[GH-ISSUE #142] Specific instructions for running Cypht behind a reverse proxy, such as nginx?

kerem commented

2026-02-25 21:34:12 +03:00

Owner

Originally created by @ghost on GitHub (Oct 27, 2016).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/142

Originally assigned to: @jasonmunro on GitHub.

Hi,

Jason Munro & Cypht contributors,
Thank you for working on Cypht!

I wanted to ask if there were specific instructions for running Cypht behind a reverse proxy, such as nginx.

The reason I ask is this:
https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy

Can those instructions be used for Cypht as well?

Manas

Edit
I found these instructions:
https://www.nginx.com/resources/admin-guide/reverse-proxy/

Originally created by @ghost on GitHub (Oct 27, 2016). Original GitHub issue: https://github.com/cypht-org/cypht/issues/142 Originally assigned to: @jasonmunro on GitHub. Hi, Jason Munro & Cypht contributors, Thank you for working on Cypht! I wanted to ask if there were specific instructions for running Cypht behind a reverse proxy, such as nginx. The reason I ask is this: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy Can those instructions be used for Cypht as well? Manas _Edit_ I found these instructions: https://www.nginx.com/resources/admin-guide/reverse-proxy/

kerem

2026-02-25 21:34:12 +03:00

closed this issue
added the
core
label

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@ghost commented on GitHub (Oct 28, 2016):

Hi,

These are the settings I am currently using.
The login page shows up, I will update when I have tried logging in.

location /mail/ {
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_bind              $InternalIP1;
        proxy_pass              $InternalIP2:80/;
        proxy_read_timeout      90;

        proxy_redirect          http://$InternalIP:80/ https://$domain.$tld/mail/;
}

Edit
Was unable to log in to my test account. While that means that I have authentication systems to update, the above location block for nginx fuctions as a reverse-proxy that operates at https://domain.tld/email/

@ghost commented on GitHub (Oct 28, 2016): Hi, These are the settings I am currently using. The login page shows up, I will update when I have tried logging in. ``` location /mail/ { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_bind $InternalIP1; proxy_pass $InternalIP2:80/; proxy_read_timeout 90; proxy_redirect http://$InternalIP:80/ https://$domain.$tld/mail/; } ``` _Edit_ Was unable to log in to my test account. While that means that I have authentication systems to update, the above `location` block for nginx fuctions as a reverse-proxy that operates at https://domain.tld/email/

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@ghost commented on GitHub (Oct 29, 2016):

Update

Logging in is functional on my deployment of Cypht, which is behind an nginx reverse-proxy.

I had to add a <base href="https://domain.tld/mail/"> tag to modules/core/output_modules.php for most links/buttons to work. Clicking on the 'Send' button on the compose page produces unexpected behavior, for example. I get directed to https://domain.tld/?... instead.
@jasonmunro Do you have any suggestions on how this could be fixed?

@ghost commented on GitHub (Oct 29, 2016): _Update_ Logging in is functional on my deployment of Cypht, which is behind an nginx reverse-proxy. I had to add a `<base href="https://domain.tld/mail/">` tag to `modules/core/output_modules.php` for _most_ links/buttons to work. Clicking on the 'Send' button on the compose page produces unexpected behavior, for example. I get directed to `https://domain.tld/?...` instead. @jasonmunro Do you have any suggestions on how this could be fixed?

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@jasonmunro commented on GitHub (Oct 31, 2016):

Hello!
I have not tried to run Cypht behind a nginx reverse proxy, but I believe @chlarsen was able to get it working without making any code changes (I'm not against adding a base url option if it helps with compatibility). I vaguely recall it basically came down to cookie related issues, and the following setting helped:

http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain

The full thread is here: https://github.com/jasonmunro/cypht/issues/119 (it's REALLY long and winding, so it's a bit hard to pick out the specific proxy related bits). I would like to start adding some stuff to our wiki to help new users with issues that others have already resolved, this would be a good candidate for that once we iron out the situation. If none of the above helps, I will take some time to setup a reverse proxy locally and test it out.

Thanks for the feedback!

@jasonmunro commented on GitHub (Oct 31, 2016): Hello! I have not tried to run Cypht behind a nginx reverse proxy, but I believe @chlarsen was able to get it working without making any code changes (I'm not against adding a base url option if it helps with compatibility). I vaguely recall it basically came down to cookie related issues, and the following setting helped: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain The full thread is here: https://github.com/jasonmunro/cypht/issues/119 (it's REALLY long and winding, so it's a bit hard to pick out the specific proxy related bits). I would like to start adding some stuff to our wiki to help new users with issues that others have already resolved, this would be a good candidate for that once we iron out the situation. If none of the above helps, I will take some time to setup a reverse proxy locally and test it out. Thanks for the feedback!

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@chlarsen commented on GitHub (Nov 1, 2016):

Dear manasb,
Before getting into the Nginx reverse proxy setup, how do you serve PHP?
Thanks for letting me know,
Chris

@chlarsen commented on GitHub (Nov 1, 2016): Dear manasb, Before getting into the Nginx reverse proxy setup, how do you serve PHP? Thanks for letting me know, Chris

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@ghost commented on GitHub (Nov 1, 2016):

@jasonmunro @chlarsen

Hi, thanks for your responses :)

I'll try and wade through the thread you shared, there may be other useful information in there too.

I did have to change my nginx config slightly, I have added in a few rewrite rules to send traffic to the right place. This is what it looks like:

location /mail {
        rewrite                 ^(/mail)$       / break;
        rewrite                 ^(/mail/)$      / break;
        rewrite                 ^(/mail)(/.*)$  $2 break;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_bind              $Ext-jail;
        proxy_pass              http://$Cypht-jail;
        proxy_read_timeout      90;

        proxy_redirect          http://$Cypht-jail/ https://domain.tld/mail/;
}

@chlarsen nginx, PHP & Cypht are in a separate FreeBSD jail (Cypht-jail) while the nginx server that receives HTTPS connections from the internet is in its own jail (Ext-jail). Cypht-jail runs php56 & php-fpm, nginx uses FastCGI to process PHP files. The two jails are connected through a 192.168.0.0/24 subnet. Does this answer your question?

I have also tried converting links to absolute URLS, but I'll admit I'm mostly making haphazard guesses as to where the issue with the 'Send' button is.
As I mentioned earlier, after I click the 'Send' button, I get redirected to the $domain.tld/?page=compose URL, instead of $domain.tld/mail/?page=compose.
Since I've made a number of changes to the copy of Cypht that I'm currently running, I will start testing again with a fresh copy of Cypht.

I have tried my best to follow the relevant documentation for the various programs I am using but I may have misunderstood some parts, if that is the case please do let me know.

Edit
proxy_cookie_domain looks useful, thanks 👍

@ghost commented on GitHub (Nov 1, 2016): @jasonmunro @chlarsen Hi, thanks for your responses :) I'll try and wade through the thread you shared, there may be other useful information in there too. I did have to change my `nginx` config slightly, I have added in a few rewrite rules to send traffic to the right place. This is what it looks like: ``` location /mail { rewrite ^(/mail)$ / break; rewrite ^(/mail/)$ / break; rewrite ^(/mail)(/.*)$ $2 break; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_bind $Ext-jail; proxy_pass http://$Cypht-jail; proxy_read_timeout 90; proxy_redirect http://$Cypht-jail/ https://domain.tld/mail/; } ``` @chlarsen nginx, PHP & Cypht are in a separate FreeBSD jail (Cypht-jail) while the nginx server that receives HTTPS connections from the internet is in its own jail (Ext-jail). Cypht-jail runs php56 & php-fpm, nginx uses FastCGI to process PHP files. The two jails are connected through a 192.168.0.0/24 subnet. Does this answer your question? I have also tried converting links to absolute URLS, but I'll admit I'm mostly making haphazard guesses as to where the issue with the 'Send' button is. As I mentioned earlier, after I click the 'Send' button, I get redirected to the `$domain.tld/?page=compose` URL, instead of `$domain.tld/mail/?page=compose`. Since I've made a number of changes to the copy of Cypht that I'm currently running, I will start testing again with a fresh copy of Cypht. I have tried my best to follow the relevant documentation for the various programs I am using but I may have misunderstood some parts, if that is the case please do let me know. _Edit_ `proxy_cookie_domain` looks useful, thanks :+1:

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@chlarsen commented on GitHub (Nov 2, 2016):

TRY TO USE THIS FOR NGINX RUNNING AS REVERSE PROXY:

Configure Nginx as Proxy for PHP Applications in a Sub-URI via SSL

:!: Use the following to serve the PHP application [instance] via https://www.[my.domain]/[instance], with redirection from http://[instance].[my.domain] and http://www.[my.domain]/[instance].

Set the required variables:

setenv VIRTUAL_DOMAIN [my.domain]
setenv INSTANCE [instance]
setenv PROXY_CACHE_EXPIRY [validity of proxy cache with unit (m|h|d|w)]
setenv APPLICATION_SERVER www_php.jail.vlan
setenv APPLICATION_PORT [10000]
setenv SHORTCUT [shortcut]
setenv SHORTCUT_DOMAIN ${SHORTCUT}.${VIRTUAL_DOMAIN}

:!: Replace placeholders in [brackets] as required.
:!: Increment APPLICATION_PORT by +1 for each instance, and keep it in sync with the PHP-FPM UID.
:!: Set PROXY_CACHE_EXPIRY to 0 to disable caching.

From within the jail, create the [instance]-specific http configuration file as follows:

echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' # redirect to https' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' return 301 https://$host$request_uri;' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf

From within the jail, create the [instance]-specific https configuration file as follows:

echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo " # add trailing slash to /${INSTANCE}" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo " rewrite ^/{INSTANCE}"' https://$host/'"${INSTANCE}/ permanent;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo " # enable proxy cache" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo " proxy_cache ${VIRTUAL_DOMAIN}_proxy_cache;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo " expires ${PROXY_CACHE_EXPIRY};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo ' # try to serve static files from Nginx' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo ' try_files $uri $uri/ @'"${INSTANCE};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo "location @${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo " proxy_pass http://${APPLICATION_SERVER}:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf

We also want to redirect requests from http://[shortcut].my.domain to http://www.my.domain/[instance].
From within the jail, create the [instance]-specific vhosts file:

unsetenv VIRTUAL_DOMAIN INSTANCE APPLICATION_SERVER APPLICATION_PORT SHORTCUT SHORTCUT_DOMAIN

TRY TO USE THIS FOR NGINX SERVING PHP VIA FASTCGI:

Configure Nginx for Per-Instance Use Within a Virtual Domain

From within the jail, and for each instance, create include and root directories:

setenv INSTANCE [instance]
setenv VIRTUAL_DOMAIN [my.domain]
setenv APPLICATION_PORT [10000]
mkdir -p /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http /usr/local/etc/nginx/include/server /usr/local/etc/nginx/include/vhosts
mkdir -p /home/www_php/${VIRTUAL_DOMAIN}
chown root:www /home/www_php /home/www_php/${VIRTUAL_DOMAIN}
chmod 755 /home/www_php /home/www_php/${VIRTUAL_DOMAIN}

:!: Replace placeholders in [brackets] with their appropriate values.
:!: Increment APPLICATION_PORT by +1 for every instance.

From within the jail, create the [instance]-specific vhosts configuration file as follows:

echo '# http virtual server settings' > /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo 'server {' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo ' # define one of your virtual server as default to avoid erratically forwarded domain names' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo " listen 127.0.1.106:${APPLICATION_PORT} default;">> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo " #listen 127.0.1.106:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo " server_name www.${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo ' # include configuration files' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo " include include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/*;" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
echo '}' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}

:!: Configure one of your virtual domain servers as default to avoid erratically forwarded domain names in http headers.

From within the jail, create the server configuration file as follows:

echo "# user limits" > /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo "# define domain-specific zone which uses < 1 MByte to store session information" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo 'limit_conn_zone $binary_remote_addr zone='"${INSTANCE}.${VIRTUAL_DOMAIN}:1m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo '' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo '# fastcgi cache setting' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo '# set the fastcgi cache path and related parameters' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo '# delete cache data, if not requested for 1 day, with maximum size of 128 Mbyte' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
echo "fastcgi_cache_path /var/tmp/nginx/fastcgi_cache_${INSTANCE}.${VIRTUAL_DOMAIN} levels=1:2 keys_zone=${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache:100m inactive=60m max_size=128m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}

From within the jail, create the default http configuration file as follows:

echo '# set document root' > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
echo "root /home/www_php/${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
echo '' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
echo '# prohibit execution of hidden php code inside an uploaded file' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
echo ' location ~ ../..php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
echo ' return 403;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf

From within the jail, create the [instance]-specific http configuration file as follows:

echo "# pass the PHP scripts for ${INSTANCE} to the FastCGI server" > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo 'location ~ .php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' # Note: Set "cgi.fix_pathinfo = 0;" in php.ini' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' fastcgi_split_path_info ^(.+.php)(/.*)$;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo " fastcgi_pass unix:/var/run/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}.sock;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' fastcgi_index index.php;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo " fastcgi_cache ${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' fastcgi_cache_valid 200 60m;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo ' include fastcgi_params;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf

Good luck!
Chris

@chlarsen commented on GitHub (Nov 2, 2016): TRY TO USE THIS FOR NGINX RUNNING AS REVERSE PROXY: Configure Nginx as Proxy for PHP Applications in a Sub-URI via SSL :!: Use the following to serve the PHP application [instance] via https://www.[my.domain]/[instance], with redirection from http://[instance].[my.domain] and http://www.[my.domain]/[instance]. Set the required variables: setenv VIRTUAL_DOMAIN [my.domain] setenv INSTANCE [instance] setenv PROXY_CACHE_EXPIRY [validity of proxy cache with unit (m|h|d|w)] setenv APPLICATION_SERVER www_php.jail.vlan setenv APPLICATION_PORT [10000] setenv SHORTCUT [shortcut] setenv SHORTCUT_DOMAIN ${SHORTCUT}.${VIRTUAL_DOMAIN} :!: Replace placeholders in [brackets] as required. :!: Increment APPLICATION_PORT by +1 for each instance, and keep it in sync with the PHP-FPM UID. :!: Set PROXY_CACHE_EXPIRY to 0 to disable caching. From within the jail, create the [instance]-specific http configuration file as follows: echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' # redirect to https' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' return 301 https://$host$request_uri;' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf From within the jail, create the [instance]-specific https configuration file as follows: echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo " # add trailing slash to /${INSTANCE}" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo " rewrite ^/${INSTANCE}"'$ https://$host/'"${INSTANCE}/ permanent;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo " # enable proxy cache" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo " proxy_cache ${VIRTUAL_DOMAIN}_proxy_cache;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo " expires ${PROXY_CACHE_EXPIRY};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo ' # try to serve static files from Nginx' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo ' try_files $uri $uri/ @'"${INSTANCE};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo "location @${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo " proxy_pass http://${APPLICATION_SERVER}:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf We also want to redirect requests from http://[shortcut].my.domain to http://www.my.domain/[instance]. From within the jail, create the [instance]-specific vhosts file: unsetenv VIRTUAL_DOMAIN INSTANCE APPLICATION_SERVER APPLICATION_PORT SHORTCUT SHORTCUT_DOMAIN --- TRY TO USE THIS FOR NGINX SERVING PHP VIA FASTCGI: Configure Nginx for Per-Instance Use Within a Virtual Domain From within the jail, and for each instance, create include and root directories: setenv INSTANCE [instance] setenv VIRTUAL_DOMAIN [my.domain] setenv APPLICATION_PORT [10000] mkdir -p /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http /usr/local/etc/nginx/include/server /usr/local/etc/nginx/include/vhosts mkdir -p /home/www_php/${VIRTUAL_DOMAIN} chown root:www /home/www_php /home/www_php/${VIRTUAL_DOMAIN} chmod 755 /home/www_php /home/www_php/${VIRTUAL_DOMAIN} :!: Replace placeholders in [brackets] with their appropriate values. :!: Increment APPLICATION_PORT by +1 for every instance. From within the jail, create the [instance]-specific vhosts configuration file as follows: echo '# http virtual server settings' > /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo 'server {' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo ' # define one of your virtual server as default to avoid erratically forwarded domain names' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo " listen 127.0.1.106:${APPLICATION_PORT} default;">> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo " #listen 127.0.1.106:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo " server_name www.${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo ' # include configuration files' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo " include include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/*;" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} echo '}' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} :!: Configure one of your virtual domain servers as default to avoid erratically forwarded domain names in http headers. From within the jail, create the server configuration file as follows: echo "# user limits" > /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo "# define domain-specific zone which uses < 1 MByte to store session information" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo 'limit_conn_zone $binary_remote_addr zone='"${INSTANCE}.${VIRTUAL_DOMAIN}:1m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo '' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo '# fastcgi cache setting' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo '# set the fastcgi cache path and related parameters' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo '# delete cache data, if not requested for 1 day, with maximum size of 128 Mbyte' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} echo "fastcgi_cache_path /var/tmp/nginx/fastcgi_cache_${INSTANCE}.${VIRTUAL_DOMAIN} levels=1:2 keys_zone=${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache:100m inactive=60m max_size=128m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} From within the jail, create the default http configuration file as follows: echo '# set document root' > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf echo "root /home/www_php/${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf echo '' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf echo '# prohibit execution of hidden php code inside an uploaded file' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf echo ' location ~ .._/._.php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf echo ' return 403;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf From within the jail, create the [instance]-specific http configuration file as follows: echo "# pass the PHP scripts for ${INSTANCE} to the FastCGI server" > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo 'location ~ .php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' # Note: Set "cgi.fix_pathinfo = 0;" in php.ini' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' fastcgi_split_path_info ^(.+.php)(/.*)$;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo " fastcgi_pass unix:/var/run/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}.sock;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' fastcgi_index index.php;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo " fastcgi_cache ${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' fastcgi_cache_valid 200 60m;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo ' include fastcgi_params;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf --- Good luck! Chris

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@ghost commented on GitHub (Nov 2, 2016):

That's interesting.

There aren't many comments so I guess I'll look up manuals for a few hours haha 👍

@ghost commented on GitHub (Nov 2, 2016): That's interesting. There aren't many comments so I guess I'll look up manuals for a few hours haha :+1:

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@chlarsen commented on GitHub (Nov 3, 2016):

Exactly ;-)

@chlarsen commented on GitHub (Nov 3, 2016): Exactly ;-)

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@ghost commented on GitHub (Nov 12, 2016):

I have tried to improve the formatting of the post above.
I'll add more comments after I have tried the suggestions.
I have to be able to read it first.

Try to use this for `nginx` running as a reverse proxy

Configure Nginx as Proxy for PHP Applications in a Sub-URI via SSL

Use the following to serve the PHP application [instance] via https://www.[my.domain]/[instance],
with redirection from http://[instance].[my.domain]
and http://www.[my.domain]/[instance]

Set the required variables:

$ setenv VIRTUAL_DOMAIN [my.domain]
$ setenv INSTANCE [instance]
$ setenv PROXY_CACHE_EXPIRY [validity of proxy cache with unit (m|h|d|w)]
$ setenv APPLICATION_SERVER www_php.jail.vlan
$ setenv APPLICATION_PORT [10000]
$ setenv SHORTCUT [shortcut]
$ setenv SHORTCUT_DOMAIN ${SHORTCUT}.${VIRTUAL_DOMAIN}

Replace placeholders in [brackets] as required.
Increment APPLICATION_PORT by +1 for each instance, and keep it in sync with the PHP-FPM UID.
Set PROXY_CACHE_EXPIRY to 0 to disable caching.

From within the jail, create the [instance]-specific http configuration file as follows:

$ echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' # redirect to https' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' return 301 https://$host$request_uri;' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf

From within the jail, create the [instance]-specific https configuration file as follows:

$ echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo " # add trailing slash to /${INSTANCE}" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo " rewrite ^/${INSTANCE}"'$ https://$host/'"${INSTANCE}/ permanent;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo " # enable proxy cache" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo " proxy_cache ${VIRTUAL_DOMAIN}_proxy_cache;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo " expires ${PROXY_CACHE_EXPIRY};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo ' # try to serve static files from Nginx' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo ' try_files $uri $uri/ @'"${INSTANCE};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo "location @${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo " proxy_pass http://${APPLICATION_SERVER}:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf
$ echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf

We also want to redirect requests from http://[shortcut].my.domain to http://www.my.domain/[instance]

From within the jail, create the [instance]-specific vhosts file:

$ unsetenv VIRTUAL_DOMAIN INSTANCE APPLICATION_SERVER APPLICATION_PORT SHORTCUT SHORTCUT_DOMAIN

Try to use this for `nginx` serving `PHP` via `FASTCGI`

Configure nginx for Per-Instance Use Within a Virtual Domain

From within the jail, and for each instance, create include and root directories:

$ setenv INSTANCE [instance]
$ setenv VIRTUAL_DOMAIN [my.domain]
$ setenv APPLICATION_PORT [10000]
$ mkdir -p /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http /usr/local/etc/nginx/include/server /usr/local/etc/nginx/include/vhosts
$ mkdir -p /home/www_php/${VIRTUAL_DOMAIN}
$ chown root:www /home/www_php /home/www_php/${VIRTUAL_DOMAIN}
$ chmod 755 /home/www_php /home/www_php/${VIRTUAL_DOMAIN}

Replace placeholders in [brackets] with their appropriate values.
Increment APPLICATION_PORT by +1 for every instance.

From within the jail, create the [instance]-specific vhosts configuration file as follows:

$ echo '# http virtual server settings' > /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo 'server {' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo ' # define one of your virtual server as default to avoid erratically forwarded domain names' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo " listen 127.0.1.106:${APPLICATION_PORT} default;">> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo " #listen 127.0.1.106:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo " server_name www.${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}

$ echo ' # include configuration files' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo " include include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/*;" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo '}' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN}

Configure one of your virtual domain servers as default to avoid erratically forwarded domain names in http headers.

From within the jail, create the server configuration file as follows:

$ echo "# user limits" > /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo "# define domain-specific zone which uses < 1 MByte to store session information" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo 'limit_conn_zone $binary_remote_addr zone='"${INSTANCE}.${VIRTUAL_DOMAIN}:1m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo '' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo '# fastcgi cache setting' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo '# set the fastcgi cache path and related parameters' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo '# delete cache data, if not requested for 1 day, with maximum size of 128 Mbyte' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}
$ echo "fastcgi_cache_path /var/tmp/nginx/fastcgi_cache_${INSTANCE}.${VIRTUAL_DOMAIN} levels=1:2 keys_zone=${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache:100m inactive=60m max_size=128m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN}

From within the jail, create the default http configuration file as follows:

$ echo '# set document root' > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
$ echo "root /home/www_php/${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
$ echo '' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
$ echo '# prohibit execution of hidden php code inside an uploaded file' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
$ echo ' location ~ ../..php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
$ echo ' return 403;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf
$ echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf

From within the jail, create the [instance]-specific http configuration file as follows:

$ echo "# pass the PHP scripts for ${INSTANCE} to the FastCGI server" > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo 'location ~ .php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' # Note: Set "cgi.fix_pathinfo = 0;" in php.ini' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' fastcgi_split_path_info ^(.+.php)(/.*)$;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo " fastcgi_pass unix:/var/run/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}.sock;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' fastcgi_index index.php;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo " fastcgi_cache ${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' fastcgi_cache_valid 200 60m;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo ' include fastcgi_params;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf
$ echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf

@ghost commented on GitHub (Nov 12, 2016): > I have tried to improve the formatting of the post above. > I'll add more comments after I have tried the suggestions. > I have to be able to read it first. --- ## Try to use this for `nginx` running as a reverse proxy - Configure Nginx as Proxy for PHP Applications in a Sub-URI via SSL Use the following to serve the PHP application `[instance]` via `https://www.[my.domain]/[instance]`, with redirection from `http://[instance].[my.domain]` and `http://www.[my.domain]/[instance]` > Set the required variables: ``` shell $ setenv VIRTUAL_DOMAIN [my.domain] $ setenv INSTANCE [instance] $ setenv PROXY_CACHE_EXPIRY [validity of proxy cache with unit (m|h|d|w)] $ setenv APPLICATION_SERVER www_php.jail.vlan $ setenv APPLICATION_PORT [10000] $ setenv SHORTCUT [shortcut] $ setenv SHORTCUT_DOMAIN ${SHORTCUT}.${VIRTUAL_DOMAIN} ``` Replace placeholders in `[brackets]` as required. Increment `APPLICATION_PORT` by `+1` for each instance, and keep it in sync with the `PHP-FPM UID`. Set `PROXY_CACHE_EXPIRY` to `0` to disable caching. > From within the jail, create the `[instance]`-specific http configuration file as follows: ``` shell $ echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' # redirect to https' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' return 301 https://$host$request_uri;' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf ``` > From within the jail, create the `[instance]`-specific `https` configuration file as follows: ``` shell $ echo "# handle ${INSTANCE} at /${INSTANCE}" > /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo "location /${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo " # add trailing slash to /${INSTANCE}" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo " rewrite ^/${INSTANCE}"'$ https://$host/'"${INSTANCE}/ permanent;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo " # enable proxy cache" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo " proxy_cache ${VIRTUAL_DOMAIN}_proxy_cache;" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo " expires ${PROXY_CACHE_EXPIRY};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo ' # try to serve static files from Nginx' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo ' try_files $uri $uri/ @'"${INSTANCE};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo "location @${INSTANCE} {" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo " proxy_pass http://${APPLICATION_SERVER}:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf $ echo '}' >> /usr/local/etc/nginx/include/${VIRTUAL_DOMAIN}/https/${INSTANCE}.conf ``` We also want to redirect requests from `http://[shortcut].my.domain` to `http://www.my.domain/[instance]` > From within the jail, create the `[instance]`-specific vhosts file: ``` shell $ unsetenv VIRTUAL_DOMAIN INSTANCE APPLICATION_SERVER APPLICATION_PORT SHORTCUT SHORTCUT_DOMAIN ``` ## Try to use this for `nginx` serving `PHP` via `FASTCGI` - Configure `nginx` for Per-Instance Use Within a Virtual Domain > From within the jail, and for each instance, create include and root directories: ``` shell $ setenv INSTANCE [instance] $ setenv VIRTUAL_DOMAIN [my.domain] $ setenv APPLICATION_PORT [10000] $ mkdir -p /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http /usr/local/etc/nginx/include/server /usr/local/etc/nginx/include/vhosts $ mkdir -p /home/www_php/${VIRTUAL_DOMAIN} $ chown root:www /home/www_php /home/www_php/${VIRTUAL_DOMAIN} $ chmod 755 /home/www_php /home/www_php/${VIRTUAL_DOMAIN} ``` Replace placeholders in `[brackets]` with their appropriate values. Increment `APPLICATION_PORT` by `+1` for every instance. > From within the jail, create the `[instance]`-specific vhosts configuration file as follows: ``` shell $ echo '# http virtual server settings' > /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo 'server {' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo ' # define one of your virtual server as default to avoid erratically forwarded domain names' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo " listen 127.0.1.106:${APPLICATION_PORT} default;">> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo " #listen 127.0.1.106:${APPLICATION_PORT};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo " server_name www.${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} ``` ``` shell $ echo ' # include configuration files' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo " include include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/*;" >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo '}' >> /usr/local/etc/nginx/include/vhosts/${INSTANCE}.${VIRTUAL_DOMAIN} ``` Configure one of your virtual domain servers as default to avoid erratically forwarded domain names in http headers. > From within the jail, create the server configuration file as follows: ``` shell $ echo "# user limits" > /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo "# define domain-specific zone which uses < 1 MByte to store session information" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo 'limit_conn_zone $binary_remote_addr zone='"${INSTANCE}.${VIRTUAL_DOMAIN}:1m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo '' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo '# fastcgi cache setting' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo '# set the fastcgi cache path and related parameters' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo '# delete cache data, if not requested for 1 day, with maximum size of 128 Mbyte' >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} $ echo "fastcgi_cache_path /var/tmp/nginx/fastcgi_cache_${INSTANCE}.${VIRTUAL_DOMAIN} levels=1:2 keys_zone=${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache:100m inactive=60m max_size=128m;" >> /usr/local/etc/nginx/include/server/${INSTANCE}.${VIRTUAL_DOMAIN} ``` > From within the jail, create the default `http` configuration file as follows: ``` shell $ echo '# set document root' > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf $ echo "root /home/www_php/${VIRTUAL_DOMAIN};" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf $ echo '' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf $ echo '# prohibit execution of hidden php code inside an uploaded file' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf $ echo ' location ~ ../..php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf $ echo ' return 403;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf $ echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/default.conf ``` > From within the jail, create the [instance]-specific http configuration file as follows: ``` shell $ echo "# pass the PHP scripts for ${INSTANCE} to the FastCGI server" > /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo 'location ~ .php$ {' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' # Note: Set "cgi.fix_pathinfo = 0;" in php.ini' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' fastcgi_split_path_info ^(.+.php)(/.*)$;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo " fastcgi_pass unix:/var/run/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}/php-fpm_${INSTANCE}.${VIRTUAL_DOMAIN}.sock;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' fastcgi_index index.php;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo " fastcgi_cache ${INSTANCE}.${VIRTUAL_DOMAIN}_fastcgi_cache;" >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' fastcgi_cache_valid 200 60m;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo ' include fastcgi_params;' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf $ echo '}' >> /usr/local/etc/nginx/include/${INSTANCE}.${VIRTUAL_DOMAIN}/http/${INSTANCE}.conf ```

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@jasonmunro commented on GitHub (Nov 12, 2016):

This would make a great wiki page! https://github.com/jasonmunro/cypht/wiki

@jasonmunro commented on GitHub (Nov 12, 2016): This would make a great wiki page! https://github.com/jasonmunro/cypht/wiki

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@chlarsen commented on GitHub (Nov 13, 2016):

Excellent idea!

@chlarsen commented on GitHub (Nov 13, 2016): Excellent idea!

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@jasonmunro commented on GitHub (Nov 16, 2016):

@manasb Awesome! Thanks for creating a wiki page for this!

@jasonmunro commented on GitHub (Nov 16, 2016): @manasb Awesome! Thanks for creating a wiki page for this!

kerem commented

2026-02-25 21:34:13 +03:00

Author

Owner

@jasonmunro commented on GitHub (Nov 30, 2016):

@manasb any update on this? I know you created the wiki page, but is this working? If so, lets close this issue. Thanks!

@jasonmunro commented on GitHub (Nov 30, 2016): @manasb any update on this? I know you created the wiki page, but is this working? If so, lets close this issue. Thanks!

Rows
Columns

[GH-ISSUE #142] Specific instructions for running Cypht behind a reverse proxy, such as nginx? #120

Try to use this for nginx running as a reverse proxy

Try to use this for nginx serving PHP via FASTCGI

Try to use this for `nginx` running as a reverse proxy

Try to use this for `nginx` serving `PHP` via `FASTCGI`