Add configuration for Nginx

dist/arch/arsse-fetch.service

@@ -8,7 +8,7 @@ User=arsse
 Group=arsse
 Type=simple
 WorkingDirectory=/usr/share/webapps/arsse
-ExecStart=/usr/bin/env php /usr/share/webapps/arsse/arsse.php daemon
+ExecStart=/usr/bin/arsse daemon
 
 ProtectProc=invisible
 NoNewPrivileges=true

dist/arch/nginx/arsse-fcgi.conf

@@ -0,0 +1,12 @@
+fastcgi_pass_header Authorization; # required if the Arsse is to perform its own HTTP authentication
+fastcgi_pass_request_body on;
+fastcgi_pass_request_headers on;
+fastcgi_intercept_errors off;
+fastcgi_buffering off;
+fastcgi_param REQUEST_METHOD  $request_method;
+fastcgi_param CONTENT_TYPE    $content_type;
+fastcgi_param CONTENT_LENGTH  $content_length;
+fastcgi_param REQUEST_URI     $uri;
+fastcgi_param QUERY_STRING    $query_string;
+fastcgi_param HTTPS           $https if_not_empty;
+fastcgi_param REMOTE_USER     $remote_user;

dist/arch/nginx/arsse-loc.conf

@@ -0,0 +1,49 @@
+# Any provided static files
+location / {
+    try_files $uri $uri/ =404;
+}
+
+# Nextcloud News protocol
+location /index.php/apps/news/api {
+    try_files $uri @arsse;
+
+    location ~ ^/index\.php/apps/news/api/?$ {
+        try_files $uri @arsse_public;
+    }
+}
+
+# Tiny Tiny RSS protocol
+location /tt-rss/api {
+    try_files $uri @arsse;
+}
+
+# Tiny Tiny RSS feed icons
+location /tt-rss/feed-icons/ {
+    try_files $uri @arsse;
+}
+
+# Tiny Tiny RSS special-feed icons; these are static files
+location /tt-rss/images/ {
+    try_files $uri =404;
+}
+
+# Fever protocol
+location /fever/ {
+    try_files $uri @arsse;
+}
+
+# Miniflux protocol
+location /v1/ {
+    # If put behind HTTP authentication token login will not be possible
+    try_files $uri @arsse;
+}
+
+# Miniflux version number
+location /version {
+    try_files $uri @arsse_public;
+}
+
+# Miniflux "health check"
+location /healthcheck {
+    try_files $uri @arsse_public;
+}

dist/arch/nginx/arsse.conf

@@ -0,0 +1,17 @@
+root /usr/share/webapps/arsse/www; # adjust according to your installation path
+
+location @arsse {
+    # HTTP authentication may be enabled for this location, though this may impact some features
+    fastcgi_pass unix:/run/php-fpm/arsse.sock;
+    fastcgi_param SCRIPT_FILENAME /usr/share/webapps/arsse/arsse.php;
+    include /etc/webapps/arsse/nginx/arsse-fcgi.conf;
+}
+
+location @arsse_public {
+    # HTTP authentication should not be enabled for this location
+    fastcgi_pass unix:/run/php-fpm/arsse.sock;
+    fastcgi_param SCRIPT_FILENAME /usr/share/webapps/arsse/arsse.php;
+    include /etc/webapps/arsse/nginx/arsse-fcgi.conf;
+}
+
+include /etc/webapps/arsse/nginx/arsse-loc.conf;

dist/arch/nginx/sample.conf

@@ -0,0 +1,13 @@
+server {
+    server_name news.example.com;
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate /etc/letsencrypt/live/news.example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/news.example.com/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/news.example.com/chain.pem;
+
+    include /etc/webapps/arsse/nginx/arsse.conf;
+}