Nginx (separate LXC)
October 16, 2024 09:14AM
Hi,

ich habe einen VPS, wo ich mehrere Server verwalte.
Mitunter habe ich einen Server für Nextcloud.
Nun hatte ich alles auf einem Server installiert, der auf 10.10.10.50/24 mit Gateway 10.10.10.1 läuft.
Da ich mehrere Applikationen auf verschiedenen Server (LXC Containern) laufen lassen möchte, möchte ich nicht jedesmal nginx in jedem Container installieren, sondern einen Container, wo ich alle Nginx Server Blöcke laufen lasse.

Beispiel:
Nextcloud: 10.10.10.50/24 mit Gateway 10.10.10.1 und Pfad /var/www/nextcloud/index.php
Joomla: 10.10.10.51/24 mit Gateway 10.10.10.1 und Pfad /var/www/joomla/index.php

Ich möchte also alle Applikationen jeweils in einem separaten LXC Container.
Bisher habe ich es geschafft, dass alles z.B. Nextcloud mit Nginx in einem Container lief.
Ich schaffe es aber nicht, dass die beiden Applikationen zu trennen.

Kann mir da jemand paar Tips geben.
Die Config, bei der das lief, sah wie folgt aus:

apt install nginx -y
systemctl enable nginx
nano /etc/nginx/sites-available/nextcloud.mydomain.de

<code>
server {
listen 80;
listen [::]:80;
server_name nextcloud.mydomain.de;

# Add headers to serve security related headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;

#I found this header is needed on Ubuntu, but not on Arch Linux.
add_header X-Frame-Options "SAMEORIGIN";

# Path to the root of your installation
root /var/www/nextcloud/;

access_log /var/log/nginx/nextcloud.access;
error_log /var/log/nginx/nextcloud.error;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

location ~ /.well-known/acme-challenge {
allow all;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
rewrite ^ /index.php;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;

###################################################
###################################################
# !!!!!!!!!!!!!!!! ACHTUNG: fastcgi_pass unix:/run/php/php8.3-fpm.sock; ! PHP Version muss angepasst werden!
# Ensure you’re using the correct highlighted version of PHP-FPM in the configuration file.
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
###################################################
###################################################

fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
</code>

ln -s /etc/nginx/sites-available/nextcloud.mydomain.de /etc/nginx/sites-enabled/
chown www-data:www-data /var/www/nextcloud/ -R
nginx -t
systemctl reload nginx
certbot --nginx -d nextcloud.mydomain.de
cd /etc/letsencrypt/live/nextcloud.mydomain.de/
ls -a



Edited 1 time(s). Last edit at 10/16/2024 09:15AM by wolkegerm.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 160
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready