RoE | Wiki

User Tools

Site Tools

Trace: freenginx_php_php-fpm
servers:bsd:freenginx_php_php-fpm

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:bsd:freenginx_php_php-fpm [2025/08/28 22:17] – removed Sean Rhoneservers:bsd:freenginx_php_php-fpm [2025/10/30 23:42] (current) Sean Rhone
Line 1: Line 1:
 +====== Information ======
 +
 +  * freenginx ((https://freenginx.org/))
 +  * PHP-FPM
 +  * [[Information:Realm of Espionage]]
 +
 +===== Prerequisites =====
 +
 +  * [[bsd:server:freebsd_15.0|FreeBSD 15.0]]
 +
 +====== Dependencies ======
 +
 +  su -
 +
 +  pkg install freenginx-devel php85
 +
 +===== PHP Modules =====
 +
 +****
 +
 +  php -m
 +
 +====== Services ======
 +
 +===== Enable =====
 +
 +  su -
 +
 +  sysrc nginx_enable="YES"
 +
 +  sysrc php_fpm_enable="YES"
 +
 +====== Config Defaults ======
 +
 +===== Backup =====
 +
 +  su -
 +
 +  mv -v '/usr/local/etc/freenginx/nginx.conf' '/usr/local/etc/freenginx/nginx.conf~'
 +
 +  mv -v '/usr/local/etc/php-fpm.d/www.conf' '/usr/local/etc/php-fpm.d/www.conf~'
 +
 +====== nginx Settings ======
 +
 +===== Defaults =====
 +
 +  su -
 +
 +  mkdir -p -m '0644' '/usr/local/etc/freenginx/conf.d' '/usr/local/etc/freenginx/default.d' '/usr/local/etc/freenginx/vhosts.d'
 +
 +===== HTTPS Redirect =====
 +
 +  * This automatically redirects non-HTTPS site links to HTTPS
 +
 +  su -
 +
 +  ee '/usr/local/etc/freenginx/conf.d/http-redirect.conf'
 +
 +<code>
 +server {
 +    listen 80 default_server;
 +    listen [::]:80 default_server;
 +
 +    return 301 https://$host$request_uri;
 +}
 +
 +# End</code>
 +
 +===== Non-existent 404 =====
 +
 +  * This prevents unconfigured subdomains from loading assets from other sites ((if a site/URL doesn't exist, it'll 404))
 +
 +  su -
 +
 +  ee '/usr/local/etc/freenginx/conf.d/non-existent.conf'
 +
 +<code>
 +server {
 +    listen 443 ssl default_server;
 +    http2 on;
 +    server_name _;
 +
 +    return 404;
 +}
 +
 +# End</code>
 +
 +===== Headers =====
 +
 +  su -
 +
 +  ee '/usr/local/etc/freenginx/default.d/headers.conf'
 +
 +<code>
 +add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
 +add_header X-Content-Type-Options "nosniff" always;
 +add_header X-Frame-Options "sameorigin" always;
 +add_header X-XSS-Protection "1; mode=block" always;
 +add_header Cache-Control "no-store, no-transform, public" always;
 +add_header Referrer-Policy "same-origin" always;
 +add_header Expect-CT "max-age=0" always;
 +add_header Permissions-Policy "geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()" always;
 +
 +# End</code>
 +
 +===== nginx =====
 +
 +  su -
 +
 +  ee '/usr/local/etc/freenginx/nginx.conf'
 +
 +<code>
 +worker_processes 1;
 +#error_log  /var/log/nginx/error.log;
 +
 +events {
 +    worker_connections 1024;
 +}
 +
 +http {
 +
 +    # Logging
 +    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 +    #                  '$status $body_bytes_sent "$http_referer" '
 +    #                  '"$http_user_agent" "$http_x_forwarded_for"';
 +
 +    #access_log  logs/access.log  main;
 +
 +    # Includes
 +    include /usr/local/etc/freenginx/conf.d/*.conf;
 +    include /usr/local/etc/freenginx/vhosts.d/*.conf;
 +    include /usr/local/etc/freenginx/mime.types;
 +    default_type application/octet-stream;
 +
 +    # Config
 +    sendfile on;
 +    tcp_nopush on;
 +    tcp_nodelay on;
 +    keepalive_timeout 65;
 +    types_hash_max_size 4096;
 +
 +    # gzip
 +    gzip on;
 +    gzip_vary on;
 +    gzip_proxied any;
 +    gzip_comp_level 9;
 +    gzip_types *;
 +}
 +
 +# End</code>
 +
 +====== SSL Certs ======
 +
 +===== Let's Encrypt =====
 +
 +  * See [[servers:bsd:nginx:lets_encrypt|Let's Encrypt/Certbot]] for further set-up
 +
 +  su -
 +
 +  ee '/usr/local/etc/freenginx/conf.d/ssl.conf'
 +
 +<code>
 +ssl_certificate '/usr/local/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
 +ssl_trusted_certificate '/usr/local/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
 +ssl_certificate_key '/usr/local/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem';
 +
 +ssl_session_timeout '10m';
 +ssl_session_cache 'shared:SSL:10m';
 +ssl_session_tickets 'off';
 +ssl_buffer_size '4k';
 +
 +ssl_protocols 'TLSv1.2' 'TLSv1.3';
 +ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM';
 +ssl_prefer_server_ciphers 'on';
 +ssl_ecdh_curve 'secp384r1';
 +
 +# End</code>
 +
 +====== Resources ======
 +
 +===== Original confs =====
 +
 +  ee '/usr/local/etc/freenginx/nginx.conf~'
 +
 +  ee '/usr/local/etc/php-fpm.d/www.conf~'
  
/srv/www/wiki/data/attic/servers/bsd/freenginx_php_php-fpm.1756433835.txt.gz · Last modified: by Sean Rhone
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki