RoE | Wiki

User Tools

Site Tools

Trace:
servers:windows:nginx_php_php-cgi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:windows:nginx_php_php-cgi [2025/03/14 19:48] – PHP 8.4.5 Sean Rhoneservers:windows:nginx_php_php-cgi [2025/11/16 22:55] (current) – [Settings] Sean Rhone
Line 7: Line 7:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[windows;11_ltsc|Windows 11 (24H2)]]+  * [[windows;10|Windows 10 (21H2)]]
  
 ====== Install ====== ====== Install ======
Line 14: Line 14:
  
   * https://nginx.org/en/download.html   * https://nginx.org/en/download.html
-  * Last tested: ''nginx-1.27.4.zip''+  * Last tested: ''nginx-1.29.3.zip''
  
-  * Extract to root system drive for ''C:\nginx-1.27.4\nginx.exe''+  * Extract to root system drive for ''C:\nginx-1.29.3\nginx.exe''
  
-  explorer "%SystemDrive%"+  "explorer.exe" "%SystemDrive%"
  
   CD "%SystemDrive%\nginx-"*"\" && "nginx.exe" -v   CD "%SystemDrive%\nginx-"*"\" && "nginx.exe" -v
 +
 +  CD "%SystemDrive%\nginx-"*"\" && "nginx.exe" -t
 +
 +==== confs ====
 +
 +  MKDIR "%SystemDrive%\www\nginx\conf"
 +
 +  COPY /Y "%SystemDrive%\nginx-1.29.3\conf\fastcgi_params" "%SystemDrive%\www\nginx\conf"
 +
 +  COPY /Y "%SystemDrive%\nginx-1.29.3\conf\mime.types" "%SystemDrive%\www\nginx\conf"
 +
 +==== Firewall ====
 +
 +  DIR "%SystemDrive%\nginx-1.29.3\nginx.exe"
 +
 +  "netsh.exe" advfirewall firewall add rule name="nginx" dir="in" action="allow" profile="any" program="%SystemDrive%\nginx-1.29.3\nginx.exe" protocol="tcp" localport="80,443"
 +
 +=== Delete Rule ===
 +
 +****
 +
 +  "netsh.exe" advfirewall firewall delete rule name="nginx"
  
 ===== PHP-CGI ===== ===== PHP-CGI =====
  
-==== 8.====+==== 8.====
  
   * https://windows.php.net/download/   * https://windows.php.net/download/
 +  * https://windows.php.net/qa/
   * x64 Non Thread Safe   * x64 Non Thread Safe
-  * Last tested: ''php-8.4.5-nts-Win32-vs17-x64.zip''+  * Last tested: ''php-8.5.0RC4-nts-Win32-vs17-x64.zip''
  
-  * Extract to root system drive for ''C:\php-8.4.5-nts-Win32-vs17-x64\php-cgi.exe''+  * Extract to root system drive for ''C:\php-8.5.0RC4-nts-Win32-vs17-x64\php-cgi.exe''
   * Add to user ''Path''   * Add to user ''Path''
  
-  explorer "%SystemDrive%"+  "explorer.exe" "%SystemDrive%"
  
-  CD "%SystemDrive%\php-8.4"*"-nts-Win32-"*"-x64\" && "php.exe" -v+  CD "%SystemDrive%\php-8.5."*"-nts-Win32-vs"*"-x64" && "php.exe" -v
  
   "SystemPropertiesAdvanced.exe"   "SystemPropertiesAdvanced.exe"
  
-  C:\php-8.4.5-nts-Win32-vs17-x64 +  %SystemDrive%\php-8.5.0RC4-nts-Win32-vs17-x64
- +
-====== Firewall ====== +
- +
-  * 80/tcp is HTTP +
-  * 443/tcp is HTTPS +
- +
-  netsh advfirewall firewall add rule name="nginx HTTP" dir="in" action="allow" protocol="TCP" localport="80" +
- +
-  netsh advfirewall firewall add rule name="nginx HTTPS" dir="in" action="allow" protocol="TCP" localport="443"+
  
 ====== nginx Settings ====== ====== nginx Settings ======
Line 61: Line 75:
  
   MKDIR "%SystemDrive%\www\nginx\vhosts.d"   MKDIR "%SystemDrive%\www\nginx\vhosts.d"
- 
-  explorer "%SystemDrive%\www" 
  
 ===== HTTPS Redirect ===== ===== HTTPS Redirect =====
Line 68: Line 80:
   * This automatically redirects non-HTTPS site links to HTTPS   * This automatically redirects non-HTTPS site links to HTTPS
  
-  notepad "%SystemDrive%\www\nginx\conf.d\http-redirect.conf"+  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\http-redirect.conf"
  
 <code> <code>
 server { server {
-    listen 80 default_server; 
-    listen [::]:80 default_server; 
  
-    return 301 https://$host$request_uri;+ listen "80" "default_server"; 
 + listen "[::]:80" "default_server"; 
 + 
 + return "301" "https://$host$request_uri"; 
 } }
  
Line 84: Line 98:
   * This prevents unconfigured subdomains from loading assets from other sites ((if a site/URL doesn't exist, it'll 404))   * This prevents unconfigured subdomains from loading assets from other sites ((if a site/URL doesn't exist, it'll 404))
  
-  notepad "%SystemDrive%\www\nginx\conf.d\non-existent.conf"+  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\non-existent.conf"
  
 <code> <code>
 server { server {
-    listen "443" "ssl" "default_server"; 
-    http2 "on"; 
-    server_name "_"; 
  
-    return "404";+ listen "443" "ssl" "default_server"; 
 + http2 "on"; 
 + server_name "_"; 
 + 
 + return "404"; 
 } }
  
Line 101: Line 117:
   * Add to individual site configs as an ''include''   * Add to individual site configs as an ''include''
  
-  notepad "%SystemDrive%\www\nginx\default.d\headers.conf"+  "notepad.exe" "%SystemDrive%\www\nginx\default.d\headers.conf"
  
 <code> <code>
-add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always; +add_header "Strict-Transport-Security"max-age=63072000; includeSubdomains; preload"always"
-add_header X-Content-Type-Options "nosniff" always; +add_header "X-Content-Type-Options"nosniff"always"
-add_header X-Frame-Options "sameorigin" always; +add_header "X-Frame-Options"sameorigin"always"
-add_header X-XSS-Protection "1; mode=block" always; +add_header "X-XSS-Protection"1; mode=block"always"
-add_header Cache-Control "no-store, no-transform, public" always; +add_header "Cache-Control"no-store, no-transform, public"always"
-add_header Referrer-Policy "same-origin" always; +add_header "Referrer-Policy"same-origin"always"
-add_header Expect-CT "max-age=0" always; +add_header "Expect-CT"max-age=0"always"
-add_header Permissions-Policy "geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()" always;+add_header "Permissions-Policy"geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()"always";
  
 # End</code> # End</code>
Line 117: Line 133:
 ===== nginx ===== ===== nginx =====
  
-  * :!: ''mime.types'' include hard-coded to nginx version path +  "notepad.exe" "%SystemDrive%\www\nginx\nginx.conf"
-  * TODO: Copy all hard-coded files to ''www'' instead +
- +
-  notepad "%SystemDrive%\www\nginx\nginx.conf"+
  
 <code> <code>
-worker_processes  1;+worker_processes "1";
  
 events { events {
-    worker_connections  1024; 
-} 
  
-#error_log  logs/error.log+ worker_connections "1024"
-#error_log  logs/error.log  notice; + 
-#error_log  logs/error.log  info;+}
  
 http { http {
  
-    # Logging + access_log "off";
-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request"+
-    #                  '$status $body_bytes_sent "$http_referer"+
-    #                  '"$http_user_agent" "$http_x_forwarded_for"';+
  
-    #access_log  logs/access.log  main;+ include "C:/www/nginx/conf.d/*.conf"; 
 + include "C:/www/nginx/vhosts.d/*.conf"; 
 + include "C:/www/nginx/conf/mime.types"; 
 + default_type "application/octet-stream";
  
-    # Includes + sendfile "on"; 
-    include C:/www/nginx/conf.d/*.conf+ tcp_nopush "on"; 
-    include C:/www/nginx/vhosts.d/*.conf+ tcp_nodelay "on"
-    include C:/nginx-1.27.4/conf/mime.types+ keepalive_timeout "65"
-    default_type application/octet-stream;+ types_hash_max_size "4096"
 + server_names_hash_bucket_size "64";
  
-    # Config + gzip "on"
-    sendfile on; + gzip_vary "on"
-    tcp_nopush on; + gzip_proxied "any"
-    tcp_nodelay on+ gzip_comp_level "9"
-    keepalive_timeout 65+ gzip_types "*"
-    types_hash_max_size 4096+ gzip_static "always"; 
-    server_names_hash_bucket_size 64;+ gunzip "on";
  
-    # gzip +} 
-    gzip on; + 
-    gzip_vary on; +# End</code>
-    gzip_proxied any; +
-    gzip_comp_level 9; +
-    gzip_types *; +
-}</code>+
  
 ==== CSP Headers ==== ==== CSP Headers ====
Line 168: Line 176:
   * The empty CSP allows all and can be useful for new site bring-ups, and should be placed in site-specific configs underneath the ''include'' line(s)   * The empty CSP allows all and can be useful for new site bring-ups, and should be placed in site-specific configs underneath the ''include'' line(s)
  
-<code>    add_header Content-Security-Policy "default-src 'self'" always;</code>+<code>add_header Content-Security-Policy "default-src 'self'" always;</code>
  
-<code>    add_header Content-Security-Policy "" always;</code>+<code>add_header Content-Security-Policy "" always;</code>
  
 ====== SSL Certs ====== ====== SSL Certs ======
Line 180: Line 188:
 ==== Settings ==== ==== Settings ====
  
-  notepad "%SystemDrive%\www\nginx\conf.d\ssl.conf"+  "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf"
  
 <code> <code>
Line 196: Line 204:
 ssl_prefer_server_ciphers "on"; ssl_prefer_server_ciphers "on";
 ssl_ecdh_curve "secp384r1"; ssl_ecdh_curve "secp384r1";
- 
-ssl_stapling "on"; 
-ssl_stapling_verify "on"; 
-resolver "1.1.1.2" "1.0.0.2" "[2606:4700:4700::1112]" "[2606:4700:4700::1002]" "valid=300s"; 
-resolver_timeout "5s"; 
  
 # End</code> # End</code>
Line 208: Line 211:
   MKDIR "%SystemDrive%\www\scripts\nginx"   MKDIR "%SystemDrive%\www\scripts\nginx"
  
-  explorer "%SystemDrive%\www\scripts\nginx"+  "explorer.exe" "%SystemDrive%\www\scripts\nginx"
  
 ===== Start ===== ===== Start =====
  
-  notepad "%SystemDrive%\www\scripts\nginx\Start.bat"+  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Start.bat"
  
 <code> <code>
 +@echo off
 +
 CD "%SystemDrive%\nginx-"*"\" CD "%SystemDrive%\nginx-"*"\"
 +
 "nginx.exe" -c "%SystemDrive%\www\nginx\nginx.conf" "nginx.exe" -c "%SystemDrive%\www\nginx\nginx.conf"
  
 :: End</code> :: End</code>
- 
-==== Autostart ==== 
- 
-  explorer "%AppData%\Microsoft\Windows\Start Menu\Programs\StartUp" 
  
   "%SystemDrive%\www\scripts\nginx\Start.bat"   "%SystemDrive%\www\scripts\nginx\Start.bat"
- 
-  nginx 
  
 ===== Stop ===== ===== Stop =====
  
-  notepad "%SystemDrive%\www\scripts\nginx\Stop.bat"+  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Stop.bat"
  
 <code> <code>
 +@echo off
 +
 CD "%SystemDrive%\nginx-"*"\" CD "%SystemDrive%\nginx-"*"\"
-"nginx.exe" -s quit+ 
 +"nginx.exe" -s "quit"
  
 :: End</code> :: End</code>
 +
 +  "%SystemDrive%\www\scripts\nginx\Stop.bat"
  
 ===== Reload ===== ===== Reload =====
  
-  notepad "%SystemDrive%\www\scripts\nginx\Reload.bat"+  "notepad.exe" "%SystemDrive%\www\scripts\nginx\Reload.bat"
  
 <code> <code>
 +@echo off
 +
 CD "%SystemDrive%\nginx-"*"\" CD "%SystemDrive%\nginx-"*"\"
-"nginx.exe" -s reload + 
-"nginx.exe" -s reopen+"nginx.exe" -s "reload" 
 +"nginx.exe" -s "reopen"
  
 :: End</code> :: End</code>
  
-====== TODOs ======+  "%SystemDrive%\www\scripts\nginx\Reload.bat" 
 + 
 +====== Shortcuts ====== 
 + 
 +===== Autostart ===== 
 + 
 +  "explorer.exe" "%AppData%\Microsoft\Windows\Start Menu\Programs\StartUp" 
 + 
 +  "%SystemDrive%\www\scripts\nginx\Start.bat" 
 + 
 +  nginx
  
 ===== Resources ===== ===== Resources =====
Line 258: Line 276:
   * https://community.letsencrypt.org/t/using-certbot-in-windows-the-pragmatic-way/173929   * https://community.letsencrypt.org/t/using-certbot-in-windows-the-pragmatic-way/173929
   * https://www.php.net/manual/en/image.installation.php   * https://www.php.net/manual/en/image.installation.php
 +  * [[https://www.ssllabs.com/ssltest/analyze.html?d=wiki.realmofespionage.xyz|Qualys SSL Test]]
  
C:/www/wiki/data/attic/servers/windows/nginx_php_php-cgi.1741996124.txt.gz · Last modified: by Sean Rhone
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki