Optimized LEMP Web Server to manage your WordPress, PHP, or simple HTML sites running on a powerful NGINX setup.
Home Page: https://webinoly.com
License: GNU General Public License v3.0
Hi love your stack. I want to know if there is an option of using brotli compression rather than default gzip?
I couldn't find any mention in documentation.
I am going to test it on aws
Pls check and fix, i try port 22 and 22222, but cant connect
Hello,
I've just updated my webinoly installation to the latest version few hours ago, then right after the update I noticed that I was not able to run webinoly again without getting the following error:
BASH Shell is required!After looking at the code, I've found that this error came from the following condition, which check if my login shell is bash (which is not).
# Check for BASH Shell
if [[ -z $(grep -E "^${SUDO_USER:-${USER}}\:.*\/bash.*$" /etc/passwd) ]]; then
echo "$(tput setaf 1)BASH Shell is required!$(tput sgr0)"
exit 1
fiI can't see any reasons why my login shell must be bash, which leads me to think that this isn't the real expectations of this condition.
Can you confirm what is she supposed to do ? That way I would be able to submit a fix.
Webinoly new version support Ubuntu 16.04 ?
sudo webinoly -default-site=blackhole
-- Results
Generating a 2048 bit RSA private key
.........................................+++
....+++
writing new private key to '/etc/ssl/private/webinoly-blackhole.key.pem'
-----
Blackhole Nginx site was successfully assigned as default site!
Now run
sudo webinoly -verify
-- Results
Verifying integrity of the entire Webinoly system...
[INFO] File: /etc/nginx/.htpasswd not found!
[WARNING] Default site not found or is not enabled!
********************************************************************************
***************************
******** [ W A R N I N G ] System seems to be corrupted and could not work
properly ***********
********************************************************************************
***************************
I found that "-mainline" is adding wrong PPA for mainline branch of NGINX.
Now adds: https://launchpad.net/~nginx/+archive/ubuntu/development
but mainline is now on: https://launchpad.net/~nginx/+archive/ubuntu/mainline
I am not seeing any method for adding Third-Party SSL Certs? Do I need to do these manually?
On EasyEngine for example, I will tell it to use a self-signed certificate then just replace the key/cert files with my real cert. It did all the configuration for me automatically. This makes it convenient.
Hi,
The script looks very nifty. However, it appears that it is limited to assign www-data user and group as sftp or web domain owner.
Instead, may I suggest to create a separate user/group and other users for each domain?
What I meant is to create a clientID for each user and userID for each website created similar to ISPConfig3?
client1 shall own web1, web3 ..
client2 shall own web2, web7
client3 can own web 4, web5 and web8 and so on.
The clients and webs shall only have sftp access, no system access. SSH access may be made to switched on or off.
This would be helpful in multiuser environment.
Cheers,
/z
Issue
include /var/www/testdomain.com/*-nginx.conf; is incorrect. It should be include /var/www/maindomain.com/*-nginx.conf; because it is the parked domain and need to load all the configuration of the main one.Step to reproduce:
Assume that maindomain.com and testdomain.com are all registered and correctly DNS'ed.
Create main domain:
sudo site maindomain.com -php
sudo site maindomain.com -force-redirect=root
sudo site maindomain.com -ssl-on
sudo site -testdomain.com -parked=maindomain.com
Bug on screen:
Site testdomain.com has been successfully created!
Main site domain: maindomain.com
Parked domain was successfully configured!
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
More information:
sudo nginx -t error:
nginx: [warn] conflicting server name "testdomain.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.testdomain.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "testdomain.com" on [::]:80, ignored
nginx: [warn] conflicting server name "www.testdomain.com" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Content of testdomain.com
# WebinolyWWWredirectStart - Force WWW or non-WWW redirect
server {
listen 80;
listen [::]:80;
server_name testdomain.com www.testdomain.com;
include common/headers-http.conf;
return 301 $scheme://testdomain.com$request_uri;
}
# WebinolyWWWredirectEnd
# WebinolyNginxServerStart
server {
listen 80;
listen [::]:80;
server_name testdomain.com www.testdomain.com;
access_log /var/log/nginx/testdomain.com.access.log we_log;
error_log /var/log/nginx/testdomain.com.error.log;
root /var/www/maindomain.com/htdocs;
index index.php index.html index.htm;
include common/php.conf;
include common/locations.conf;
include common/headers-http.conf;
include common/headers-html.conf;
include /var/www/testdomain.com/*-nginx.conf;
}
# WebinolyNginxServerEnd
What the configuration file should be
I have to manually fix the config file to this to solve the problem, and to make the sudo site testdomain.com -ssl-on -root=maindomain.com works.
# WebinolyNginxServerStart
server {
listen 80;
listen [::]:80;
server_name testdomain.com;
access_log /var/log/nginx/testdomain.com.access.log we_log;
error_log /var/log/nginx/testdomain.com.error.log;
root /var/www/maindomain.com/htdocs;
index index.php index.html index.htm;
include common/php.conf;
include common/locations.conf;
include common/headers-http.conf;
include common/headers-html.conf;
include /var/www/maindomain.com/*-nginx.conf;
}
# WebinolyNginxServerEnd
I installed my wordpress website by simple command:
sudo site mysite.com -wp=custom
But when I check the redirection, the result show me that non-www always redirect to www (although in document show that: By default, Webinoly configures your site to accept both requests in your domain, that is, example.com and www.example.com will be both valid.).
I tried turn off redirection by running command:
sudo site mysite.com -force-redirect=off
But it show Force-Redirect is already disabled for site mysite.com
And another issue, If i use -force-redirect=www or -force-redirect=root, the result is OK but it show more:
Force-Redirection to WWW has been successfully enabled!
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
Hi, this is an excellent set of tools! I think it would be nice to be able to choose the directory where the site is serviced from.
So instead of htdocs the user can customise the directory name, e.g. public under /var/www/domain.com/. That would facilitate the use of webinoly for apps like laravel etc.
Thank you in advance!
Hi Christhian,
lib/site_ssl, site_ssl_on function:
Seems there should be nginx restart command after "15 3 * * 7 letsencrypt renew" in the cron job(?)
Or I'm missing something obvious?
w
Hi,
When using Firefox to browse the site command established website, a MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING problem will appear. The temporary solution is to add two parameters to /etc/nginx/sites-available/example.com as follows:
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 5s;
Could this problem be solved in the next version?
looking forward to your reply.
Scenario 1.
Running command "webinoly -verify" alerts of new version , with "-update" it updates. Apparently it works, but when going to upload a plugin or theme from the desktop it shows the error "Please choose a file".
Scenario 2.
A test server ubuntu 20.04 is installed and webinoly is installed, with the latest version a test wordpress is installed and again the same thing happens "Please choose a file" when trying to upload a plugin or theme.
I understand that it will not be a huge problem, something related to permissions or maybe a change in the code.
In the meantime I have restored the old backup and will not update the rest of the servers until I can solve it.
Line 649 in 13d9025
This seems dangerous and could lead to conflicts.
HTTPAUTH is not working in global mode.
But works well when use httpauth example.com -wp-admin=on command.
When I visit https://webinoly.com/support/ and click in top right corner, Registration, it doesn't work.
Hi,
it's possible to add alias domain support for webinoly?
Thanks!
I was getting some 504 errors when trying to import template sites into Wordpress. I eventually got it to work by changing fastcgi_read_timeout to a higher value in /etc/nginx/conf.d/fastcgi.conf.
I noticed that the default value in NGINX is 60s but you have it set to 30s. Any reason for hard coding it as 30s?
What is the best way of changing fastcgi_read_timeout without manually editing /etc/nginx/conf.d/fastcgi.conf?
Line 90 in 13d9025
Directly modifying and core files (especially fstab) sounds disastrous. A better solution might be to at least make a backup first. Optimally, not touching it at all.
Where does Webinoly store the mysql root password? It seems the one I had wrote down doesn't work and I changed it manually. Now functions are broken in webinoly as it is trying a bad password now.
It is easy to do, just take look at https://github.com/WordOps/WordOps/ repository.
Regards.
I've an issue last week implementing webinoly on production site.
After the installation and configuration of a WP site on Ubuntu 18.04 (AWS Lightsail - 4GB RAM - 2cores) all gone right, but 30hs after (aprox) the webserver could't conect to external services via curl nor wget. I realized that rebooting the server the problem was solved, so i've figured it out that the problem was a misconfiguration in the server.
Nginx max_cache was setted at 768mb and the /run have 400mb (where the ngingx cache stores). When the /run was out of space, the server could't execute curl nor wget commands, so rebooting the server cleans the /run.
The size of /run is setted by ubuntu and the value is calculated as the 10% of the RAM size.
So i've mannualy change the max_cache to 256mb, but maybe Webinoly have to do it automatically and set it up as the 5% of RAM amount.
request addition of entire site option for httpauth, as exists in Easy Engine
my workflow is incompatible with EE v4, so webinoly is the next best thing
...
Wait while Webinoly optimize your Ubuntu Operating System...
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 0.736476 s, 1.5 GB/s
Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)
no label, UUID=0b153488-de79-44cd-b60a-252af2978bd7
A new SWAP file (1Gb) has been created!
Timezone not found or not valid!
Only-Error Log was successfully enabled (global)!
All packages are up to date.
sudo: snap: command not found
sudo: snap: command not found
sudo: snap: command not found
[ERROR] Certbot installation failed! We will retry in a moment...(30s)
sudo: snap: command not found
sudo: snap: command not found
sudo: snap: command not found
[ERROR] Certbot installation failed! We will retry in a moment...(60s)
sudo: snap: command not found
sudo: snap: command not found
sudo: snap: command not found
[ERROR] Certbot installation failed! We will retry in a moment...(90s)
Let me also say that acme.sh would be a very good (better?) replacement.
Hi.
I have a redirect problem.
I created a domain with the command
> site dev.mysite.com -wp -cache=on -wp-cache-plugins=on
> site dev.mysite.com -ssl=on
> site dev.mysite.com -info
Type: WordPress
Status: Enabled
SSL: Let's Encrypt
Access Logs: false
Force Redirect: off
Size: 776MCache: true
Multisite: false
WP Auth: true
Debug: falseDatabase: localhost
DB Name: wp_mysite_com
DB User: wp_mysite_com
DB Prefix: wp_
After that I checked redirect:
http://dev.mysite.com ---> https://dev.mysite.com -> OK
https://www.dev.mysite.com ---> https://dev.mysite.com -> OK
http://www.dev.mysite.com ---> https://dev.mysite.com -> NOT OK. It shows me "Welcome to nginx!" Page
I can't use force-redirect option for subdomain
> site dev.mysite.com -force-redirect=root
[ERROR] Please, use the main/root domain, Force-Redirection should not be used in Subdomains!
Is there any plan to add/change the backup solution from duplicity to restic?
PS. I really enjoyed Webinoly! Backing up files with restic is much more convenient and secure with snapshots system.
When I try to forward a domain, it doesn't let me. Here's the command I'm running:
site mail.mydomain.com -forward=mail.mydomain.cloud -root=on
I get thw following error:
[ERROR] Invalid destination domain!
I know these are technically not domains, but subdomains, so maybe that's why it's happening. But it would be nice to redirect "anything" to "anywhere".
Another thing I'd like to do is redirect a domain or subdomain to a domain with a path. Example:
domain1.com -> domain2.com/news
Thanks.
I created site by sudo site domain -php -mysql and restore wordpress source code.
But after run -clone-from new site still using old datababse config.
Please help me
Hi,
The default installation for Ubuntu 16.04 with Nginx is recommended as certbot
https://certbot.eff.org/#ubuntuxenial-nginx
Is there a reason webinoly still uses letsencrypt? Is there a difference between the two? I understand that certbot is the "newer" version
Hello,
I often run the webinoly -server-reset after changing my VPS specs, and notice that the first 2 lines in https://github.com/QROkes/webinoly/blob/master/lib/webin#L313 are too slow.
I suggest that we should change these from:
sudo find /var/www ! -path "/var/www/\.*" -type d -exec chmod 755 {} \;
sudo find /var/www ! -path "/var/www/\.*" -type f -exec chmod 644 {} \;
To
sudo find /var/www ! -path "/var/www/\.*" -type d -print0 | sudo xargs -0 chmod 0755
sudo find /var/www ! -path "/var/www/\.*" -type f -print0 | sudo xargs -0 chmod 0644
For example, my /var/www folder currently has 134,091 files
I put current commands of webinoly to oldway.sh, my suggested commands to newway.sh and ran a simple time benchmark.
The result is my suggested ones run much much faster.
The user (woocommerce customer) can't logout because the httpauth login is showing up every time.
Issue:
When I run sudo webinoly -server-reset, the code print out 2 missing errors:
cat: /opt/webinoly/templates/source/php.ini: No such file or directory
cat: /opt/webinoly/templates/source/www.conf: No such file or directory
Then it wiped out these files to zero byte:
/etc/php/7.2/fpm/php.ini
/etc/php/7.2/fpm/pool.d/www.conf
My system is Ubuntu 18.04, installed by the default command wget -qO weby qrok.es/wy && sudo bash weby 3
My /opt/webinoly/webinoly.conf
pre-packs:true
nginx-ppa:stable
nginx:true
tools-port:22222
nginx-tool:true
php-ver:7.2
php:true
php-v7.2:true
php-tool:true
mysql-client:true
mysql-root:NjBCVzJkYm4K
mysql-admin:NEdBeFZLeWkK
mysql:true
mysql-tool:true
wp-admin-auth:purged
app-version:1.6.0
server-version:1.2
nginx-optim:true
swap-owner:system
linux-optim:true
php-optim:true
status-api:ip4
I update Webinoly from v1.6.2 to v1.7.0. All the sites are not accessible and return 404 error except the index page.
I rechecked the config file and noticed that the location file above has $uri =404 in the location /.
I removed that part and all the sites work normally. I do not know if this is a feature or a bug?
Hello,
When doing nginx -t or nginx -s reload, nginx reports many warnings about
nginx: [warn] could not build optimal fastcgi_params_hash, you should increase either fastcgi_params_hash_max_size: 512 or fastcgi_params_hash_bucket_size: 64; ignoring fastcgi_params_hash_bucket_size
I have been facing this warning of Nginx for a very long time. I have do the search on Google but can not find any solutions for this issue, and see that there are a few people encountered this one and they are also using Webinoly.
All of my servers are having this issue, even after removing all the website and carefully compare the current nginx configuration versus the newly installed Webinoly instance.
I deleted all the websites & domains, then exported the current nginx config using nginx -T > out,conf command and attached the file content at the end of this post.
It still reports the warning even there is no website loaded. I have no idea about this, what do you think?
People that are having the issue:
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
worker_rlimit_nofile 787794;
pid /run/nginx.pid;
events {
worker_connections 8192;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
reset_timedout_connection on;
send_timeout 15;
keepalive_timeout 15;
client_body_buffer_size 128k;
client_max_body_size 128m;
client_body_timeout 15;
client_header_timeout 15;
open_file_cache_valid 3m;
open_file_cache max=262598 inactive=5m;
types_hash_max_size 2048;
server_names_hash_max_size 2048;
# server_name_in_redirect off;
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=wp:10m rate=5r/s;
include /etc/nginx/mime.types;
include common/headers-http.conf;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_buffer_size 4k;
ssl_session_tickets off;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:50m;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
open_log_file_cache max=1000 inactive=30s valid=1m;
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component text/xml text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/common/headers-http.conf:
add_header X-Cache-Status $upstream_cache_status;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# configuration file /etc/nginx/conf.d/blockips.conf:
# Block IP Address - (deny 1.1.1.1;)
# configuration file /etc/nginx/conf.d/fastcgi.conf:
# FastCGI cache settings
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m max_size=769m inactive=1w;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
fastcgi_cache_valid 200 10d;
fastcgi_cache_valid 301 302 307 404 410 5m;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_keep_conn on;
fastcgi_cache_background_update on;
fastcgi_read_timeout 30s;
# configuration file /etc/nginx/conf.d/upstream.conf:
# Common upstream settings
upstream php {
server 127.0.0.1:9000;
}
upstream debug {
server 127.0.0.1:9001;
}
# configuration file /etc/nginx/sites-enabled/22222:
# Webinoly Admin-Tools NGINX CONFIGURATION
# WebinolyNginxServerStart
server {
listen 22222 default_server deferred;
listen [::]:22222 default_server;
access_log /var/log/nginx/22222.access.log we_log;
error_log /var/log/nginx/22222.error.log;
root /var/www/22222/htdocs;
index index.php index.htm index.html;
# Turn on directory listing
autoindex on;
# HTTP Authentication on port 22222
include common/auth.conf;
include common/acl.conf;
# PHP Support
include common/php.conf;
include common/locations.conf;
# Status pages
location = /nginx_status {
stub_status on;
access_log off;
}
location ~ ^/(status|ping)$ {
include fastcgi_params;
fastcgi_pass php;
}
# Display menu at location /fpm/status/
location = /fpm/status/ {}
location ~ /fpm/status/(.*) {
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /status;
fastcgi_pass $1;
}
# phpMyAdmin protection
location ~ ^/pma/(libraries|templates) {
autoindex off;
deny all;
access_log off;
log_not_found off;
}
}
# WebinolyNginxServerEnd
# configuration file /etc/nginx/common/auth.conf:
set $authfile ".htpasswd";
if ( -f /etc/nginx/apps.d/.htpasswd-$server_name ) {set $authfile "apps.d/.htpasswd-$server_name";}
# configuration file /etc/nginx/common/acl.conf:
# Webinoly protect locations
# HTTP authentication || IP address
satisfy any;
auth_basic "Restricted Area";
auth_basic_user_file $authfile;
# Allowed IP Address List
include apps.d/*-acl.conf;
allow 127.0.0.1;
deny all;
# configuration file /etc/nginx/common/php.conf:
# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_PROXY "";
# configuration file /etc/nginx/common/locations.conf:
# NGINX CONFIGURATION FOR COMMON LOCATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
# Basic locations files
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
include common/headers-http.conf;
include common/headers-https.conf;
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.well-known {
allow all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny backup extensions & log files
location ~* ^.+\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$ {
deny all;
access_log off;
log_not_found off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
return 403;
}
# configuration file /etc/nginx/common/headers-https.conf:
# Be aware that inclusion in the preload list cannot easily be undone.
# Don't request inclusion unless you're sure that you can support HTTPS for your entire site and all its subdomains the long term.
# https://hstspreload.org/
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Strict-Transport-Security "max-age=63072000" always;
# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Application versions:
root@localhost:/etc/nginx/sites-available# nginx -v
nginx version: nginx/1.15.8
root@localhost:/etc/nginx/sites-available# php -v
PHP 7.3.9-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Sep 2 2019 12:54:24) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.9, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.9-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
root@localhost:/etc/nginx/sites-available# php-fpm7.3 -v
PHP 7.3.9-1+ubuntu18.04.1+deb.sury.org+1 (fpm-fcgi) (built: Sep 2 2019 12:54:24)
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.9, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.9-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
Hi,
File upload of larger than 1MB file gives Nginx 413 Error. Max file upload limit is set 200MB.
Did Nginx, php-fpm and ever server reboot.
Still not working.
So I created a site example.com and issued a Wildcard certificate. I then created another site sub.example.com. And I added it to the wildcard certificate. That went well. I wanted to make sure that tools on port 22222 are only accessible on the subdomain.
sudo webinoly -tools-site=sub.example.com
This creates an error in Nginx as it fails to ascertain the fact that the domain isn't pointing to a site specific certificate. It creates TLS entries pointing to non-existant certs in Nginx. The result is a configuration failure.
Possible solutions
Solution two is cleaner and would create less headaches I think. Naturally, there should be a way to clean up and delete the link if we delete the site for example.
I am using some plugin that has separate configurations for Desktop and Mobile view. The issue here is Webinoly only cache the first visit, and it causes page break on Mobile if Desktop version was cached and vice versa.
I did some research and found some ways to include an additional parameter to cache pages on desktop and mobile separately. I can edit the config file to make it works, but I hope Webinoly should consider adding this feature to support the mobile caching better.
Thanks.
Does this webinoly support bedrock wordpress structure. The benefit having bedrock, is that it is more stable if you want to implement git on your site. Anyone tried it yet?
Wordpress 5.6 introduces a new way to communicate with its REST API called Applications Passwords.
It seems Webinoly is not compatible with this feature.
I always get the message Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords even if I deactivate httpauth.
Hi
I have two wordpress sites and I am using webinoly.My second site is redirecting to first site.Please let me know what I am missing or doing wrong.
Just discovered this tool and I am wondering why the CLI commands are not namespaced to a common name such as noly or webinoly? That way when I am issuing a command via the terminal I'll know which tool on my server will respond.
BTW... the forum registration seems to be protected by password auth when I try to register.
Hi, Thank you for your awesome work. I would like to ask if it's possible to have native support for SEOPress in nginx conf.
Currently, i have to add all the code below manually for each website.
location ~ ([^/])sitemap(.).x(m|s)l$ {
## SEOPress
rewrite ^/sitemaps.xml$ /index.php?seopress_sitemap=1 last;
rewrite ^/sitemaps/news.xml$ /index.php?seopress_news=$1 last;
rewrite ^/sitemaps/video.xml$ /index.php?seopress_video=$1 last;
rewrite ^/sitemaps_xsl.xsl$ /index.php?seopress_sitemap_xsl=1 last;
rewrite ^/sitemaps/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?seopress_cpt=$1&seopress_paged=$2 last;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
##SEOPress
rewrite ^/robots.txt$ /index.php?seopress_robots=1 last;
}
Hope you can do something about it. Thank you again for your time.
Hello, after a few weeks using the script, I found that it would be very nice to have some additional features like:
reset-owner and reset-permission to reset the owner and permission of all files to www-data:www-data and 755 for the folders, 644 for the files when we encountered the permission problem (by modifying stuff with other users).Thank you for such a nice script!
Is there any plan to implement Fail2ban for Nginx?
Hello,
I think the script should let each website run on a different user and php-fpm pool for security purpose.
It's also nice to have new user created and setup for each new website when it had been added.
Hi
When using the co.za tld i get an error saying that i am using a subdomain.
For example i cant force redirection to non www sites. i get this error:
[ERROR] Please, use the main/root domain, Force-Redirection should not be used in Subdomains!
Is there a workaround for this in the meantime
Thanks
Looks like an Ubuntu-based server is assumed, but no checks are present to detect if it is or not.
First of all, thanks for all the effort put into this tool. I came across an issue with the new redirection manager feature: I have a main site example.com which I want to redirect to a subdomain: my.example.com. I try to achieve this by issuing the command:
sudo site example.com -redirection
but this results in:
[ERROR] Site example.com doesn't exists, please enter a valid domain name!
Also something like
sudo site example.com -redirection -from=/ -to=https://my.example.com
results in the same error. I also tried to create the example.com as an empty html page. But also no luck. Would be great to have some feedback regarding this issue.
Line 65 in 13d9025
This assumes they're running Xenial, but they could be running other flavors. Might be a good idea to detect this and set dynamically.
The repo source could probably be better too. Something more well-known?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.