From febc7c7ca4707816030fe5a9e7952fa34d57f5fa Mon Sep 17 00:00:00 2001 From: "J. King" Date: Sun, 16 May 2021 18:44:42 -0400 Subject: [PATCH] Add configuration for Nginx --- dist/arch/arsse-fetch.service | 2 +- dist/arch/nginx/arsse-fcgi.conf | 12 ++++++++ dist/arch/nginx/arsse-loc.conf | 49 +++++++++++++++++++++++++++++++++ dist/arch/nginx/arsse.conf | 17 ++++++++++++ dist/arch/nginx/sample.conf | 13 +++++++++ 5 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 dist/arch/nginx/arsse-fcgi.conf create mode 100644 dist/arch/nginx/arsse-loc.conf create mode 100644 dist/arch/nginx/arsse.conf create mode 100644 dist/arch/nginx/sample.conf diff --git a/dist/arch/arsse-fetch.service b/dist/arch/arsse-fetch.service index be2d7105..7ee6eb7e 100644 --- a/dist/arch/arsse-fetch.service +++ b/dist/arch/arsse-fetch.service @@ -8,7 +8,7 @@ User=arsse Group=arsse Type=simple WorkingDirectory=/usr/share/webapps/arsse -ExecStart=/usr/bin/env php /usr/share/webapps/arsse/arsse.php daemon +ExecStart=/usr/bin/arsse daemon ProtectProc=invisible NoNewPrivileges=true diff --git a/dist/arch/nginx/arsse-fcgi.conf b/dist/arch/nginx/arsse-fcgi.conf new file mode 100644 index 00000000..eb83097f --- /dev/null +++ b/dist/arch/nginx/arsse-fcgi.conf @@ -0,0 +1,12 @@ +fastcgi_pass_header Authorization; # required if the Arsse is to perform its own HTTP authentication +fastcgi_pass_request_body on; +fastcgi_pass_request_headers on; +fastcgi_intercept_errors off; +fastcgi_buffering off; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param REQUEST_URI $uri; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param HTTPS $https if_not_empty; +fastcgi_param REMOTE_USER $remote_user; diff --git a/dist/arch/nginx/arsse-loc.conf b/dist/arch/nginx/arsse-loc.conf new file mode 100644 index 00000000..d7e3ec78 --- /dev/null +++ b/dist/arch/nginx/arsse-loc.conf @@ -0,0 +1,49 @@ +# Any provided static files +location / { + try_files $uri $uri/ =404; +} + +# Nextcloud News protocol +location /index.php/apps/news/api { + try_files $uri @arsse; + + location ~ ^/index\.php/apps/news/api/?$ { + try_files $uri @arsse_public; + } +} + +# Tiny Tiny RSS protocol +location /tt-rss/api { + try_files $uri @arsse; +} + +# Tiny Tiny RSS feed icons +location /tt-rss/feed-icons/ { + try_files $uri @arsse; +} + +# Tiny Tiny RSS special-feed icons; these are static files +location /tt-rss/images/ { + try_files $uri =404; +} + +# Fever protocol +location /fever/ { + try_files $uri @arsse; +} + +# Miniflux protocol +location /v1/ { + # If put behind HTTP authentication token login will not be possible + try_files $uri @arsse; +} + +# Miniflux version number +location /version { + try_files $uri @arsse_public; +} + +# Miniflux "health check" +location /healthcheck { + try_files $uri @arsse_public; +} diff --git a/dist/arch/nginx/arsse.conf b/dist/arch/nginx/arsse.conf new file mode 100644 index 00000000..5d2234b8 --- /dev/null +++ b/dist/arch/nginx/arsse.conf @@ -0,0 +1,17 @@ +root /usr/share/webapps/arsse/www; # adjust according to your installation path + +location @arsse { + # HTTP authentication may be enabled for this location, though this may impact some features + fastcgi_pass unix:/run/php-fpm/arsse.sock; + fastcgi_param SCRIPT_FILENAME /usr/share/webapps/arsse/arsse.php; + include /etc/webapps/arsse/nginx/arsse-fcgi.conf; +} + +location @arsse_public { + # HTTP authentication should not be enabled for this location + fastcgi_pass unix:/run/php-fpm/arsse.sock; + fastcgi_param SCRIPT_FILENAME /usr/share/webapps/arsse/arsse.php; + include /etc/webapps/arsse/nginx/arsse-fcgi.conf; +} + +include /etc/webapps/arsse/nginx/arsse-loc.conf; diff --git a/dist/arch/nginx/sample.conf b/dist/arch/nginx/sample.conf new file mode 100644 index 00000000..efaecd62 --- /dev/null +++ b/dist/arch/nginx/sample.conf @@ -0,0 +1,13 @@ +server { + server_name news.example.com; + listen 80; + listen [::]:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate /etc/letsencrypt/live/news.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/news.example.com/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/news.example.com/chain.pem; + + include /etc/webapps/arsse/nginx/arsse.conf; +}