[icinga-checkins] icinga.org: icinga-web/master: contrib: add nginx config by Francisco Miguel Biete #2253

git at icinga.org git at icinga.org
Wed Oct 3 19:53:26 CEST 2012


Module: icinga-web
Branch: master
Commit: b77c7e699292501692821ac664d8358bc554ce39
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=b77c7e699292501692821ac664d8358bc554ce39

Author: Michael Friedrich <michael.friedrich at gmail.com>
Date:   Wed Oct  3 19:52:19 2012 +0200

contrib: add nginx config by Francisco Miguel Biete #2253

this was taken directly from https://dev.icinga.org/issues/2253
please ask Francisco directly for support questions.

refs #2253

---

 contrib/nginx/README.nginx                     |   83 ++++++++++++++++++++++++
 contrib/nginx/icinga-web.vhost                 |   33 +++++++++
 contrib/nginx/nginx.icinga-web.conf            |   51 +++++++++++++++
 contrib/nginx/nginx.nagiosbp.conf              |   19 ++++++
 contrib/nginx/nginx.pnp4nagios_icinga-web.conf |   22 ++++++
 contrib/nginx/nginx.security.conf              |   19 ++++++
 6 files changed, 227 insertions(+), 0 deletions(-)

diff --git a/contrib/nginx/README.nginx b/contrib/nginx/README.nginx
new file mode 100644
index 0000000..b74053c
--- /dev/null
+++ b/contrib/nginx/README.nginx
@@ -0,0 +1,83 @@
+REQUIREMENTS:
+=============
+
+PHP 5.3
+PHP-FPM 5.3 (PHP-APC Optional)
+FASTCGI WRAPPER
+NGINX 1.2 or newer
+
+INSTALLATION
+============
+- Install all the required packages from your distro repository.
+- Copy all the files to the configuration folder of nginx.
+- Include the icinga-web.vhost as a nginx virtual host.
+- Restart nginx.
+
+
+DEBIAN EXAMPLE
+==============
+Enable the dotdeb repository to get the latest version of PHP and Nginx (http://www.dotdeb.org)
+# cat > /etc/apt/sources.list.d/dotdeb.list << EOF
+deb http://packages.dotdeb.org squeeze all
+deb-src http://packages.dotdeb.org squeeze all
+EOF
+
+Refresh the package list
+# apt-get update
+
+Upgrade the system
+# apt-get upgrade
+
+Install the required packages
+# apt-get install nginx php5-fpm php-apc fcgiwrap
+
+Configure to your taste the fpm and fcgiwrap config files (default values are almost safe)
+# vi /etc/php5/fpm/php-fpm.conf
+# vi /etc/php5/fpm/php.ini
+# vi /etc/php5/fpm/pool.d/www.conf
+
+Edit the FASTCGI WRAPPER init script, and change the user/group to your selected user:
+# vi /etc/init.d/fcgiwrap
+-FCGI_USER="www-data"
+-FCGI_GROUP="www-data"
++FCGI_USER="icinga"
++FCGI_GROUP="icinga"
+
+
+For more info check their docs.
+
+Copy the config file into the sites-available folder for nginx
+# cp icinga-web.vhost nginx.icinga-web.conf nginx.nagiosbp.conf nginx.pnp4nagios_icinga-web.conf nginx.security.conf /etc/nginx/sites-available
+
+Modify the icinga-web.vhost to include the path to the .conf files
+# vi /etc/nginx/sites-available/icinga-web.vhost
+-    include nginx.security.conf;
++    include /etc/nginx/sites-available/nginx.security.conf;
+
+-    include nginx.icinga.conf;
++    include /etc/nginx/sites-available/nginx.icinga.conf;
+
+-    include nginx.pnp4nagios_icinga-web.conf;
++    include /etc/nginx/sites-available/nginx.pnp4nagios_icinga-web.conf;
+
+-    include nginx.nagiosbp.conf;
++    include /etc/nginx/sites-available/nginx.nagiosbp.conf;
+
+-    include nginx.icinga-web.conf;
++    include /etc/nginx/sites-available/nginx.icinga-web.conf;
+
+Enable the virtual host for icinga classic
+# ln -s /etc/nginx/sites-available/icinga-web.vhost /etc/nginx/sites-enabled/icinga-web.vhost
+
+Change the user of nginx if needed
+# vi /etc/nginx/nginx.conf
+
++ user=icinga;
+
+Restart nginx
+# /etc/init.d/nginx restart
+
+
+Author
+======
+Francisco Miguel Biete <fmbiete at gmail dot com>
diff --git a/contrib/nginx/icinga-web.vhost b/contrib/nginx/icinga-web.vhost
new file mode 100644
index 0000000..80727d9
--- /dev/null
+++ b/contrib/nginx/icinga-web.vhost
@@ -0,0 +1,33 @@
+server {
+    listen 80;
+    server_name icinga-web.domain.com
+
+    rewrite ^(.*) https://$server_name:443$1 permanent;
+}
+
+server {
+    listen 443;
+    server_name icinga-web.domain.com;
+
+    error_log /var/log/nginx/icinga-web_error.log;
+
+    ssl			on;
+    ssl_certificate	/etc/ssl/certs/icinga.pem;
+    ssl_certificate_key	/etc/ssl/private/icinga.key;
+
+    index index.php index.html index.htm;
+
+    include nginx.security.conf;
+
+    include nginx.icinga.conf;
+
+    include nginx.pnp4nagios_icinga-web.conf;
+
+    include nginx.nagiosbp.conf;
+
+    include nginx.icinga-web.conf;
+
+    location = / {
+        rewrite ^/$ /icinga-web/index.php permanent;
+    }
+}
diff --git a/contrib/nginx/nginx.icinga-web.conf b/contrib/nginx/nginx.icinga-web.conf
new file mode 100644
index 0000000..a501f9c
--- /dev/null
+++ b/contrib/nginx/nginx.icinga-web.conf
@@ -0,0 +1,51 @@
+location /icinga-web/styles {
+    alias /usr/local/icinga-web/pub/styles;
+}
+ 
+location /icinga-web/images {
+    alias /usr/local/icinga-web/pub/images;
+}
+
+location /icinga-web/js {
+    alias /usr/local/icinga-web/lib;
+}
+
+location /icinga-web/modules/([A-Za-z0-9]*)/resources/images/([A-Za-z_\-0-9]*\.(png|gif|jpg))$ {
+    alias /usr/local/icinga-web/app/modules/$1/pub/images/$2;
+}
+
+location /icinga-web/modules/([A-Za-z0-9]*)/resources/styles/([A-Za-z0-9]*\.css)$ {
+    alias /usr/local/icinga-web/app/modules/$1/pub/styles/$2;
+}
+
+location /icinga-web/modules/BPAddon/resources {
+    alias /usr/local/icinga-web/app/modules/BPAddon/pub;
+}
+
+location /icinga-web/modules {
+    rewrite ^/icinga-web/(.*)$ /icinga-web/index.php?/$1 last;
+}
+
+location /icinga-web/web {
+    rewrite ^/icinga-web/(.*)$ /icinga-web/index.php?/$1 last;
+}
+
+location ~ ^/modules {
+    rewrite ^/modules/(.*)$ /icinga-web/modules/$1 permanent;
+}
+
+location /icinga-web {
+    alias   /usr/local/icinga-web/pub;
+    index index.php;
+    try_files $uri $uri/ /icinga-web/index.php?$args;
+}
+
+location ~ /icinga-web/(.*)\.php($|/) {
+    include /etc/nginx/fastcgi_params;
+    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_index index.php;
+    fastcgi_split_path_info ^(/icinga-web/.*\.php)(.*);
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_param SCRIPT_FILENAME /usr/local/icinga-web/pub/index.php;
+}
+
diff --git a/contrib/nginx/nginx.nagiosbp.conf b/contrib/nginx/nginx.nagiosbp.conf
new file mode 100644
index 0000000..e067b4e
--- /dev/null
+++ b/contrib/nginx/nginx.nagiosbp.conf
@@ -0,0 +1,19 @@
+location /nagiosbp {
+    alias   /usr/local/nagiosbp/share;
+    auth_basic              "Icinga Access";
+    auth_basic_user_file    /usr/local/icinga/etc/htpasswd.users;
+}
+
+location ~ /nagiosbp/(.*)\.cgi$ {
+    root /usr/local/nagiosbp/sbin;
+    rewrite ^/nagiosbp/cgi-bin/(.*)\.cgi /$1.cgi break;
+    include /etc/nginx/fastcgi_params;
+    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+    fastcgi_index index.php;
+    fastcgi_param  SCRIPT_FILENAME  /usr/local/nagiosbp/sbin$fastcgi_script_name;
+    auth_basic              "Icinga Access";
+    auth_basic_user_file    /usr/local/icinga/etc/htpasswd.users;
+    fastcgi_param  AUTH_USER          $remote_user;
+    fastcgi_param  REMOTE_USER        $remote_user;
+}
+
diff --git a/contrib/nginx/nginx.pnp4nagios_icinga-web.conf b/contrib/nginx/nginx.pnp4nagios_icinga-web.conf
new file mode 100644
index 0000000..b7f510d
--- /dev/null
+++ b/contrib/nginx/nginx.pnp4nagios_icinga-web.conf
@@ -0,0 +1,22 @@
+location ~ /pnp4nagios {
+    alias /usr/local/pnp4nagios/share;
+    index index.php;
+    try_files $uri $uri/ @pnp4nagios;
+}
+
+location @pnp4nagios {
+    if ( $uri !~ /pnp4nagios/index.php(.*)) {
+        rewrite ^/pnp4nagios/(.*)$ /pnp4nagios/index.php/$1;
+        break;
+    }
+
+    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_index index.php;
+    include /etc/nginx/fastcgi_params;
+    # this splits out the trailing path
+    # eg index.php?host -> $fastcgi_path_info == 'host'
+    fastcgi_split_path_info ^(.+\.php)(.*)$;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_param SCRIPT_FILENAME /usr/local/pnp4nagios/share/index.php;
+}
+
diff --git a/contrib/nginx/nginx.security.conf b/contrib/nginx/nginx.security.conf
new file mode 100644
index 0000000..5585189
--- /dev/null
+++ b/contrib/nginx/nginx.security.conf
@@ -0,0 +1,19 @@
+# Security - Basic configuration
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+        expires max;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny access to hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }





More information about the icinga-checkins mailing list