Verified Commit 875c458f authored by Andri Steiner's avatar Andri Steiner
Browse files

opensource/puppet-modules#739 update content

parent 5bf9d705
.. index::
twin: Server; SSH Client Configuration
pair: Server; SSH Client Configuration
:name: server-ssh
========================
......
......@@ -177,7 +177,7 @@ To load *phpredis* in your environment, specify the extenion in ``~/cnf/php.ini`
extension = redis.so
.. hint:: For details, see :ref:`custom PHP configuration <website_php.ini>`.
.. hint:: For details, see :ref:`custom PHP configuration <website-advanced-php>`.
Debugging
~~~~~~~~~
......
......@@ -8,8 +8,9 @@ Means to Access Your Server
SSH
---
Your server is accessible trough SSH by default. There are no personal
SSH login users supported to ensure uniformity between SSH and web actions.
Your server is accessible trough SSH by default.
To ensure uniformity between SSH and web actions, there are no personal
SSH login users created. Log in with the desired websites user instead.
.. hint:: for security reasons, we allow key based logins only
......
......@@ -37,7 +37,7 @@ Utilization
-----------
.. index::
tripe: Server; Monitoring; Netdata
triple: Server; Monitoring; Netdata
:name: monitoring_netdata
Netdata
......
......@@ -7,6 +7,8 @@ Here, we document possible website configuration options which you won't need on
.. toctree::
:maxdepth: 1
nginx
previewuser
php
whitelabel
.. index::
triple: Website; Custom Configuration; nginx
:name: website-advanced-nginx
=====
nginx
=====
You can add specific configurations to nginx on serveral levels.
.. index::
triple: Website; nginx; Website Level Configuration
:name: website-advanced-nginx_website
Website Level
=============
The file ``~/cnf/nginx.conf`` will be included within the ``server {}`` configuration
of the current vhost. It is used to alter the configuration of the current website.
.. tip:: After changes, reload nginx with the ``nginx-reload`` shortcut.
.. tip::
For Details, see the `Server Block Examples <http://wiki.nginx.org/ServerBlockExample>`__ and
`Rewrite Rule <http://wiki.nginx.org/HttpRewriteModule#rewrite>`__ documentation
Examples
--------
Add Basic Auth to Location
~~~~~~~~~~~~~~~~~~~~~~~~~~
::
location ~* "^/example/" {
auth_basic "Example name";
auth_basic_user_file /home/user/www/example/.htpasswd;
root /home/user/www/;
}
IP Protection
~~~~~~~~~~~~~
::
allow <your-address>;
allow 2a04:503:0:102::2:4;
allow 91.199.98.23;
deny all;
Custom MIME Type
~~~~~~~~~~~~~~~~
::
include mime.types;
types {
text/cache-manifest appcache;
}
Context Specific
----------------
While the main configuration should go into ``~/cnf/nginx.conf``, you can also use :ref:`website-context` specific
files which are taken into account when the repsective context is used only:
* ``~/cnf/nginx-prod.conf``
* ``~/cnf/nginx-stage.conf``
* ``~/cnf/nginx-dev.conf``
These files will be loaded, but are not created by default.
.. index::
triple: Website; nginx; Server Level Configuration
:name: website-advanced-nginx_server
Server Level
============
The file ``/etc/nginx/custom/http.conf`` is directly integrated in ``http { }``,
before ``server { }`` and can only be edited with the :ref:`access_devop` user.
You can use this file for settings that must be configured at nginx http context.
.. index::
triple: Website; nginx; Custom Configuration Include
:name: website-advanced-nginx_include
Custom Configuration Include
============================
Include your own, external configuration files within ``server { }`` or ``http { }``
by including the following configuration to your server's ``Custom JSON``:
.. code-block:: json
{
"nginx::global_config::server_file": "/absolut/path/to/your/server.conf",
"nginx::global_config::http_file": "/absolut/path/to/your/http.conf"
}
.. tip:: This is especially useful, when you deploy your own configuration with :ref:`globalrepo`.
.. index::
triple: Website; nginx; Webroot
:name: website-advanced-nginx_webroot
Custom Webroot
==============
By default, the webroot directory is choosen according vendor recommendations,
depending on the selected type. Some deployment workflows require other locations,
which you can select through the ``custom_webroot`` string within the
`Custom JSON` :ref:`customjson_website`:
.. code-block:: json
{
"custom_webroot": "deploy/current/html"
}
.. warning::
The directory specified here needs to be a real directory. **Symlinks are not allowed**.
This applies only to the last directory though (in the example above, ``current`` can be
a symlink but ``html`` cannot).
.. index::
triple: Website; nginx; Log Format
:name: website-advanced-nginx_logformat
Custom Log Format
=================
To alter the format used for nginx access logs, for example due to privacy reasons,
you can use the ``website::wrapper::nginx::log_format`` string within the
`Custom JSON` :ref:`customjson_server`.
This configuration is only available globally for all websites on a server,
to change to default `combined` format to replace the actual visitors
ip address with 127.0.0.1, use the following example:
.. code-block:: json
{
"website::wrapper::nginx::log_format": "127.0.0.1 - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\""
}
.. index::
triple: Website; Custom PHP Configuration; php.ini
:name: website-advanced-php
===
PHP
===
* you can set custom PHP configurations trough the ``~/cnf/php.ini`` file
* see the `PHP Documentation <http://php.net/manual/en/configuration.file.per-user.php>`__ for details.
.. tip:: Reload PHP after changes by using the ``php-reload`` shortcut.
Examples
========
::
memory_limit = 1G
extension = ldap.so
.. tip:: list available extensions in ``/opt/php/php72/lib/php/extensions/no-debug-non-zts-20170718/``
......@@ -15,11 +15,13 @@ To create a new website, there are only a few settings required:
* `context` will define the context used within your application and
is also used to set some default settings (see :ref:`website-context`)
* (optional) a `server name` when your website must listen to other
hostnames than the default one (see :ref:`website_servername`)
hostnames than the default one
You can find this and all other, non-mandatory settings within this chapter:
After creating, you can log into your newly created website by using
the websites name as SSH username (see :ref:`access-ssh`).
.. toctree::
:caption: Settings
:maxdepth: 2
name
......@@ -320,155 +322,6 @@ Note: the default zone is "small" and will fit most use cases
Custom configuration
--------------------
nginx
^^^^^
You can add specific configurations like redirects or headers within the
``~/cnf/`` directory.
.. warning:: You have to reload nginx after changes with the ``nginx-reload`` shortcut
~/cnf/nginx.conf
^^^^^^^^^^^^^^^^
Included within the server block and used to configure specific
redirects, enable gzip and other stuff directly in the nginx.conf.
::
if ($http_host = www.example.net) {
rewrite (.*) http://www.example.com;
}
or you can password protect a subdirectory:
::
location ~* "^/example/" {
auth_basic "Example name";
auth_basic_user_file /home/user/www/example/.htpasswd;
root /home/user/www/;
}
or add a IP protection:
::
allow <your-address>;
allow 2a04:503:0:102::2:4;
allow 91.199.98.23;
deny all;
.. hint:: Always allow access from `91.199.98.23` and `2a04:503:0:102::2:4` (monitoring)
or add custom MIME types:
::
include mime.types;
types {
text/cache-manifest appcache;
}
if you like to run PHP in this subdirectory, don't forget to add this
nested in the location section from the example on top:
::
location ~ \.php {
try_files /dummy/$uri @php;
}
.. hint:: for Details, see the `Server Block Examples <http://wiki.nginx.org/ServerBlockExample>`__ and `Rewrite Rule <http://wiki.nginx.org/HttpRewriteModule#rewrite>`__ documentation
~/cnf/nginx-prod.conf
^^^^^^^^^^^^^^^^^^^^^
Included within the server block on each website with environment set to PROD. For configuration examples, see the description of `~/cnf/nginx.conf`_ above.
~/cnf/nginx-stage.conf
^^^^^^^^^^^^^^^^^^^^^^
Included within the server block on each website with environment set to STAGE. For configuration examples, see the description of `~/cnf/nginx.conf`_ above.
~/cnf/nginx-dev.conf
^^^^^^^^^^^^^^^^^^^^
Included within the server block on each website with environment set to DEV. For configuration examples, see the description of `~/cnf/nginx.conf`_ above.
~/cnf/nginx\_waf.conf
^^^^^^^^^^^^^^^^^^^^^
Configure WAF exeptions here, see `Web Application Firewall`_ for details.
/etc/nginx/custom/http.conf
^^^^^^^^^^^^^^^^^^^^^^^^^^^
This file is directly integrated in ``http { }``, before ``server { }`` and can only be edited with the ``devop`` user. You can use this file for settings that must be configured at nginx http context.
custom configuration include
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Include your own, external configuration files within ``server { }`` or ``http { }`` by including the following configuration to your server's ``Custom JSON``:
* server level: set ``nginx::global_config::server_file``
* http level: set ``nginx::global_config::http_file``
.. warning:: if the configured files can not be found, the webserver will not be able to start.
::
"nginx::global_config::server_file": "/absolut/path/to/your/file.conf"
.. hint:: with this setting, you can deploy own, system wide configuration files from a Git repository. See :ref:`globalrepo` for details.
custom webroot
^^^^^^^^^^^^^^
By default, the webroot directory location is choosen according vendor recommendations,
depending on the selected type.
Some deployment workflows require other locations, which you can select through the
`custom_webroot` parameter, relative to the home directory.
.. warning:: by now, the directory specified here needs to be a real directory (**no symlinks allowed**)
.. code-block:: json
{
"custom_webroot": "deploy/current/html"
}
custom log format
^^^^^^^^^^^^^^^^^
To alter the format used for nginx access logs, for example due to privacy reasons, you can use the ``website::wrapper::nginx::log_format`` configuration.
This configuration is only available globally for all websites on a server, to change to default "combined" format to replace the actual visitors ip address with 127.0.0.1, use the following example:
::
"website::wrapper::nginx::log_format": "127.0.0.1 - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\""
.. index::
triple: Website; Custom PHP Configuration; php.ini
:name: website_php.ini
PHP
^^^
You can set custom PHP configurations trough the ``~/cnf/php.ini`` file.
See the `PHP Documentation <http://php.net/manual/en/configuration.file.per-user.php>`__ for details.
.. warning:: You have to reload php after changes with the ``php-reload`` shortcut
::
memory_limit = 1G
extension = ldap.so
.. hint:: list available extensions in ``/opt/php/php72/lib/php/extensions/no-debug-non-zts-20170718/``
node
^^^^
......
......@@ -2,12 +2,210 @@
pair: Website; Type
:name: website-type
====
Type
====
You have to define one of the following types for each website.
The selected `type` will determine the configuration of your website.
Basic Types
===========
To run your own application with a certain technology stack, use one
of our basic types.
.. index::
triple: Website; Type; Docker
:name: website-type_docker
Docker
------
This Type is used to run your own Docker container behind a website acting
as reverse proxy.
* a website type :ref:`website-type_proxy` is configured
* Docker will be installed and configured
* created website user is member of the `docker` group and thus allowed
to execute ``docker`` commands
.. tip:: Also take a look at our How-to :ref:`howto-docker`.
.. index::
triple: Website; Type; HTML
:name: website-type_html
HTML
----
Used to create a HTML only website with no dynamic processing altogether.
.. index::
triple: Website; Type; Node.js
:name: website-type_nodejs
Node.js
-------
* your Node.js application is run with a daemon on controlled by Monit
* select custom node version trough `nvm <https://github.com/creationix/nvm#usage>`__, by default, the latest node lts version is installed
* nodejs has to listen on the ``~/cnf/nodejs.sock`` socket, permission ``660``
* symlink your app.js to ``~/app.js`` or overwrite path or other daemon
options in ``OPTIONS`` at ``~/cnf/nodejs-daemon``:
::
OPTIONS="/home/nodejs/application/app.js --prod"
.. tip:: to control the nodejs daemon, use the ``nodejs-restart`` shortcut
.. index::
triple: Website; Type; PHP
:name: website-type_php
PHP
---
* PHP installed and running as FPM service included in nginx
* you can select the desired version at the `Advanced` tab
* for custom configurations, see :ref:`website-advanced-php`
Python
------
* uWSGI Daemon (Symlink your appropriate wsgi configuration to ``~/wsgi.py``)
* Python virtualenv ``venv-<sitename>`` configured within uWSGI and the user login shell
.. hint:: To control the uwsgi daemon, use the ``uwsgi-reload`` and ``uwsgi-restart`` shortcuts.
.. index::
triple: Website; Type; Proxy
:name: website-type_proxy
Proxy
-----
* nginx website configured as reverse proxy
* select the desired backend with the `Proxy Pass` setting
.. tip::
To use advanced features like multiple backends, create your own upstream configuration in ``/etc/nginx/custom/http.conf`` and point ``proxy_pass`` to it.
See :ref:`website-advanced-nginx_server` nginx configuration.
.. index::
triple: Website; Type; Redirect
:name: website-type_redirect
Redirect
--------
* to redirects everything to a custom target
* set `Target` to your desired destination
* by default, we send a 307 HTTP redirect code
To use your own redirect code, add the ``target_code`` string within the
`Custom JSON` :ref:`customjson_website`:
.. code-block:: json
{
"target_code": "301"
}
.. hint:: You can use any nginx variable as target (for example ``$scheme://www.example.com$request_uri``), see the `nginx Documentation <http://nginx.org/en/docs/varindex.html>`__ for available variables.
.. index::
triple: Website; Type; Ruby
:name: website-type_ruby
Ruby
----
* ruby rbenv configured within foreman and the user login shell
* foreman daemon, controlled by Monit
* ruby has to listen on the ``~/cnf/ruby.sock`` socket, permission ``660``
* symlink your Procfile to ``~/`` or overwrite path or other daemon
options in ``OPTIONS`` at ``~/cnf/ruby-daemon``:
::
OPTIONS="start web -f project/Procfile"
.. tip:: To control the ruby daemon, use the ``ruby-start`` / ``ruby-stop`` / ``ruby-restart`` shortcuts.
Application Types
=================
We provide elaborated types for certain web applications. If your desired
application is amongst them, we recommend to use them instead of a basic
type.
.. index::
triple: Website; Type; Magento 1
:name: website-type_magento1
Magento 1
---------
.. index::
triple: Website; Type; Magento 2
:name: website-type_magento2
Magento 2
---------
.. index::
triple: Website; Type; Neos
:name: website-type_neos
Neos
----
.. index::
triple: Website; Type; TYPO3 6
:name: website-type_typo3v6
TYPO3 v6
--------
.. index::
triple: Website; Type; TYPO3 7
:name: website-type_typo3v7
TYPO3 v7
--------
.. index::
triple: Website; Type; TYPO3 8
:name: website-type_typo3v8
TYPO3 v8
--------
.. index::
triple: Website; Type; TYPO3 9
:name: website-type_typo3v9
TYPO3 v9
--------
.. index::
triple: Website; Type; TYPO3 10
:name: website-type_typo3v10
TYPO3 v10
---------
.. index::
triple: Website; Type; Wordpress
:name: website-type_wordpress
Wordpress
---------
.. note:: If you need a type not mentioned here yet, do not hesitate to contact us
typo3cmsv10 (Alpha)
^^^^^^^^^^^^^^^^^^^
......@@ -108,7 +306,7 @@ neos
- ~/web
- PHP and nginx settings adjusted to Neos requirements
- ``FLOW_CONTEXT`` set according the selected context (see :ref:`website_context`)
- ``FLOW_CONTEXT`` set according the selected context (see :ref:`website-context`)
- ``FLOW_REWRITEURLS`` enabled
required configuration
......@@ -179,42 +377,6 @@ wordpress
.. hint:: Please disable the built in HTTP call to wp-cron.php by setting ``define('DISABLE_WP_CRON', true);``. This additional call is not necessary and disabling it will lower the load on your system.
.. index::
triple: Website; Type; PHP 7.2
:name: website_type-php72
php72
^^^^^
.. list-table::
* - Web server
- nginx with ModSecurity WAF and core rule set
* - runtime environment
- PHP 7.2
* - Database
- Optional: MySQL, MongoDB or PostgreSQL
* - Default webroot
- ~/www
.. index::
triple: Website; Type; PHP 7.1
:name: website_type-php71
php71
^^^^^
.. list-table::
* - Web server
- nginx with ModSecurity WAF and core rule set
* - runtime environment
- PHP 7.1
* - Database
- Optional: MySQL, MongoDB or PostgreSQL
* - Default webroot
- ~/www
html