
159
160 <a class="" href="../Reverse-proxy-configuration/">Reverse proxy configuration</a>
161 </li>
162 <li class="">
163
164 <a class="" href="../Docker-resources/">Docker resources</a>
165 </li>
166 </ul>
167 </li>
168
169 <li class="toctree-l1">
170
171 <span class="caption-text">Usage</span>
172 <ul class="subnav">
173 <li class="">
174
175 <a class="" href="../Features/">Features</a>
176 </li>
177 <li class="">
178
179 <a class="" href="../Bookmarklet/">Bookmarklet</a>
180 </li>
181 <li class="">
182
183 <a class="" href="../Browsing-and-searching/">Browsing and searching</a>
184 </li>
185 <li class="">
186
187 <a class="" href="../Firefox-share/">Firefox share</a>
188 </li>
189 <li class="">
190
191 <a class="" href="../RSS-feeds/">RSS feeds</a>
192 </li>
193 <li class="">
194
195 <a class="" href="../REST-API/">REST API</a>
196 </li>
197 </ul>
198 </li>
199
200 <li class="toctree-l1">
201
202 <span class="caption-text">How To</span>
203 <ul class="subnav">
204 <li class="">
205
206 <a class="" href="../Backup,-restore,-import-and-export/">Backup, restore, import and export</a>
207 </li>
208 <li class="">
209
210 <a class="" href="../Various-hacks/">Various hacks</a>
211 </li>
212 </ul>
213 </li>
214
215 <li class="toctree-l1">
216
217 <a class="" href="../Troubleshooting/">Troubleshooting</a>
218 </li>
219
220 <li class="toctree-l1">
221
222 <span class="caption-text">Development</span>
223 <ul class="subnav">
224 <li class="">
225
226 <a class="" href="../Development-guidelines/">Development guidelines</a>
227 </li>
228 <li class="">
229
230 <a class="" href="../Continuous-integration-tools/">Continuous integration tools</a>
231 </li>
232 <li class="">
233
234 <a class="" href="../GnuPG-signature/">GnuPG signature</a>
235 </li>
236 <li class="">
237
238 <a class="" href="../Coding-guidelines/">Coding guidelines</a>
239 </li>
240 <li class="">
241
242 <a class="" href="../Directory-structure/">Directory structure</a>
243 </li>
244 <li class="">
245
246 <a class="" href="../3rd-party-libraries/">3rd party libraries</a>
247 </li>
248 <li class="">
249
250 <a class="" href="../Plugin-System/">Plugin System</a>
251 </li>
252 <li class="">
253
254 <a class="" href="../Release-Shaarli/">Release Shaarli</a>
255 </li>
256 <li class="">
257
258 <a class="" href="../Versioning-and-Branches/">Versioning and Branches</a>
259 </li>
260 <li class="">
261
262 <a class="" href="../Security/">Security</a>
263 </li>
264 <li class="">
265
266 <a class="" href="../Static-analysis/">Static analysis</a>
267 </li>
268 <li class="">
269
270 <a class="" href="../Theming/">Theming</a>
271 </li>
272 <li class="">
273
274 <a class="" href="../Unit-tests/">Unit tests</a>
275 </li>
276 </ul>
277 </li>
278
279 <li class="toctree-l1">
280
281 <span class="caption-text">About</span>
282 <ul class="subnav">
283 <li class="">
284
285 <a class="" href="../FAQ/">FAQ</a>
286 </li>
287 <li class="">
288
289 <a class="" href="../Community-&-Related-software/">Community & Related software</a>
290 </li>
291 </ul>
292 </li>
293
294 </ul>
295 </div>
296 &nbsp;
297 </nav>
298
299 <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
300
301
302 <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
303 <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
304 <a href="..">Shaarli Documentation</a>
305 </nav>
306
307
308 <div class="wy-nav-content">
309 <div class="rst-content">
310 <div role="navigation" aria-label="breadcrumbs navigation">
311 <ul class="wy-breadcrumbs">
312 <li><a href="..">Docs</a> &raquo;</li>
313
314
315
316 <li>Setup &raquo;</li>
317
318
319
320 <li>Server configuration</li>
321 <li class="wy-breadcrumbs-aside">
322
323 <a href="https://github.com/shaarli/Shaarli/edit/master/docs/Server-configuration.md"
324 class="icon icon-github"> Edit on GitHub</a>
325
326 </li>
327 </ul>
328 <hr/>
329</div>
330 <div role="main">
331 <div class="section">
332
333 <p><em>Example virtual host configurations for popular web servers</em></p>
334<ul>
335<li><a href="#apache">Apache</a></li>
336<li><a href="#nginx">Nginx</a></li>
337</ul>
338<h2 id="prerequisites">Prerequisites</h2>
339<h3 id="shaarli">Shaarli</h3>
340<ul>
341<li>Shaarli is installed in a directory readable/writeable by the user</li>
342<li>the correct read/write permissions have been granted to the web server <em>user and/or group</em></li>
343<li>for HTTPS / SSL:</li>
344<li>a key pair (public, private) and a certificate have been generated</li>
345<li>the appropriate server SSL extension is installed and active</li>
346</ul>
347<h3 id="https-tls-and-self-signed-certificates">HTTPS, TLS and self-signed certificates</h3>
348<p>Related guides:
349<em> <a href="http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php">How to Create Self-Signed SSL Certificates with OpenSSL</a>
350</em> <a href="https://workaround.org/certificate-authority">How do I create my own Certificate Authority?</a>
351* Generate a self-signed certificate (will trigger browser warnings) with apache2: <code>make-ssl-cert generate-default-snakeoil --force-overwrite</code> will create <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> and <code>/etc/ssl/private/ssl-cert-snakeoil.key</code></p>
352<h3 id="proxies">Proxies</h3>
353<p>If Shaarli is served behind a proxy (i.e. there is a proxy server between clients and the web server hosting Shaarli), please refer to the proxy server documentation for proper configuration. In particular, you have to ensure that the following server variables are properly set:
354- <code>X-Forwarded-Proto</code>;
355- <code>X-Forwarded-Host</code>;
356- <code>X-Forwarded-For</code>.</p>
357<p>See also <a href="https://github.com/shaarli/Shaarli/issues?utf8=%E2%9C%93&amp;q=label%3Aproxy+">proxy-related</a> issues.</p>
358<h2 id="apache">Apache</h2>
359<h3 id="minimal">Minimal</h3>
360<pre><code class="apache">&lt;VirtualHost *:80&gt;
361 ServerName shaarli.my-domain.org
362 DocumentRoot /absolute/path/to/shaarli/
363&lt;/VirtualHost&gt;
364</code></pre>
365
366<h3 id="debug-log-all-the-things">Debug - Log all the things!</h3>
367<p>This configuration will log both Apache and PHP errors, which may prove useful to identify server configuration errors.</p>
368<p>See:
369<em> <a href="http://stackoverflow.com/q/176">Apache/PHP - error log per VirtualHost</a> (StackOverflow)
370</em> <a href="https://ma.ttias.be/php-php_value-vs-php_admin_value-and-the-use-of-php_flag-explained/">PHP: php_value vs php_admin_value and the use of php_flag explained</a></p>
371<pre><code class="apache">&lt;VirtualHost *:80&gt;
372 ServerName shaarli.my-domain.org
373 DocumentRoot /absolute/path/to/shaarli/
374
375 LogLevel warn
376 ErrorLog /var/log/apache2/shaarli-error.log
377 CustomLog /var/log/apache2/shaarli-access.log combined
378
379 php_flag log_errors on
380 php_flag display_errors on
381 php_value error_reporting 2147483647
382 php_value error_log /var/log/apache2/shaarli-php-error.log
383&lt;/VirtualHost&gt;
384</code></pre>
385
386<h3 id="standard-keep-access-and-error-logs">Standard - Keep access and error logs</h3>
387<pre><code class="apache">&lt;VirtualHost *:80&gt;
388 ServerName shaarli.my-domain.org
389 DocumentRoot /absolute/path/to/shaarli/
390
391 LogLevel warn
392 ErrorLog /var/log/apache2/shaarli-error.log
393 CustomLog /var/log/apache2/shaarli-access.log combined
394&lt;/VirtualHost&gt;
395</code></pre>
396
397<h3 id="paranoid-redirect-http-80-to-https-443">Paranoid - Redirect HTTP (:80) to HTTPS (:443)</h3>
398<p>See <a href="https://wiki.mozilla.org/Security/Server_Side_TLS#Apache">Server-side TLS</a> (Mozilla).</p>
399<pre><code class="apache">&lt;VirtualHost *:443&gt;
400 ServerName shaarli.my-domain.org
401 DocumentRoot /absolute/path/to/shaarli/
402
403 SSLEngine on
404 SSLCertificateFile /absolute/path/to/the/website/certificate.pem
405 SSLCertificateKeyFile /absolute/path/to/the/website/key.key
406
407 &lt;Directory /absolute/path/to/shaarli/&gt;
408 AllowOverride All
409 Options Indexes FollowSymLinks MultiViews
410 Order allow,deny
411 allow from all
412 &lt;/Directory&gt;
413
414 LogLevel warn
415 ErrorLog /var/log/apache2/shaarli-error.log
416 CustomLog /var/log/apache2/shaarli-access.log combined
417&lt;/VirtualHost&gt;
418&lt;VirtualHost *:80&gt;
419 ServerName shaarli.my-domain.org
420 Redirect 301 / https://shaarli.my-domain.org
421
422 LogLevel warn
423 ErrorLog /var/log/apache2/shaarli-error.log
424 CustomLog /var/log/apache2/shaarli-access.log combined
425&lt;/VirtualHost&gt;
426</code></pre>
427
428<h3 id="htaccess">.htaccess</h3>
429<p>Shaarli use <code>.htaccess</code> Apache files to deny access to files that shouldn't be directly accessed (datastore, config, etc.). You need the directive <code>AllowOverride All</code> in your virtual host configuration for them to work.</p>
430<p><strong>Warning</strong>: If you use Apache 2.2 or lower, you need <a href="https://httpd.apache.org/docs/current/mod/mod_version.html">mod_version</a> to be installed and enabled.</p>
431<p>Apache module <code>mod_rewrite</code> <strong>must</strong> be enabled to use the REST API. URL rewriting rules for the Slim microframework are stated in the root <code>.htaccess</code> file.</p>
432<h2 id="lighthttpd">LightHttpd</h2>
433<h2 id="nginx">Nginx</h2>
434<h3 id="foreword">Foreword</h3>
435<p>Nginx does not natively interpret PHP scripts; to this effect, we will run a <a href="https://en.wikipedia.org/wiki/FastCGI">FastCGI</a> service, to which Nginx's FastCGI module will proxy all requests to PHP resources.</p>
436<p>Required packages:
437- <a href="http://nginx.org">nginx</a>
438- <a href="http://php-fpm.org">php-fpm</a> - PHP FastCGI Process Manager</p>
439<p>Official documentation:
440- <a href="http://nginx.org/en/docs/beginners_guide.html">Beginner's guide</a>
441- <a href="http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html">ngx_http_fastcgi_module</a>
442- <a href="http://wiki.nginx.org/Pitfalls">Pitfalls</a></p>
443<p>Community resources:
444- <a href="https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx">Server-side TLS (Nginx)</a> (Mozilla)
445- <a href="http://kbeezie.com/nginx-configuration-examples/">PHP configuration examples</a> (Karl Blessing)</p>
446<h3 id="common-setup">Common setup</h3>
447<p>Once Nginx and PHP-FPM are installed, we need to ensure:
448- Nginx and PHP-FPM are running using the <em>same user and group</em>
449- both these user and group have
450 - <code>read</code> permissions for Shaarli resources
451 - <code>execute</code> permissions for Shaarli directories <em>AND</em> their parent directories</p>
452<p>On a production server:
453- <code>user:group</code> will likely be <code>http:http</code>, <code>www:www</code> or <code>www-data:www-data</code>
454- files will be located under <code>/var/www</code>, <code>/var/http</code> or <code>/usr/share/nginx</code></p>
455<p>On a development server:
456- files may be located in a user's home directory
457- in this case, make sure both Nginx and PHP-FPM are running as the local user/group!</p>
458<p>For all following configuration examples, this user/group pair will be used:
459- <code>user:group = john:users</code>,</p>
460<p>which corresponds to the following service configuration:</p>
461<pre><code class="ini">; /etc/php/php-fpm.conf
462user = john
463group = users
464
465[...]
466listen.owner = john
467listen.group = users
468</code></pre>
469
470<pre><code class="nginx"># /etc/nginx/nginx.conf
471user john users;
472
473http {
474 [...]
475}
476</code></pre>
477
478<h3 id="optional-increase-the-maximum-file-upload-size">(Optional) Increase the maximum file upload size</h3>
479<p>Some bookmark dumps generated by web browsers can be <em>huge</em> due to the presence of Base64-encoded images and favicons, as well as extra verbosity when nesting links in (sub-)folders.</p>
480<p>To increase upload size, you will need to modify both nginx and PHP configuration:</p>
481<pre><code class="nginx"># /etc/nginx/nginx.conf
482
483http {
484 [...]
485
486 client_max_body_size 10m;
487
488 [...]
489}
490</code></pre>
491
492<pre><code class="ini"># /etc/php5/fpm/php.ini
493
494[...]
495post_max_size = 10M
496[...]
497upload_max_filesize = 10M
498</code></pre>
499
500<h3 id="minimal_1">Minimal</h3>
501<p><em>WARNING: Use for development only!</em> </p>
502<pre><code class="nginx">user john users;
503worker_processes 1;
504events {
505 worker_connections 1024;
506}
507
508http {
509 include mime.types;
510 default_type application/octet-stream;
511 keepalive_timeout 20;
512
513 index index.html index.php;
514
515 server {
516 listen 80;
517 server_name localhost;
518 root /home/john/web;
519
520 access_log /var/log/nginx/access.log;
521 error_log /var/log/nginx/error.log;
522
523 location /shaarli/ {
524 try_files $uri /shaarli/index.php$is_args$args;
525 access_log /var/log/nginx/shaarli.access.log;
526 error_log /var/log/nginx/shaarli.error.log;
527 }
528
529 location ~ (index)\.php$ {
530 try_files $uri =404;
531 fastcgi_split_path_info ^(.+\.php)(/.+)$;
532 fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
533 fastcgi_index index.php;
534 include fastcgi.conf;
535 }
536 }
537}
538</code></pre>
539
540<h3 id="modular">Modular</h3>
541<p>The previous setup is sufficient for development purposes, but has several major caveats:
542- every content that does not match the PHP rule will be sent to client browsers:
543 - dotfiles - in our case, <code>.htaccess</code>
544 - temporary files, e.g. Vim or Emacs files: <code>index.php~</code>
545- asset / static resource caching is not optimized
546- if serving several PHP sites, there will be a lot of duplication: <code>location /shaarli/</code>, <code>location /mysite/</code>, etc.</p>
547<p>To solve this, we will split Nginx configuration in several parts, that will be included when needed:</p>
548<pre><code class="nginx"># /etc/nginx/deny.conf
549location ~ /\. {
550 # deny access to dotfiles
551 access_log off;
552 log_not_found off;
553 deny all;
554}
555
556location ~ ~$ {
557 # deny access to temp editor files, e.g. &quot;script.php~&quot;
558 access_log off;
559 log_not_found off;
560 deny all;
561}
562</code></pre>
563
564<pre><code class="nginx"># /etc/nginx/php.conf
565location ~ (index)\.php$ {
566 # Slim - split URL path into (script_filename, path_info)
567 try_files $uri =404;
568 fastcgi_split_path_info ^(.+\.php)(/.+)$;
569
570 # filter and proxy PHP requests to PHP-FPM
571 fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
572 fastcgi_index index.php;
573 include fastcgi.conf;
574}
575
576location ~ \.php$ {
577 # deny access to all other PHP scripts
578 deny all;
579}
580</code></pre>
581
582<pre><code class="nginx"># /etc/nginx/static_assets.conf
583location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
584 expires max;
585 add_header Pragma public;
586 add_header Cache-Control &quot;public, must-revalidate, proxy-revalidate&quot;;
587}
588</code></pre>
589
590<pre><code class="nginx"># /etc/nginx/nginx.conf
591[...]
592
593http {
594 [...]
595
596 root /home/john/web;
597 access_log /var/log/nginx/access.log;
598 error_log /var/log/nginx/error.log;
599
600 server {
601 # virtual host for a first domain
602 listen 80;
603 server_name my.first.domain.org;
604
605 location /shaarli/ {
606 # Slim - rewrite URLs
607 try_files $uri /shaarli/index.php$is_args$args;
608
609 access_log /var/log/nginx/shaarli.access.log;
610 error_log /var/log/nginx/shaarli.error.log;
611 }
612
613 location = /shaarli/favicon.ico {
614 # serve the Shaarli favicon from its custom location
615 alias /var/www/shaarli/images/favicon.ico;
616 }
617
618 include deny.conf;
619 include static_assets.conf;
620 include php.conf;
621 }
622
623 server {
624 # virtual host for a second domain
625 listen 80;
626 server_name second.domain.com;
627
628 location /minigal/ {
629 access_log /var/log/nginx/minigal.access.log;
630 error_log /var/log/nginx/minigal.error.log;
631 }
632
633 include deny.conf;
634 include static_assets.conf;
635 include php.conf;
636 }
637}
638</code></pre>
639
640<h3 id="redirect-http-to-https">Redirect HTTP to HTTPS</h3>
641<p>Assuming you have generated a (self-signed) key and certificate, and they are located under <code>/home/john/ssl/localhost.{key,crt}</code>, it is pretty straightforward to set an HTTP (:80) to HTTPS (:443) redirection to force SSL/TLS usage.</p>
642<pre><code class="nginx"># /etc/nginx/nginx.conf
643[...]
644
645http {
646 [...]
647
648 index index.html index.php;
649
650 root /home/john/web;
651 access_log /var/log/nginx/access.log;
652 error_log /var/log/nginx/error.log;
653
654 server {
655 listen 80;
656 server_name localhost;
657
658 return 301 https://localhost$request_uri;
659 }
660
661 server {
662 listen 443 ssl;
663 server_name localhost;
664
665 ssl_certificate /home/john/ssl/localhost.crt;
666 ssl_certificate_key /home/john/ssl/localhost.key;
667
668 location /shaarli/ {
669 # Slim - rewrite URLs
670 try_files $uri /index.php$is_args$args;
671
672 access_log /var/log/nginx/shaarli.access.log;
673 error_log /var/log/nginx/shaarli.error.log;
674 }
675
676 location = /shaarli/favicon.ico {
677 # serve the Shaarli favicon from its custom location
678 alias /var/www/shaarli/images/favicon.ico;
679 }
680
681 include deny.conf;
682 include static_assets.conf;
683 include php.conf;
684 }
685}
686</code></pre>
687
688 </div>
689 </div>
690 <footer>
691
692 <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
693
694 <a href="../Server-security/" class="btn btn-neutral float-right" title="Server security">Next <span class="icon icon-circle-arrow-right"></span></a>
695
696
697 <a href="../Server-requirements/" class="btn btn-neutral" title="Server requirements"><span class="icon icon-circle-arrow-left"></span> Previous</a>
698
699 </div>
700
701
702 <hr/>
703
704 <div role="contentinfo">
705 <!-- Copyright etc -->
706
707 </div>
708
709 Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
710</footer>
711
712 </div>
713 </div>
714
715 </section>
716
717 </div>
718
719 <div class="rst-versions" role="note" style="cursor: pointer">
720 <span class="rst-current-version" data-toggle="rst-current-version">
721
722 <a href="https://github.com/shaarli/Shaarli" class="fa fa-github" style="float: left; color: #fcfcfc"> GitHub</a>
723
724
725 <span><a href="../Server-requirements/" style="color: #fcfcfc;">&laquo; Previous</a></span>
726
727
728 <span style="margin-left: 15px"><a href="../Server-security/" style="color: #fcfcfc">Next &raquo;</a></span>
729
730 </span>
731</div>
732 <script src="../js/theme.js"></script>
733
734</body>
735</html>