Giter VIP home page Giter VIP logo

ns8-webserver's Introduction

ns8-webserver

This module use nginx and php-fpm to make a a linux apache mysql (see ns8-mariadb) and php

local database

We use local database to store configuration, you can find it /home/webserver*/.config/state/databases/vhosts/*.ini, the TCP port of php-fpm which is unique, is used as an ID, so the first vhost configuration databse will be at

/home/webserver*/.config/state/databases/vhosts/9001.ini

Manual customisation can be added to

nginx: add a dyn-9001.custom to /home/webserver*/.config/state/conf.d/ php-fpm: add dyn-9001.custom to /home/webserver*/.config/state/php{php version}-fpm-custom.d/ for example `/home/webserver*/.config/state/php7.4-fpm-custom.d/

sftpgo

Sftpgo is used to upload files to the webserver, once the webserver module is installed the default password and user are admin:admin at http://foo.com/sftpgo/, think to change it

When you create a virtualhost, a user called by the ID of the virtualhost (its tcp port php-fpm number), the first one is 9001. A default password is created with the ID of the user, the first one is 9001, you can modify it inside the web client or admin UI

We ask to traefik an external port to use it with sftp, see the Env var : SFTP_TCP_PORT

If you want to upload files to the virtualhost: sftp -P SFTP_TCP_PORT [email protected]

Create API key

Sftpgo has a rest api that we can use by an API key, this is how we created it

  • drop a default configuration with /home/webserver*/.config/state/sftpgo.conf.d/admin.json when we create the sftpgo container
  • create with imageroot/actions/create-module/60sftpgo_create_secret the short lived token, then ask the API_key
  • store the API_KEY to /home/webserver*/.config/state/sftpgo.conf.d/API_KEY

The API_KEY is asked to do all administrative tasks

https://sftpgo.stoplight.io/docs/sftpgo

Install

Instantiate the module with:

add-module ghcr.io/nethserver/webserver:latest 1

The output of the command will return the instance name. Output example:

{"module_id": "webserver1", "image_name": "webserver", "image_url": "ghcr.io/nethserver/webserver:latest"}

Let's assume that the webserver instance is named webserver1.

Configure

We use a software called sftpgo as a sftp server to upload web content to the webserver module. default URL is http://foo.com/sftpgo but you can modify it

Launch configure-module, by setting the following parameters:

  • path:
  • http2https: <true|false>

Example:

api-cli run  configure-module --agent module/webserver1 --data - <<EOF
{ 
"path":"/sftpgo",
"http2https": true
}
EOF

The above command will:

  • start and configure the sftpgo instance
  • force http to https

Send a test HTTP request to the webserver backend service:

curl http://127.0.0.1/sftpgo/

Create vhost

a vhost can be created by the api-cli command

We use a container with nginx and another container for the php-fpm configuration (actually availlable PHP 7.4,8.0,8.1)

Launch create-vhost, by setting the following parameters:

  • PhpVersion: Set the version of php needed, can be ''(no php), 7.4,8.0,8.1
  • ServerNames: set the domain name of the vhost, it must be an array
  • MemoryLimit: This sets the maximum amount of memory that a script is allowed to allocate. use MB
  • AllowUrlfOpen : This option enables the URL-aware fopen wrappers that enable accessing URL object like files. use enabled|disabled
  • UploadMaxFilesize: The maximum size of an uploaded file. use MB
  • PostMaxSize: Sets max size of post data allowed. use MB
  • MaxExecutionTime: This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. use 0 (unlimited) or the time in second
  • MaxFileUploads: The maximum number of files allowed to be uploaded simultaneously. use MB
  • lets_encrypt: Use let'encrypt or self signed certificate: use true|false
  • http2https: force the redirection to https. use true|false
  • Indexes: List the files inside the webroot folder. use enabled|disabled
  • status: enable the virtualhost in the configuration of nginx and php-fpm: use enabled|disabled

Example:

api-cli run  create-vhost --agent module/webserver1 --data - <<EOF
{ 
"PhpVersion": "7.4", 
"ServerNames": ["toto.com","foo.com"],
"MemoryLimit": 512,
"AllowUrlfOpen": "disabled",
"UploadMaxFilesize": 4,
"PostMaxSize": 8,
"MaxExecutionTime":0,
"MaxFileUploads":20,
"lets_encrypt": false,
"http2https": true,
"Indexes": "disabled",
"status": "enabled"
}
EOF

The above command will:

  • start and configure the vhost with two domain names
  • force http to https
  • set the php version to 7.4
  • set php MemoryLimit to 512MB
  • set php AllowUrlfOpen to disabled
  • set php UploadMaxFilesize to 4MB
  • set php PostMaxSize to 8MB
  • set php MaxExecutionTime to 0 (unlimited)
  • set php MaxFileUploads to 20
  • set letsencrypt certificate to false
  • set force http to https
  • set web indexes enabled
  • enable the vhost in the nginx configuration

update vhost

a vhost can be updated by the api-cli command, the old route to traefik will be removed then the new routes will be added

We need to know what virtualhost configuration we will modify, therefore we use the TCP php-fpm port as the ID of the virtualhost. The TCP port of the php-fpm port is unique, each virtualhost gets a nex tcp port number

Launch update-vhost, by setting the following parameters:

  • port: The tcp port of php-fpm, it is used as an ID for the virtualhost
  • PhpVersion: Set the version of php needed, can be ''(no php), 7.4,8.0,8.1
  • ServerNames: set the domain name of the vhost, it must be an array
  • MemoryLimit: This sets the maximum amount of memory that a script is allowed to allocate. use MB
  • AllowUrlfOpen : This option enables the URL-aware fopen wrappers that enable accessing URL object like files. use enabled|disabled
  • UploadMaxFilesize: The maximum size of an uploaded file. use MB
  • PostMaxSize: Sets max size of post data allowed. use MB
  • MaxExecutionTime: This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. use 0 (unlimited) or the time in second
  • MaxFileUploads: The maximum number of files allowed to be uploaded simultaneously. use MB
  • lets_encrypt: Use let'encrypt or self signed certificate: use true|false
  • http2https: force the redirection to https. use true|false
  • Indexes: List the files inside the webroot folder. use enabled|disabled
  • status: enable the virtualhost in the configuration of nginx and php-fpm: use enabled|disabled

Example:

api-cli run  update-vhost --agent module/webserver1 --data - <<EOF
{ 
"PhpVersion": "8.1", 
"ServerNames": ["toto.com","foo.com"],
"MemoryLimit": 512,
"AllowUrlfOpen": "enabled",
"UploadMaxFilesize": 4,
"PostMaxSize": 8,
"MaxExecutionTime":0,
"MaxFileUploads":20,
"Port":9001,
"lets_encrypt": false,
"http2https": true,
"Indexes": "disabled",
"status": "enabled"
}
EOF

The above command will:

  • modify the virtualhost with the ID 9001 ("Port":9001)
  • start and configure the vhost with two domain names
  • force http to https
  • set the php version to 8.1
  • set php MemoryLimit to 512MB
  • set php AllowUrlfOpen to enabled
  • set php UploadMaxFilesize to 4MB
  • set php PostMaxSize to 8MB
  • set php MaxExecutionTime to 0 (unlimited)
  • set php MaxFileUploads to 20
  • set letsencrypt certificate to false
  • set force http to https
  • set web indexes disabled
  • enable the vhost in the nginx configuration

destroy vhost

You can remove a vhost, we need to knwo the ID of the virtualhost and the domain names

Launch destroy-vhost, by setting the following parameters:

  • Port: The tcp port of php-fpm, it is used as an ID for the virtualhost
  • ServerNames: it is the domain name of the vhost, it must be an array

Examples:

api-cli run  destroy-vhost --agent module/webserver1 --data - <<EOF
{ 
"ServerNames": ["toto.com","foo.com"],"port":9101
}
EOF

It will destroy the vhost with the ID 9001 and it will remove the traefik routes ["toto.com","foo.com"]

get the configuration

You can retrieve the configuration with

api-cli run get-configuration --agent module/webserver1 --data null | jq
Warning: using user "cluster" credentials from the environment
{
  "virtualhost": [
    {
      "ServerNames": [
        "toto.be",
        "foo.be"
      ],
      "Port": 9001,
      "PhpVersion": "7.4",
      "memorylimit": 512,
      "allowurlfopen": "disabled",
      "uploadmaxfilesize": 4,
      "postmaxsize": 8,
      "maxexecutiontime": 0,
      "maxfileuploads": 20,
      "Indexes": "disabled",
      "status": "enabled",
      "name": "9001"
    },
    {
      "ServerNames": [
        "toto.fr",
        "foo.fr"
      ],
      "Port": 9002,
      "PhpVersion": "",
      "memorylimit": 512,
      "allowurlfopen": "disabled",
      "uploadmaxfilesize": 4,
      "postmaxsize": 8,
      "maxexecutiontime": 0,
      "maxfileuploads": 20,
      "Indexes": "disabled",
      "status": "enabled",
      "name": "9002"
    }
  ],
  "sftp_tcp_port": 20029,
  "path": "/sftpgo",
  "http2https": true
}

Uninstall

To uninstall the instance:

remove-module --no-preserve webserver1

Testing

Test the module using the test-module.sh script:

./test-module.sh <NODE_ADDR> ghcr.io/nethserver/webserver:latest

The tests are made using Robot Framework

ns8-webserver's People

Contributors

andre8244 avatar gsanchietti avatar stephdl avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.