ownCloud в связке nginx and MySQL в среде jail

  1. install plugin jail
  2. start plugins
  3. go into jail via ssh console ("jsl" -> "jexec [ID] tcsh")
  4. "portsnap fetch extract"
  5. "pkg_delete --force pkg-config-0.25_1"
  6. "cd /usr/ports/devel/pkgconf && make install clean"
  7. "cd /usr/ports/www/nginx && make install clean" (+ HTTP_DAV, HTTP_FLV, HTTP_GZIP_STATIC, HTTP_PERL, HTTP_SSL)
  8. "cd /usr/ports/lang/php5 && make install clean" (+ FPM)
  9. accept all configs after this with no changes
  10. "cd /usr/ports/lang/php5-extensions && make install" (+ CURL, GD, MBSTRING, MySQL, MySQLi, PDO_MySQL, ZIP, ZLIB)
  11. accept all config after this with no changes
  12. "cd /usr/ports/databases/mysql55-server/ && make install clean"
  13. insert into /etc/rc.conf: mysql_enable="YES" nginx_enable="YES" php_fpm_enable="YES"
  14. "/usr/local/bin/mysql -u root"
  15. mysql> UPDATE mysql.user SET Password = PASSWORD('newpwd') -> WHERE User = 'root'; mysql> FLUSH PRIVILEGES;
  16. mysql> CREATE USER 'ownCloud'@'localhost' IDENTIFIED BY 'some_pass';
  17. mysql> CREATE DATABASE ownCloud;
  18. mysql> GRANT ALL PRIVILEGES ON ownCloud.* TO 'ownCloud'@'localhost';
  19. "cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini"
  20. "cd /usr/local/etc/nginx"
  21. openssl genrsa -des3 -out server.key 1024
  22. openssl req -new -key server.key -out server.csr
  23. openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
  24. cp server.key server.key.orig
  25. openssl rsa -in server.key.orig -out server.key

And use this as php-fpm.conf:

Code:

	
[global]
pid = run/php-fpm.pid

[ownCloud]
listen = /var/run/phph-fpm.socket
listen.owner = www 
listen.group = www
listen.mode = 0666

listen.backlog = -1
listen.allowed_clients = 127.0.0.1

user = www 
group = www 

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
 
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp


This as nginx.conf: Code:

	
user  www;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /var/run/nginx.pid;


events {
	worker_connections  1024;
}


http {
	include       mime.types;
	default_type  application/octet-stream;

	log_format  main  	'$remote_addr - $remote_user [$time_local] "$request" '
						'$status $body_bytes_sent "$http_referer" '
						'"$http_user_agent" "$http_x_forwarded_for"';

	#access_log  logs/access.log  main;

	# GENERAL
    ignore_invalid_headers  on;
    sendfile                on;
    server_name_in_redirect off;
    server_tokens           off;

    # TCP
    tcp_nodelay off;
    tcp_nopush  on;

    # TIMEOUTS
    client_body_timeout   65;
    client_header_timeout 65;
    keepalive_timeout     65 65;
    send_timeout          65;

    # COMPRESSION
    gzip              on;
    #gzip_static       on;
    gzip_buffers      256 8k;
    gzip_comp_level   9;
    gzip_http_version 1.0;
    gzip_min_length   0;
    gzip_types        text/css text/javascript text/mathml text/plain text/xml application/x-javascript application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml;
    gzip_vary         on;
    gzip_disable      "MSIE [1-6]\.(?!.*SV1)";
	
	# redirect http to https.
	server {
		listen 80;
		rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
	}

	# owncloud (ssl/tls)
	server {
		listen 443 ssl;
		ssl_certificate /usr/local/etc/nginx/server.crt;
		ssl_certificate_key /usr/local/etc/nginx/server.key;
		root /usr/local/www/ownCloud;
		index index.php;
		client_max_body_size 1000M; # set maximum upload size
		
		# deny direct access
		location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
			deny all;
		}

		# default try order
		location / {
			try_files $uri $uri/ @webdav;
		}

		# owncloud WebDAV
		location @webdav {
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_pass unix:/var/run/phph-fpm.socket;
			fastcgi_param HTTPS on;
			include fastcgi_params;
		}

		# enable php
		location ~ \.php$ {
			fastcgi_pass unix:/var/run/phph-fpm.socket;   
			fastcgi_param HTTPS on;
			include fastcgi_params;
		}
	}
}


And this as fastcgi_params:

Code:
	

fastcgi_index  index.php;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

источник