http://wiki.nginx.org/Main

According to Netcraft’s May 2010 Web Server Survey, nginx was found to be the third most widely used Web server across all domains (6.55% of surveyed sites) and the fourth most widely used Web server for all “active” sites (8.77% of surveyed sites).

eNginx is powering famous websites like WordPress, Hulu, Github, Ohloh, SourceForge and TorrentReactor.

-----------------------------------------------------------------------

Patch updated

Base : Turnkey Core Lucid

-----------------------------------------------------------------------

All my testing on LEMP over . I'm marking it as done .

Forum: 
Tags: 

Initially when we take http://<ip> we normally get a default page . I edited that page but I am having some problems with it.

Also when i logged in to the box via ssh the prompt loks like this:

(tklpatch)root@LEMP:~#

How can I remove this portion  '(tklpatch)', or will that be okay ?

Liraz Siri's picture

1) Regarding the first problem with the default web page you didn't give enough information to help you. I imagine it will be easier after you publish the tklpatch to see what you're doing.

2) You don't need to remove (tklpatch) from the prompt. It's harmless but if it bothers you, you can delete /etc/debian_chroot.

I just fixed this in the latest version of tklpatch, to delete this stray file.

Please check the patch file. I forgot to mention , fast-cgi also is integrated to it .

I successfully installed WordPress on nginx with the following script:

cd /var/www/nginx-default/
wget http://wordpress.org/latest.zip
unzip latest.zip
rm -f latest.zip
mv wordpress/* .
chown -R www-data.www-data *
chmod -R 755 *

Should I include the wordpress contents (or a script to download wordpress or any other CMS ) in  the Appliance?

It could be nice if we provided some helper scripts in the appliance:

install_drupal_contents.sh

install_wordpress_contents.sh 

What do you think?

Liraz Siri's picture

Basil, I wouldn't install WordPress or Drupal into LEMP because that would just make the appliance unnecessarily large and complicated. People who just want the basic LEMP stack would be disappointed.

But, I think including helper scripts to install popular web applications could be a good idea.

Liraz Siri's picture

Sorry we missed you on IRC the other day. It's great to have a new contributor join the project. I've played around with nginx myself a bit. It's a neat little high performance web server. In fact, it's running beneath our development wiki!

Regarding your question on how to publish, the easiest way is just to edit the forum post and attach the patch file to it. See the section in the documentation for full details.

Jeremy Davis's picture

Too much time between writing my post and posting it so Liraz beat me. Nothing much more to say (as Liraz has said it all) but good work regardless.

Liraz Siri's picture

I've taken a quick look at the patch. You're off to a good start! A few comments:

  • You didn't say what the base image was but from the contents of the conf file I'm guessing it is TurnKey LAMP. You remove one Apache related package (apache2.2-common), but TurnKey LAMP comes with many other Apache related packages. Perhaps it would be better to start with TurnKey Core instead and build up from that.
  • Your conf file doesn't set the -e flag in the shebang. This makes it silently ignore errors, which is not a good practice.
  • If this is an nginx appliance, it might not be the best idea to install lighttpd just for its fcgi script. It should be possible to setup FastCGI on nginx without having to rely on a lighttpd component...
  • Rather than putting a bunch of files in overlay/tmp/ and then copying them over in your conf script, you should consider just putting the files where you want them to go in the overlay. For example, instead of copying overlay/tmp/file1 to /etc/init.d/php-fastcgi you could just put the file  as overlay/etc/init.d/php-fastcgi. The same for the other tmp files.
  • There are a few unnecessary files in the patch (e.g., conf~). If you don't use a file, it's best to remove it. A clean, minimalistic patch is easier to understand.

Thanks a lot for the commets !

 

yes , it is based on Turnkey LAMP

currently i'm possesing problem with phpmyadmin

I 'll try to use -e flag

 

i'll submit a better patch .....

Old attachment removed and new patch added ........ please try it and please comment . Currently i 'm experiencing one problem with phpmyadmin on <ip>:12322. some problem with SSL exists  frown  Please help !

in the case of HTTPS , where is the cert and key file residing in turnkey linux  ?

Liraz Siri's picture

Sorry for the late reply Basil! The certificate is in /etc/ssl/certs/cert.pem. This certificate gets regenerated by /usr/lib/inithooks/firstboot.d/15regen-sslcert on first boot to prevent everyone from download an appliance to discover your private key...

but where is the key file ?

Liraz Siri's picture

The private key is encoded into the PEM along with the public certificate. For example:

See where it says "RSA PRIVATE KEY?"

$ cat /etc/ssl/certs/cert.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDNOvWIhashzFx/yP1g+WDlptezgIp37qToSmKugNMDCcUWnUyf
upuEuJD+e1IMFdbU4KLlDHVE2D3lFTKNz+oQsbJPEEGg/cWRwmClmofUfD04iu2i
WrDrF27EYEmDPuqExM9/KcQvgmt8KL6JNE0hEPaI+Zm2zjL/cWo/YH3EAwIDAQAB
AoGAHWYQvhnHxfOsXHHCOh3/D2azB3emXj/FR7FAKZcyowDHRtIJo+frVzvJKWso
+ao3OA9lxkHempoPY72BnGboNHJFlWI3admipgXxc8A4qetUUGfVknR1Ii1Ox4/l
PJi1Km2Opzy1HT97GkOHd7R2VtzAFDea47q5eZFyOF1znQECQQDvHYj/0f2JJ28U
BKxGm+Elq1mAVLHcxf7kTHzzJ10kpVyjc+bhfXpKWOH75wFWm/Fu8OaWuoHzxc5J
H6hAz51jAkEA27jjFW6LwfBHUHWrZv+ig3Ku03XdIVLopIvXHWCiuQkwWIU9cJ/g
1T2js7iS/lvoUojvSwI84XvM1mGqOIzQ4QJBAKSjLWUW7P62jCC4ZvXm9kq9hE58
AksEeNAwagfxnoxQ30wbzWiMwNrYACE1mRJNJRtB+0Lk//0cwUBP78VQLgkCQHOd
rPgZDDdHrO7cjA2NlEEgtneUvIANdVcoMlBGCjndaPAbZEIADrmGTr6B7+8iA3Ry
k5/flJN9pkJkb8KD7mECQHE/qU2dDBpWaUL/Gdh0b6WEY8CCafbCbOiCqDa8SVmk
qdIWqvcTxKlCJ9Qqb52W38VlaL6JkuiPe8foe6P+5sc=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICgzCCAeygAwIBAgIJAMraEW6uLBoVMA0GCSqGSIb3DQEBBQUAMDYxFjAUBgNV
BAoTDVR1cm5LZXkgTGludXgxHDAaBgNVBAsTE1NvZnR3YXJlIGFwcGxpYW5jZXMw
HhcNMTAwODIxMjMzODI2WhcNMjAwODE4MjMzODI2WjA2MRYwFAYDVQQKEw1UdXJu
S2V5IExpbnV4MRwwGgYDVQQLExNTb2Z0d2FyZSBhcHBsaWFuY2VzMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDNOvWIhashzFx/yP1g+WDlptezgIp37qToSmKu
gNMDCcUWnUyfupuEuJD+e1IMFdbU4KLlDHVE2D3lFTKNz+oQsbJPEEGg/cWRwmCl
mofUfD04iu2iWrDrF27EYEmDPuqExM9/KcQvgmt8KL6JNE0hEPaI+Zm2zjL/cWo/
YH3EAwIDAQABo4GYMIGVMB0GA1UdDgQWBBSJQvdyrhFCtdNyML6sDfMuLYfmBDBm
BgNVHSMEXzBdgBSJQvdyrhFCtdNyML6sDfMuLYfmBKE6pDgwNjEWMBQGA1UEChMN
VHVybktleSBMaW51eDEcMBoGA1UECxMTU29mdHdhcmUgYXBwbGlhbmNlc4IJAMra
EW6uLBoVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAY/8t6whMHpZw
gZcLkxYAYz1ux+nU/yGCemDIcQCR3SBrWhAkaDbo+F0mdoToquZbQBtUYyaD6cak
gWpqp516OUfvny7mx/YiGUp1m5c5lCifcgeI9Eby7yAFztytb9mhpx+SLNH49U4A
9llSNa0VYv803dtHksjjdokc4AQ4vp4=
-----END CERTIFICATE-----

You could store the public certificate and the private key in separate files but for convenience you usually just stick them in the same file.

I 'm thinking of creating the applaince from turnkey core lucid

hoschi's picture

this would be very cool for my symfony patch! I tried to install nginx and mysql there to apply my symfony patch there ... but no luck with nginx and phpmyadmin :(

lucid comes with php 5.3, which is better for develpors than old karmic 5.2, I think

 

Base : Turnkey Core Hardy

LEMP is now working on Turnkey core Lucid

Liraz Siri's picture

In fact I barely recognize it as based on the old TKLPatch. The only major issue I see here is your recreation of the SSL certificate. Better to use the default than generate a new one. We also take care of regenerating on first boot. Otherwise you open a can of worms because it's pretty easy to get the private component of your certificate when everyone is using exactly the same certificate...

Also, very minor but we fixed the problem with TKLPatch so that you don't have to fix it yourself by writing to /etc/debian_chroot.

Are you still having problems with PhpMyAdmin's SSL interface?

Now please check. No problem with phpmyadmin

Liraz Siri's picture

I took a closer look at your patch and applied a few fixes (attached to the original post):

  • replaced /etc/init.d/init-fastcgi: with a more robust, configurable script at /etc/init.d/php-fastcgi. This script can be configured via /etc/default/php-fastcgi. The defaults are different (2 children instead of 15). I did some benchmarking and many children only improves performance when there are as many Cores. Also, I bind to a unix socket at /var/run/nginx instead of to localhost:9000. The difference is in privilege levels. Any local process can access a localhost port. But a unix socket can be protected with file permissions (e.g., only www-data can access /var/run/nginx)
  • security vulnerability: Your patch logged to /var/www/nginx-default/logs where the webroot is /var/www/nginx-default. This made the logs accessible from the webroot. A very bad idea since logs may contain security sensitive data.
  • refactored nginx logs: I removed a bit of duplication from the configuration files.

Cheers!

Jeremy Davis's picture

But no clear timeframe other than a vague 'soon'. The devs are on the job but their todo list is a mile long and rather than say a date and dissapoint when things don't go to plan they promise nothing and deliver when ready.

I have no idea whether the patch is 'production ready' although my reading of Basil & Liraz's comments suggest that it probably would be ok. But obviously as this is a community produced/supported patch (rather than an official TKL appliance) it hasn't recieved the same level of testing as an official appliance.

If you desperately need it now or you would like to test, then use the patch. If you need an official TKL appliance then you'll need to wait.

Add new comment