endi.linux.mint51510
endi.linux.mint51510

I'm building a website with a NGINX (443) + APACHE (8080) + VARNISH (80) server and have successfully installed Octobercms on it. But when I visited https://nickgenom.com or https://nickgenom.com/backend, I was actually presented with a white page with the index.php code. Here's how it looks before it reloads: http://prntscr.com/r7ig9i and after reloading http://prntscr.com/r7igq9. Anyone there please help me find a solution. Now (February 25, 2020) you can still see this page.

BennoThommo
BennoThommo

@endi.linux.mint51510 You will need to investigate your hosting setup. The second screenshot is showing raw PHP code which means it is not interpreting it correctly as a PHP script. I cannot tell which hosting software you are using to deliver the PHP code, as both Nginx and Apache are capable of doing it.

endi.linux.mint51510
endi.linux.mint51510

Thank you BennoThommo for your response. Alright I'll try to check according to your advice. But something surprised me from that page. When I add index.php behind the domain name (https://nickgenom.com/index.php), it works fine.

endi.linux.mint51510
endi.linux.mint51510

Hi BennoThommo, I have successfully (on February 27, 2020, at approximately 18:30 WIB) configured my server. After I did a thorough check, I found an error that caused the php page to be raw. This is because I did not change (because I forgot) my Linux distribution and version (centos 7). I found the solution here: https://packagecloud.io/docs#os_distro_version. Now my site is running almost as expected.

This is the current configuration ...

[root@host ~]# netstat -pnltu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address    State       PID/Program name
tcp        0      0 127.0.0.1:46540     0.0.0.0:*          LISTEN      788/varnishd
tcp        0      0 0.0.0.0:111         0.0.0.0:*          LISTEN      1/init
tcp        0      0 0.0.0.0:80          0.0.0.0:*          LISTEN      788/varnishd
tcp        0      0 0.0.0.0:22          0.0.0.0:*          LISTEN      779/sshd
tcp        0      0 127.0.0.1:25        0.0.0.0:*          LISTEN      804/sendmail: accep
tcp        0      0 0.0.0.0:443         0.0.0.0:*          LISTEN      796/nginx: master p
tcp6       0      0 ::1:36389           :::*               LISTEN      788/varnishd
tcp6       0      0 :::3306             :::*               LISTEN      824/mysqld
tcp6       0      0 :::80               :::*               LISTEN      788/varnishd
tcp6       0      0 :::8080             :::*               LISTEN      777/httpd
tcp6       0      0 :::22               :::*               LISTEN      779/sshd
tcp6       0      0 :::443              :::*               LISTEN      796/nginx: master p
udp        0      0 0.0.0.0:111         0.0.0.0:*                      1/init

My octobercms website configuration update is now like this :

[root@host ~]# netstat -pnltu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address     State       PID/Program name
tcp        0      0 0.0.0.0:993         0.0.0.0:*           LISTEN      821/dovecot
tcp        0      0 127.0.0.1:41794     0.0.0.0:*           LISTEN      3046/varnishd
tcp        0      0 0.0.0.0:995         0.0.0.0:*           LISTEN      821/dovecot
tcp        0      0 0.0.0.0:587         0.0.0.0:*           LISTEN      1163/master
tcp        0      0 0.0.0.0:110         0.0.0.0:*           LISTEN      821/dovecot
tcp        0      0 0.0.0.0:143         0.0.0.0:*           LISTEN      821/dovecot
tcp        0      0 0.0.0.0:111         0.0.0.0:*           LISTEN      1/init
tcp        0      0 0.0.0.0:8080        0.0.0.0:*           LISTEN      3046/varnishd
tcp        0      0 0.0.0.0:465         0.0.0.0:*           LISTEN      1163/master
tcp        0      0 0.0.0.0:22          0.0.0.0:*           LISTEN      789/sshd
tcp        0      0 0.0.0.0:25          0.0.0.0:*           LISTEN      1163/master
tcp        0      0 0.0.0.0:443         0.0.0.0:*           LISTEN      3295/nginx: master
tcp6       0      0 :::993              :::*                LISTEN      821/dovecot
tcp6       0      0 :::995              :::*                LISTEN      821/dovecot
tcp6       0      0 ::1:38058           :::*                LISTEN      3046/varnishd
tcp6       0      0 :::3306             :::*                LISTEN      840/mysqld
tcp6       0      0 :::587              :::*                LISTEN      1163/master
tcp6       0      0 :::110              :::*                LISTEN      821/dovecot
tcp6       0      0 :::143              :::*                LISTEN      821/dovecot
tcp6       0      0 :::80               :::*                LISTEN      3302/httpd
tcp6       0      0 :::8080             :::*                LISTEN      3046/varnishd
tcp6       0      0 :::465              :::*                LISTEN      1163/master
tcp6       0      0 :::22               :::*                LISTEN      789/sshd
tcp6       0      0 :::25               :::*                LISTEN      1163/master
tcp6       0      0 :::443              :::*                LISTEN      3295/nginx: master
udp        0      0 0.0.0.0:111         0.0.0.0:*                       1/init

One more thing, I added configuration in /etc/httpd/mydomain.com.conf and in /etc/nginx/conf.d/mywebsite.com.conf I add :

location / {
        try_files $ uri /index.php$is_args$args;
     }

open file in /var/www/nickgenom.com/config and make sure like this :

<?php

return [

    'driver' => env('SESSION_DRIVER', 'file'),

    'lifetime' => 1 * (60 * 24 * 365),  /* cookies will expire on 2021-03-18T16:57:06.147Z*/

    'expire_on_close' => false,

    'encrypt' => false,

    'files' => storage_path('framework/sessions'),

    'connection' => null,

    'table' => 'sessions',

    'lottery' => [2, 100],

    'cookie' => 'your-website_session',

    'path' => '/',

    'domain' => null,

    'http_only' => true,

    'secure' => false,

    'same_site' => null,

];

Last updated

endi.linux.mint51510
endi.linux.mint51510

I feel guilty for not providing the correct configuration for the octobercms community, for that I will publish my actual settings. And I hope you focus on this paragraph only.

in the apache (Apache version : Apache/2.4.6 on CentOS 7.7.1908) file: /etc/httpd/conf/httpd.conf

ServerRoot "/etc/httpd"

Listen 80

Include conf.modules.d/*.conf

User nginx
Group nginx

ServerAdmin mail@mywebsite.com

ServerName mywebsite.com:80

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/mywebsite.com/"

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

<Directory "/var/www/mywebsite.com">

    Options Indexes FollowSymLinks

    AllowOverride None

    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>

    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>

ErrorDocument 404 /404.htm

EnableSendfile on

IncludeOptional conf.d/*.conf

Now we go to the nginx (version: nginx/1.17.8) configuration. in the nginx file : /etc/nginx/conf.d/mywebsite.com.conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name mywebsite.com;
    index       index.php index.html index.htm;
    root        /var/www/mywebsite.com;
    expires 30d;

    location / {
        try_files $uri  /index.php$is_args$args;
        root            /var/www/mywebsite.com;
        proxy_pass      http://mywebsite.com:37089;
        resolver_timeout 60s;
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        # Whitelist
        ## Let October handle if static file not exists
        location ~ ^/favicon\.ico { try_files $uri /index.php; }
        location ~ ^/sitemap\.xml { try_files $uri /index.php; }
        location ~ ^/robots\.txt { try_files $uri /index.php; }
        location ~ ^/humans\.txt { try_files $uri /index.php; }

        ## Let nginx return 404 if static file not exists
        location ~ ^/storage/app/uploads/public { try_files $uri 404; }
        location ~ ^/storage/app/media { try_files $uri 404; }
        location ~ ^/storage/temp/public { try_files $uri 404; }

        location ~ ^/modules/.*/assets { try_files $uri 404; }
        location ~ ^/modules/.*/resources { try_files $uri 404; }
        location ~ ^/modules/.*/behaviors/.*/assets { try_files $uri 404; }
        location ~ ^/modules/.*/behaviors/.*/resources { try_files $uri 404; }
        location ~ ^/modules/.*/widgets/.*/assets { try_files $uri 404; }
        location ~ ^/modules/.*/widgets/.*/resources { try_files $uri 404; }
        location ~ ^/modules/.*/formwidgets/.*/assets { try_files $uri 404; }
        location ~ ^/modules/.*/formwidgets/.*/resources { try_files $uri 404; }
        location ~ ^/modules/.*/reportwidgets/.*/assets { try_files $uri 404; }
        location ~ ^/modules/.*/reportwidgets/.*/resources { try_files $uri 404; }

        location ~ ^/plugins/.*/.*/assets { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/resources { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/behaviors/.*/assets { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/behaviors/.*/resources { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/reportwidgets/.*/assets { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/reportwidgets/.*/resources { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/formwidgets/.*/assets { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/formwidgets/.*/resources { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/widgets/.*/assets { try_files $uri 404; }
        location ~ ^/plugins/.*/.*/widgets/.*/resources { try_files $uri 404; }

        location ~ ^/themes/.*/assets { try_files $uri 404; }
        location ~ ^/themes/.*/resources { try_files $uri 404; }
     }

     location ~ ^/index.php {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

    ssl_certificate /etc/nginx/ssl/mywebsite_com/ssl-bundle.crt;

    ssl_certificate_key /etc/nginx/ssl/mywebsite_com/mywebsite_com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    ssl_dhparam /etc/nginx/ssl/mywebsite_com/dhparam.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security "max-age=63072000" always;

    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_trusted_certificate /etc/nginx/ssl/mywebsite_com/AddTrustExternalCARoot.crt;

    # replace with the IP address of your resolver
    # resolver 127.0.0.1;
    resolver 8.8.8.8 8.8.4.4 77.88.8.88 77.88.8.2 valid=60s;

    # HTTP Response Header Fields
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/x-javascript application/atom+xml application/xml application/xml+rss image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype image/x-icon;
}

Now we go to the varnish (version: varnish-6.4.0) configuration. in the varnish file: /etc/varnish/default.vcl


vcl 4.1;

# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "80";
    .connect_timeout = 600s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
    .max_connections = 300;
}

sub vcl_recv {
    if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
        set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
        set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
        set req.url = regsub(req.url, "\?&", "?");
        set req.url = regsub(req.url, "\?$", "");
    }

    # Strip hash, server doesn't need it.
    if (req.url ~ "\#") {
        set req.url = regsub(req.url, "\#.*$", "");
    }
    set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");

      set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
      set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
      set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
      set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
      set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
      set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");

      set req.http.Cookie = regsuball(req.http.Cookie, "optim.=[^;]+(; )?", "");
      # Remove Gauges Cookies
      set req.http.Cookie = regsuball(req.http.Cookie, "_gau.=[^;]+(; )?", "");

      set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");

      if (req.http.cookie ~ "^\s*$") {
        unset req.http.cookie;
      }

       if (req.restarts == 0) {
        if (req.http.x-forwarded-for) {
          set req.http.X-Forwarded-For =
            req.http.X-Forwarded-For + ", " + client.ip;
          } else {
            set req.http.X-Forwarded-For = client.ip;
          }
      }

      if (req.method != "GET" &&
          req.method != "HEAD" &&
          req.method != "PUT" &&
          req.method != "POST" &&
          req.method != "TRACE" &&
          req.method != "OPTIONS" &&
          req.method != "DELETE") {
            /* Non-RFC2616 or CONNECT which is weird. */
            return (pipe);
       }
       if (req.method != "GET" && req.method != "HEAD") {
            /* We only deal with GET and HEAD by default */
          return (pass);
      }

      if ( (req.http.host ~ "^(?i)mywebsite.com") && req.http.X-Forwarded-Proto !~ "(?i)https") {
      set req.http.x-redir = "https://" + req.http.host + req.url;
      return (synth(750, ""));
    }
     return (hash);

    if (req.http.Accept-Encoding) {
      if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
        # No point in compressing these
        unset req.http.Accept-Encoding;
      } elseif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
      } elseif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
      } else {
        unset req.http.Accept-Encoding;
      }
    }

    if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
        unset req.http.Cookie;
        return (hash);
    }

    return (hash);

    }

sub vcl_synth {
  if (resp.status == 750) {
    set resp.status = 301;
    set resp.http.Location = req.http.x-redir;
    return(deliver);
  }
}

sub vcl_backend_response {
    if (
        beresp.status == 500 ||
        beresp.status == 502 ||
        beresp.status == 503 ||
        beresp.status == 504
    ) {
        return (abandon);
    }

    if(beresp.http.X-Requested-With == "XMLHttpRequest" || bereq.url ~ "nocache") {
        #set beresp.http.Cache-Control = "private, max-age=0, no-cache, no-store";
        #set beresp.http.Expires = "Mon, 01 Jan 2001 00:00:00 GMT";
        #set beresp.http.Pragma = "no-cache";
        set beresp.uncacheable = true;
        return (deliver);
    }

    if (bereq.method == "POST") {
        set beresp.uncacheable = true;
        return (deliver);
    }
    if(beresp.http.X-Logged-In == "False" && bereq.method != "POST") {
        unset beresp.http.Set-Cookie;
    }

    unset beresp.http.etag;

    unset beresp.http.Pragma;
    set beresp.grace = 12h;
    set beresp.ttl = 180s;
    set beresp.http.Expires = "" + (now + beresp.ttl);
    if (bereq.url ~ "\.(ico|jpg|jpeg|gif|png|bmp|webp|tiff|svg|svgz|pdf|mp3|flac|ogg|mid|midi|wav|mp4|webm|mkv|ogv|wmv|eot|otf|woff|ttf|rss|atom|zip|7z|tgz|gz|rar|bz2|tar|exe|doc|docx|xls|xlsx|ppt|pptx|rtf|odt|ods|odp)(\?[a-zA-Z0-9=]+)$") {
        set beresp.http.Cache-Control = "public, max-age=31536000";
    }

    if (bereq.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
        unset beresp.http.set-cookie;
        set beresp.do_stream = true;
    }
    if (beresp.http.Cache-Control !~ "max-age" || beresp.http.Cache-Control ~ "max-age=0" || beresp.ttl < 180s) {
        set beresp.http.Cache-Control = "public, max-age=180, stale-while-revalidate=360, stale-if-error=43200";
    }

    return (deliver);

    set beresp.ttl = 10s;
    set beresp.grace = 1h;
}

sub vcl_deliver {
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
        set resp.http.X-Cache-Hits = obj.hits;
    } else {
        set resp.http.X-Cache = "MISS";
    }

    return (deliver);
}

Also add in the file /etc/nginx/nginx.conf under the line http {

    upstream backend {
        least_conn;
       # port 37089 of varnishd 
        server mywebsite.com:37089 weight=5;
        server 192.0.0.1 backup;
        zone backend 32k;
    }

    upstream dns_servers {
       # for nginx on port 443
        server x.x.x.x:443;
        server x.x.x.x:443;
    }

I think that's enough to build a powerful (http://prntscr.com/rhzixb) and super-fast ( http://prntscr.com/rhzh6j , last update http://prntscr.com/rihzwk) website server. But I admit that it is rather disobeying EU Cookie Law. I am still learning and I still need the guidance of the experts at octobercms ( screenshoot on Wappalyzer: http://prntscr.com/ri7081 screenshoot on Lighthouse http://prntscr.com/riy7r2 ). If there is any suggestion I accept.

Last updated

1-5 of 5