Differences

This shows you the differences between two versions of the page.

--- servers:windows:nginx_php_php-cgi [2025/01/07 00:14] – Sean Rhone
+++ servers:windows:nginx_php_php-cgi [2025/11/16 22:55] (current) – [Settings] Sean Rhone
@@ Line 2: / Line 2: @@
   * nginx ((https://nginx.org/en/docs/windows.html))
-  * PHP + PHP-CGI((https://windows.php.net/download/))
+  * PHP + PHP-CGI ((https://windows.php.net/download/))
   * [[Information:Realm of Espionage]]
 ===== Prerequisites =====
-  * [[windows:10|Windows 10]]
+  * [[windows;10|Windows 10 (21H2)]]
 ====== Install ======
@@ Line 14: / Line 14: @@
   * https://nginx.org/en/download.html
-  * Last tested: ''nginx-1.27.3.zip''
+  * Last tested: ''nginx-1.29.3.zip''
-  * Extract to root system drive for ''C:\nginx-1.27.3\nginx.exe''
+  * Extract to root system drive for ''C:\nginx-1.29.3\nginx.exe''
-  CD "%SystemDrive%\nginx-"*"\" && DIR "nginx.exe"
+  "explorer.exe" "%SystemDrive%"
-  CD "%SystemDrive%\nginx-"*"\" && explorer "."
+  CD "%SystemDrive%\nginx-"*"\" && "nginx.exe" -v
-===== PHP-CGI =====
+  CD "%SystemDrive%\nginx-"*"\" && "nginx.exe" -t
-  * https://windows.php.net/download/
+==== confs ====
-  * x64 Non Thread Safe
-  * Last tested: ''php-8.4.2-nts-Win32-vs17-x64.zip''
-  * Extract to root system drive for ''C:\php-8.4.2-nts-Win32-vs17-x64\php-cgi.exe''
+  MKDIR "%SystemDrive%\www\nginx\conf"
-  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && DIR "php-cgi.exe"
+  COPY /Y "%SystemDrive%\nginx-1.29.3\conf\fastcgi_params" "%SystemDrive%\www\nginx\conf"
-  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && explorer "."
+  COPY /Y "%SystemDrive%\nginx-1.29.3\conf\mime.types" "%SystemDrive%\www\nginx\conf"
-  * TODO:
+==== Firewall ====
-<code>SETX "Path" "%SystemDrive%\php-8.4.2-nts-Win32-vs17-x64"</code>
+  DIR "%SystemDrive%\nginx-1.29.3\nginx.exe"
-===== PHP Extensions =====
+  "netsh.exe" advfirewall firewall add rule name="nginx" dir="in" action="allow" profile="any" program="%SystemDrive%\nginx-1.29.3\nginx.exe" protocol="tcp" localport="80,443"
-==== Verify Modules ====
+=== Delete Rule ===
-  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && "php.exe" -m
+****
-  CD "%SystemDrive%\php-"*"-nts-Win32-"*"-x64\" && explorer "."
+  "netsh.exe" advfirewall firewall delete rule name="nginx"
-====== Firewall ======
+===== PHP-CGI =====
-  * 80/tcp is HTTP
+==== 8.5 ====
-  * 443/tcp is HTTPS
-  netsh advfirewall firewall add rule name="nginx HTTP" dir="in" action="allow" protocol="TCP" localport="80"
+  * https://windows.php.net/download/
+  * https://windows.php.net/qa/
+  * x64 Non Thread Safe
+  * Last tested: ''php-8.5.0RC4-nts-Win32-vs17-x64.zip''
-  netsh advfirewall firewall add rule name="nginx HTTPS" dir="in" action="allow" protocol="TCP" localport="443"
+  * Extract to root system drive for ''C:\php-8.5.0RC4-nts-Win32-vs17-x64\php-cgi.exe''
+  * Add to user ''Path''
+  "explorer.exe" "%SystemDrive%"
+  CD "%SystemDrive%\php-8.5."*"-nts-Win32-vs"*"-x64" && "php.exe" -v
+  "SystemPropertiesAdvanced.exe"
+  %SystemDrive%\php-8.5.0RC4-nts-Win32-vs17-x64
 ====== nginx Settings ======
@@ Line 66: / Line 75: @@
   MKDIR "%SystemDrive%\www\nginx\vhosts.d"
-  explorer "%SystemDrive%\www\"
 ===== HTTPS Redirect =====
@@ Line 73: / Line 80: @@
   * This automatically redirects non-HTTPS site links to HTTPS
-  notepad "%SystemDrive%\www\nginx\conf.d\http-redirect.conf"
+  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\http-redirect.conf"
 <code>
 server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    return 301 https://$host$request_uri;
+ listen "80" "default_server";
-}</code>
+ listen "[::]:80" "default_server";
+ return "301" "https://$host$request_uri";
+}
+# End</code>
 ===== Non-existent 404 =====
@@ Line 87: / Line 98: @@
   * This prevents unconfigured subdomains from loading assets from other sites ((if a site/URL doesn't exist, it'll 404))
-  notepad "%SystemDrive%\www\nginx\conf.d\non-existent.conf"
+  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\non-existent.conf"
 <code>
 server {
-    listen "443" "ssl" "default_server";
-    http2 "on";
-    server_name "_";
-    return "404";
+ listen "443" "ssl" "default_server";
-}</code>
+ http2 "on";
+ server_name "_";
+ return "404";
+}
+# End</code>
 ===== Headers =====
@@ Line 102: / Line 117: @@
   * Add to individual site configs as an ''include''
-  notepad "%SystemDrive%\www\nginx\default.d\headers.conf"
+  "notepad.exe" "%SystemDrive%\www\nginx\default.d\headers.conf"
 <code>
-add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
+add_header "Strict-Transport-Security" "max-age=63072000; includeSubdomains; preload" "always";
-add_header X-Content-Type-Options "nosniff" always;
+add_header "X-Content-Type-Options" "nosniff" "always";
-add_header X-Frame-Options "sameorigin" always;
+add_header "X-Frame-Options" "sameorigin" "always";
-add_header X-XSS-Protection "1; mode=block" always;
+add_header "X-XSS-Protection" "1; mode=block" "always";
-add_header Cache-Control "no-store, no-transform, public" always;
+add_header "Cache-Control" "no-store, no-transform, public" "always";
-add_header Referrer-Policy "same-origin" always;
+add_header "Referrer-Policy" "same-origin" "always";
-add_header Expect-CT "max-age=0" always;
+add_header "Expect-CT" "max-age=0" "always";
-add_header Permissions-Policy "geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()" always;</code>
+add_header "Permissions-Policy" "geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()" "always";
+# End</code>
 ===== nginx =====
-  * :!: ''mime.types'' include hard-coded to nginx version path
+  "notepad.exe" "%SystemDrive%\www\nginx\nginx.conf"
-  notepad "%SystemDrive%\www\nginx\nginx.conf"
 <code>
-worker_processes  1;
+worker_processes "1";
 events {
-    worker_connections  1024;
-}
-#error_log  logs/error.log;
+ worker_connections "1024";
-#error_log  logs/error.log  notice;
-#error_log  logs/error.log  info;
+}
 http {
-    # Logging
+ access_log "off";
-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-    #                  '$status $body_bytes_sent "$http_referer" '
-    #                  '"$http_user_agent" "$http_x_forwarded_for"';
-    #access_log  logs/access.log  main;
+ include "C:/www/nginx/conf.d/*.conf";
+ include "C:/www/nginx/vhosts.d/*.conf";
+ include "C:/www/nginx/conf/mime.types";
+ default_type "application/octet-stream";
-    # Includes
+ sendfile "on";
-    include C:/www/nginx/conf.d/*.conf;
+ tcp_nopush "on";
-    include C:/www/nginx/vhosts.d/*.conf;
+ tcp_nodelay "on";
-    include C:/nginx-1.27.3/conf/mime.types;
+ keepalive_timeout "65";
-    default_type application/octet-stream;
+ types_hash_max_size "4096";
+ server_names_hash_bucket_size "64";
-    # Config
+ gzip "on";
-    sendfile on;
+ gzip_vary "on";
-    tcp_nopush on;
+ gzip_proxied "any";
-    tcp_nodelay on;
+ gzip_comp_level "9";
-    keepalive_timeout 65;
+ gzip_types "*";
-    types_hash_max_size 4096;
+ gzip_static "always";
-    server_names_hash_bucket_size 64;
+ gunzip "on";
-    # gzip
+}
-    gzip on;
-    gzip_vary on;
+# End</code>
-    gzip_proxied any;
-    gzip_comp_level 9;
-    gzip_types *;
-}</code>
 ==== CSP Headers ====
@@ Line 166: / Line 176: @@
   * The empty CSP allows all and can be useful for new site bring-ups, and should be placed in site-specific configs underneath the ''include'' line(s)
-<code>    add_header Content-Security-Policy "default-src 'self'" always;</code>
+<code>add_header Content-Security-Policy "default-src 'self'" always;</code>
-<code>    add_header Content-Security-Policy "" always;</code>
+<code>add_header Content-Security-Policy "" always;</code>
 ====== SSL Certs ======
@@ Line 178: / Line 188: @@
 ==== Settings ====
-  notepad "%SystemDrive%\www\nginx\conf.d\ssl.conf"
+  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf"
 <code>
@@ Line 194: / Line 204: @@
 ssl_prefer_server_ciphers "on";
 ssl_ecdh_curve "secp384r1";
-ssl_stapling "on";
-ssl_stapling_verify "on";
-resolver "1.1.1.2" "1.0.0.2" "[2606:4700:4700::1112]" "[2606:4700:4700::1002]" "valid=300s";
-resolver_timeout "5s";
 # End</code>
-====== Batch Files ======
+====== Scripts ======
-  MKDIR "%SystemDrive%\www\scripts"
+  MKDIR "%SystemDrive%\www\scripts\nginx"
-  explorer "%SystemDrive%\www\scripts"
+  "explorer.exe" "%SystemDrive%\www\scripts\nginx"
 ===== Start =====
-  notepad "%SystemDrive%\www\scripts\nginx Start.bat"
+  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Start.bat"
 <code>
+@echo off
 CD "%SystemDrive%\nginx-"*"\"
-"nginx.exe" -c "%SystemDrive%\www\nginx\nginx.conf"</code>
-  "%SystemDrive%\www\scripts\nginx Start.bat"
-==== Autostart ====
+"nginx.exe" -c "%SystemDrive%\www\nginx\nginx.conf"
-  explorer "%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp"
+:: End</code>
-  "%SystemDrive%\www\scripts\nginx Start.bat"
+  "%SystemDrive%\www\scripts\nginx\Start.bat"
-  nginx
 ===== Stop =====
-  notepad "%SystemDrive%\www\scripts\nginx Stop.bat"
+  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Stop.bat"
 <code>
+@echo off
 CD "%SystemDrive%\nginx-"*"\"
-"nginx.exe" -s quit</code>
-  "%SystemDrive%\www\scripts\nginx Stop.bat"
+"nginx.exe" -s "quit"
+:: End</code>
+  "%SystemDrive%\www\scripts\nginx\Stop.bat"
 ===== Reload =====
-  notepad "%SystemDrive%\www\scripts\nginx Reload.bat"
+  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Reload.bat"
 <code>
+@echo off
 CD "%SystemDrive%\nginx-"*"\"
-"nginx.exe" -s reload
-"nginx.exe" -s reopen</code>
-  "%SystemDrive%\www\scripts\nginx Reload.bat"
+"nginx.exe" -s "reload"
+"nginx.exe" -s "reopen"
-====== TODOs ======
+:: End</code>
+  "%SystemDrive%\www\scripts\nginx\Reload.bat"
+====== Shortcuts ======
+===== Autostart =====
+  "explorer.exe" "%AppData%\Microsoft\Windows\Start Menu\Programs\StartUp"
+  "%SystemDrive%\www\scripts\nginx\Start.bat"
+  nginx
 ===== Resources =====
@@ Line 256: / Line 276: @@
   * https://community.letsencrypt.org/t/using-certbot-in-windows-the-pragmatic-way/173929
   * https://www.php.net/manual/en/image.installation.php
+  * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]