Forum: NGINX Piwik conf file

7bf5586e8fe2b84da527e98f2d7dffce?d=identicon&s=25 Paul N. Pace (Guest)
on 2013-08-19 23:54
(Received via mailing list)
I have recently discovered this wonderful includes directive and I am
using it to clean up my server blocks. Doing this has forced me to
evaluate some of my configurations.

I am trying to set up a conf file for Piwik installations and I'm
hoping a second set of of eyes can help:

location /piwik/ {

     location /js/ {
         allow all;
     }

     location ~ /js/.*\.php$ {
         include /etc/nginx/global-configs/php.conf;
     }

    location ~ /piwik.php$ {
         include /etc/nginx/global-configs/php.conf;
     }

    return 301 https://server_name$request_uri?;
}

Piwik seems trickier than other applications because certain
components must be available through HTTP sessions or else browsers
give scary warnings or don't load the tracking code, but I want to
force the Piwik dashboard to open in HTTPS.

Any comments appreciated.

Thanks!


Paul
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2013-08-20 23:44
(Received via mailing list)
On Mon, Aug 19, 2013 at 02:53:36PM -0700, Paul N. Pace wrote:

Hi there,

> I am trying to set up a conf file for Piwik installations and I'm
> hoping a second set of of eyes can help:

In nginx one request is handled in one location. The rules for selecting
the location are at http://nginx.org/r/location

Given that information, the following output...

>     location ~ /piwik.php$ {
>          include /etc/nginx/global-configs/php.conf;
>      }
>
>     return 301 https://server_name$request_uri?;
> }

$ sbin/nginx -t
nginx: [emerg] location "/js/" is outside location "/piwik/" in
/usr/local/nginx/conf/nginx.conf:14
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

should not be a surprise.

Can you list some of the requests that you want to have handled, and
how you want them to be handled? That might help someone who knows nginx
but not piwik to understand what the intention is.

Doing a web search for "site:nginx.org piwik" does seem to point at a
config file, which seems very different from yours.

Searching for "nginx" on the piwik.org web site also refers to an
install document.

Do those documents offer any help to what you are doing?

> Piwik seems trickier than other applications because certain
> components must be available through HTTP sessions or else browsers
> give scary warnings or don't load the tracking code, but I want to
> force the Piwik dashboard to open in HTTPS.

These words don't obviously directly translate to your config file
snippet above. What request is the Piwik dashboard? What request is
certain components?

  f
--
Francis Daly        francis@daoine.org
7bf5586e8fe2b84da527e98f2d7dffce?d=identicon&s=25 Paul N. Pace (Guest)
on 2013-08-21 01:06
(Received via mailing list)
Thank you for your responses!

On Tue, Aug 20, 2013 at 2:44 PM, Francis Daly <francis@daoine.org>
wrote:
> Given that information, the following output...
>>
>
> should not be a surprise.

Yes, I fixed that by changing to /piwik/js/ - is this the right way to
enter it? Here is what the file would read now:

location /piwik/ {

    location /piwik/js/ {
    allow all;
    }

    location ~ /piwik/js/.*\.php$ {
        include /etc/nginx/global-configs/php.conf;
    }

    location ~ /piwik/piwik.php$ {
        include /etc/nginx/global-configs/php.conf;
    }

    return 301 https://www.unpm.org$request_uri?;
}

>
> Can you list some of the requests that you want to have handled, and
> how you want them to be handled? That might help someone who knows nginx
> but not piwik to understand what the intention is.
>
> Doing a web search for "site:nginx.org piwik" does seem to point at a
> config file, which seems very different from yours.

Yes, to be honest, that config is beyond my current understanding of
nginx. I reviewed the GitHub entry on the configuration, and it
included instructions to "Move the old /etc/nginx directory to
/etc/nginx.old" which seems a bit extreme to me and more work to
reconfigure for the other settings on my server, not to mention that
their /etc/nginx.conf file, among others, hasn't been updated in 2
years.

I have the Mastering Nginx book, but I still struggle to decode many
example configurations. I especially struggle with regular
expressions.

> Searching for "nginx" on the piwik.org web site also refers to an
> install document.

The nginx FAQ points to the above GitHub page.

>> Piwik seems trickier than other applications because certain
>> components must be available through HTTP sessions or else browsers
>> give scary warnings or don't load the tracking code, but I want to
>> force the Piwik dashboard to open in HTTPS.
>
> These words don't obviously directly translate to your config file
> snippet above. What request is the Piwik dashboard? What request is
> certain components?

The Piwik dashboard is located in /piwiki/index.php, and that is what
always needs to be served securely.

The tracking code for Piwik is loaded with either /piwik/js/index.php,
/piwik/piwik.php, or the /piwik/js/ directory, depending on various
client or server configurations.

Thank you for you help!
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2013-08-21 20:22
(Received via mailing list)
On Tue, Aug 20, 2013 at 04:05:09PM -0700, Paul N. Pace wrote:
> On Tue, Aug 20, 2013 at 2:44 PM, Francis Daly <francis@daoine.org> wrote:
> > On Mon, Aug 19, 2013 at 02:53:36PM -0700, Paul N. Pace wrote:

Hi there,

> >> I am trying to set up a conf file for Piwik installations and I'm
> >> hoping a second set of of eyes can help:
> >
> > In nginx one request is handled in one location. The rules for selecting
> > the location are at http://nginx.org/r/location

> Yes, I fixed that by changing to /piwik/js/ - is this the right way to
> enter it?

It really depends on what the actual urls that are requested are, and
how you want them to be handled.

In this case, I don't see what the /piwik/js/ location does -- because
it sets a directive to its default value, and you haven't shown it set
to a non-default value anywhere.

> Here is what the file would read now:
>
> location /piwik/ {

I would probably make that one be "location ^~ /piwik/" -- it may not
make a difference, depending on what else is in your config file.

>     location ~ /piwik/js/.*\.php$ {
>         include /etc/nginx/global-configs/php.conf;
>     }
>
>     location ~ /piwik/piwik.php$ {

That one will match the requests /piwik/piwikXphp and
/piwik/Y/piwikXphp,
for any single character X and for any multi-character Y.

It may be that, for the requests you care about, that is exactly the
same as

  location = /piwik/piwik.php

> > Can you list some of the requests that you want to have handled, and
> > how you want them to be handled? That might help someone who knows nginx
> > but not piwik to understand what the intention is.

> always needs to be served securely.
So, in the "http-only" server:

  location = /piwiki/index.php {
    return 301 https://www.unpm.org$request_uri?;
  }

and in the "https" server:

  location = /piwiki/index.php {
    # whatever it should be, probably "include php.conf"
  }

> The tracking code for Piwik is loaded with either /piwik/js/index.php,
> /piwik/piwik.php, or the /piwik/js/ directory, depending on various
> client or server configurations.

/piwik/piwik.php is handled above; everything ending in ".php" in
/piwik/js/ is handled above. Everything else in /piwik/js/ comes from
the filesystem.

Are there specific urls that do not respond the way you expect?

  f
--
Francis Daly        francis@daoine.org
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.