Altering Nginx default configuration, and site templates.

Discussion in 'Installation/Configuration' started by Plutocrat, Jan 27, 2016.

  1. Plutocrat

    Plutocrat New Member

    Hi,
    I've been running ispconfig for a year or so now, and have managed to solve most of my problems through reading the forums and documentation so far. This is a general question about best practices of altering the default configuration of nginx and virtual hosts.
    I have a few improvements over the default nginx configuration, which I want to apply to all sites. I was wondering what the best way of doing this was.
    If this was a standalone server, I'd be happily modifying /etc/nginx.conf and /etc/nginx/sites-enabled. However I'm unclear about what files ispconfig controls, and therefore asking what the best way of modifying them is.

    Snippets:

    All the sites on my installation run Wordpress, and I have a bunch of nginx security directives that I want to include. I know about 'snippets'. However the problem with my rules is that they need to be higher up the configuration file, rather than appended to the end, so when I use snippets they don't work.

    Master vhost config:

    I located the master vhost config file at /usr/local/ispconfig/server/conf/nginx_vhost.conf.master
    I was able to successfully alter that to include a file at /etc/nginx/wp-security.conf with all my changes in. However I've noticed that the changes don't stick. I'm pretty sure that that file is update whenever there is an upgrade of ispconfig. Are there any other circumstances under which this file might get overwritten?
    For now I've written a script to alert me if this file reverts back to a version without my changes, which runs once a day. Obviously this is a bit of a kludge, so I'd like to do it properly. What is the best way of making a change to nginx_vhost.conf.master stick? Is there an override mechanism? (eg a file placed in a certain place would automatically be included in all vhosts, like my system now currently does) If not, perhaps one of these would be useful in the future?

    nginx.conf
    I recently used ispconfig_LetsEncrypt and noticed that this included a couple of lines in the /etc/nginx.conf. file (the 'well-known-hosts' mime type directive), as is required. This presumably is also at risk of being overwritten. Usually when upgrading nginx (on Debian etc) you are given the choice to upgrade this file or not. The default is NOT, and I obviously would pick that. Does Ispconfig make any changes to nginx.conf too, or is that safe to modify, so that changes to that file, would presumably affect all vhosts running on that server.
    (Or am I wrong in that assumption?)

    /etc/nginx/conf.d/*.conf
    In theory any file placed in this directory with the conf extension will be included in the main nginx.conf, after its included all the /etc/nginx/sites-enabled/ files. In practice I haven't been able to get this to work. Would this be a better way of modifying server-wide configuration? Is there a trick to making it work?
    The directive I tested with was server_tokens Off;, which is easy to test for. I'd also like to use some add_header directives. If anyone has sucessfully got those to work serverwide from a conf file in the conf-d directory, I'd love to hear how you did it.

    So there we have the options. What are people using? What is safest? Hoping to promote some discussion here.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Snippets never need to be higher in the nginx config. You probably did not use the ###merge### and ###delete### statements in ISPConfig to add your code in the right sections of the configuration file or to replace default directives.

    Like with all ispconfig template files, manually altered versions have to be put into /usr/local/ispconfig/server/conf-custom/
     
  3. Plutocrat

    Plutocrat New Member

    Thanks Till. This is exactly what I needed. I'm sure I'll figure it out from here.
     
  4. labsy

    labsy Member

    Hi,
    sorry for popping up old thread, but may I ask for some help with both, NGINX directives and default INDEX.HTML/.PHP page placeholder?
    I placed image.jpeg and index.php in /usr/local/ispconfig/server/conf-custom/index/ folder, but those files do not get copied over or linked to new site uppon creation. Where am I missing the point?

    Second problem, how should I add NGINX directive (for Wordpress permalinks) to survive ISPConfig updates? I need to add this:
    Code:
    location / {
    try_files $uri $uri/ /index.php?$args;
    }
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    There is a misunderstanding on what this folder is for, you can only put files there with the same name of an ispconfig template file, files with other file endings or additional files as you did can not be put there.
     
    Richard Foley likes this.
  6. Richard Foley

    Richard Foley Member

    You should create a new thread for a new question.

    For your second problem, you should be able to add System -> Directive Snippets to make life a bit easier.

     
  7. ahrasis

    ahrasis Well-Known Member

    As per website / web domain:
    Sites > Websites > Web Domain > Option > Nginx Directives

    But I think @Richard Foley advise is the best approach so you can simply select it later at the same place.
     
    Richard Foley likes this.

Share This Page