Setting up Fusion Directory on nginx + uwsgi

The following configuration was made on Red Hat Enterprise Linux 7. The end result is FusionDirectory running on nginx with http at http://example.com/. Adding SSL to this config is easy enough (it needs to be done just on nginx side), but not within scope of this guide.

Nginx serves in this configuration only as web proxy to uwsgi, which runs the FD application and communicates with nginx via unix socket at /run/uwsgi/fusiondirectory.sock. Therefore all permissions set to files need to be given to uwsgi user/groups, in this guide uwsgi.

Needed packages

On RHEL 7:

yum install nginx uwsgi uwsgi-plugin-php

Config files

/etc/uwsgi.ini

uwsgi.ini
[uwsgi]
uid = uwsgi
gid = uwsgi
pidfile = /run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
stats = /run/uwsgi/stats.sock
emperor-tyrant = true
cap = setgid,setuid

/etc/uwsgi.d/fusiondirectory.ini

Set date.timezone to your server's timezone. You may also want a different log location than /tmp/.

fusiondirectory.ini
[uwsgi]
plugins = php
 
socket = /run/uwsgi/fusiondirectory.sock
 
chmod-socket = 666
 
procname-master = uwsgi fusiondirectory
master = true
fusiondirectory_data_dir = /var/spool/fusiondirectory
chdir = %(fusiondirectory_data_dir)
logto = /tmp/fusiondirectory_uwsgi_log
 
php-docroot = /var/www/html/fusiondirectory
php-index = index.php
php-allowed-ext = /autocomplete.php
php-allowed-ext = /getbin.php
php-allowed-ext = /geticon.php
php-allowed-ext = /index.php
php-allowed-ext = /main.php
php-allowed-ext = /progress.php
php-allowed-ext = /recovery.php
php-allowed-ext = /setup.php
 
php-set = date.timezone=Europe/Warsaw
php-set = open_basedir=/usr/share:/tmp/:/var/cache/fusiondirectory:/var/spool/fusiondirectory:/etc/fusiondirectory
php-set = session.save_path=/tmp/php_sess
php-set = session.cookie_lifetime=0
php-set = post_max_size=100M
php-set = upload_max_filesize=100M
php-set = engine=1
php-set = register_globals=0
php-set = allow_call_time_pass_reference=0
php-set = expose_php=0
php-set = zend.ze1_compatibility_mode=1
php-set = register_long_arrays=1
php-set = upload_tmp_dir=/var/spool/fusiondirectory
 
processes = 5
cheaper = 1

/etc/fusiondirectory/fusiondirectory.conf

Replace the example values with your LDAP parameters.

fusiondirectory.conf
<?xml version="1.0"?>
<conf>
  <main default="default"
        logging="TRUE"
        displayErrors="FALSE"
        forceSSL="FALSE"
        templateCompileDirectory="/var/spool/fusiondirectory/"
        debugLevel="0">
 
    <location name="default">
        <referral URI="ldap://127.0.0.1:389/dc=example,dc=com"
                        adminDn="cn=admin,dc=example,dc=com"
                        adminPassword="examplePassword" />
    </location>
  </main>
</conf>

/etc/nginx/nginx.conf

Replace the example values.

nginx.conf
user nginx;
worker_processes 1;
worker_rlimit_nofile 1024;

pid        /var/run/nginx.pid;
error_log  /var/log/nginx/error.log;

events {
  worker_connections 1024;
}

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  access_log  /var/log/nginx/access.log;

  sendfile    on;

  server_tokens on;

  types_hash_max_size 1024;
  types_hash_bucket_size 512;

  server_names_hash_bucket_size 64;
  server_names_hash_max_size 512;

  keepalive_timeout  65;
  tcp_nodelay        on;

  gzip         on;
  gzip_disable "MSIE [1-6]\.(?!.*SV1)";

  client_body_temp_path   /var/nginx/client_body_temp;
  client_max_body_size    10m;
  client_body_buffer_size 128k;
  proxy_redirect          off;
  proxy_temp_path         /var/nginx/proxy_temp;
  proxy_connect_timeout   90;
  proxy_send_timeout      90;
  proxy_read_timeout      90;
  proxy_buffers           32 4k;
  proxy_buffer_size       8k;
  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_headers_hash_bucket_size 64;

  server {
  listen *:80;
  server_name           example.com;

  client_max_body_size 10G;

  access_log            /var/log/nginx/example.com.access.log combined;
  error_log             /var/log/nginx/example.com.error.log;

  location / {
    root      /var/www/html/fusiondirectory;
    index     index.php;
  }

  location ~ ^/(.+\.php)(.*)$ {
    include uwsgi_params;
    uwsgi_modifier1 14;
    uwsgi_pass unix:/run/uwsgi/fusiondirectory.sock;
  }
}

File permissions

Make sure uwsgi user has rights to necessary directories:

chown -R uwsgi:uwsgi /var/spool/fusiondirectory /var/cache/fusiondirectory /etc/fusiondirectory

Restart the services

With the new systemd in RHEL7 it would be:

systemctl restart nginx
systemctl restart uwsgi
en/documentation_howto/nginx_rhel7.txt · Last modified: 2017/10/31 10:32 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0