Making the Dreamhost Nginx Install More Standard

Making the Dreamhost Nginx Install More Standard

Dreamhost maintains a custom Nginx package that is installed on all of its VPS servers.  The package contains a number of modifications that make it easier for Dreamhost to configure Nginx from a central location.  In addition, the Dreamhost package contains a significantly more recent version of Nginx (1.4 at the moment) compared to what is available in Ubuntu 12 LTS (1.1.4 at the moment).

You can easily modify the Dreamhost configuration files to make Nginx act more like a standard Nginx install.

Find the following line in the /dh/nginx/servers/<<server>>/nginx.conf

include /dh/nginx/etc/config.d/*;

Replace it with the following:

include /etc/nginx/config.d/*;
include /etc/nginx/sites-enabled/*;

You can then create a /etc/nginx/sites-available and /etc/nginx/sites-enabled directories.  Place your vhosts file in the sites-available directory and symlink them to sites-enabled when you want to turn them on.

For reference, this is Dreamhosts default vhost file:

# Vhosts:
 
server {
 listen &lt;&lt;server_ip&gt;&gt;:80;
 
 server_name &lt;&lt;domains_to_host&gt;&gt;;
 
 access_log /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/access.log combined;
 error_log /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/error.log error;
 
 root /home/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;;
 
 # Mitigation for CVE-2013-4547
 if ($request_uri ~ " ") {
 return 444;
 }
 
 index index.html index.htm index.php index.php5;
 include /home/&lt;&lt;username&gt;&gt;/nginx/&lt;&lt;domain&gt;&gt;/*;
 
 # No mirrors - using strict redirects
 if ($http_host != &lt;&lt;domain&gt;&gt;) {
 rewrite ^(.*)$ http://&lt;&lt;domain&gt;&gt;$1 permanent;
 }
 
 autoindex on;
 
 # Disallow access to config / VCS data
 location ~* /\.(ht|svn) {
 deny all;
 }
 
 # Statistics
 location /stats/ {
 alias /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/html/;
 auth_basic "Statistics Area";
 auth_basic_user_file /home/_domain_logs/&lt;&lt;username&gt;&gt;/&lt;&lt;domain&gt;&gt;/http/html/.htpa$
 }
 
 location /doc/analog/ {
 alias /usr/share/analog/;
 }
 
 # PHPMyAdmin
 rewrite ^/dh_phpmyadmin/([^/]*)/(.*)$ /dh_phpmyadmin/$2;
 
 location /dh_phpmyadmin/ {
 alias /dh/web/phpmyadmin/;
 }
 
 location ~ /dh_phpmyadmin/(.+)\.php {
 alias /dh/web/phpmyadmin/;
 fastcgi_param SERVER_PORT 80;
 fastcgi_split_path_info ^(.+\.php)(/.*)$;
 include /dh/nginx/etc/fastcgi_params;
 set $relpath "index.php";
 if ($uri ~ ^/dh_phpmyadmin/(.+)$) {
 set $relpath $1;
 }
 fastcgi_param SCRIPT_FILENAME /dh/web/phpmyadmin/$relpath;
 fastcgi_pass unix:/home/&lt;&lt;username&gt;&gt;/.php.sock;
 }
 
 # PHP
 location ~* \.(php|php5|php4)($|/) {
 fastcgi_param SERVER_PORT 80;
 fastcgi_split_path_info ^(.+\.(?:php|php5|php4))(/.*)$;
 if (!-e $document_root$fastcgi_script_name) {
 return 404;
 }
 include /dh/nginx/etc/fastcgi_params;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_pass unix:/home/&lt;&lt;username&gt;&gt;/.php.sock;
 #pragma php_launch &lt;&lt;username&gt;&gt;
 }
 
}

 Starting PHP FastCGI

Dreamhost uses a custom script to instantiate the PHP-Fastcgi instances for each user.  If you do the above customizations, the Dreamhost method will no longer work.

To overcome this, you will need to install spawn-fcgi and follow the instructions here:

https://www.linode.com/docs/websites/nginx/nginx-and-phpfastcgi-on-ubuntu-12-04-lts-precise-pangolin

You will need to coordinate the PHP user and the Nginx web user so that they can read each other’s files.  Personally, I only want a single web server user www-data.  You will need to adjust the Nginx.conf accordingly.


Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *