Wiki/Nginx

From neuromatch

Up to: Wiki

Process

Switching Domains

from neuromatch.io to neuromatch social:

  • swap domains in config
  • comment out the http redirect server block and the cert part of the https block
  • temporarily switch the `listen[::]:443` and `listen 443` for `listen[::]:80` and `listen 80`
  • run certbot `sudo certbot --nginx -d wiki.neuromatch.social` which should switch the `80`'s back to `443` and create a new http block
  • copy paste the redirect block and old cert info to redirect http and https from old domain to new domain

that's probably a pretty janky way to do it, but basically the only thing that's different from just ctrl+f'ing the domain name is the need to issue a new cert, and to issue the cert you need to have just a server block listening on `80` and certbot can take it from there. then redirecting is just "hey did you try to go here actually go over there." There are other auth mechanisms certbot can do but that's the easiest way do use the default one that i know of

Config

server {
    server_name wiki.neuromatch.social;

    root /var/www/html/mediawiki;
    index index.php;

    error_log /var/log/nginx/mediawiki.error;
    access_log /var/log/nginx/mediawiki.access;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php;
    }

    location ^~ /maintenance/ {
        return 403;
    }


    location ~ /\.ht {
        deny all;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        include snippets/fastcgi-php.conf;
    }

    location /rest.php {
        try_files $uri $uri/ /rest.php?$args;
    }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/wiki.neuromatch.social/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/wiki.neuromatch.social/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


# ---------------------------------
# redirect http -> https
# ---------------------------------

server {
    if ($host = wiki.neuromatch.social) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name wiki.neuromatch.social;

    listen 80;
    listen [::]:80;
    return 404; # managed by Certbot

}

# ---------------------------------
# ---------------------------------
# ---------------------------------
# redirects from olde wiki domain
# ---------------------------------
# ---------------------------------
# ---------------------------------

server {
    if ($host = wiki.neuromatch.io) {
        return 301 https://wiki.neuromatch.social$request_uri;
    }

    server_name wiki.neuromatch.io;

    listen 80;
    return 404;

}

server {
    if ($host = wiki.neuromatch.io) {
        return https://wiki.neuromatch.social$request_uri;
    }

    server_name wiki.neuromatch.io;
    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/wiki.neuromatch.io/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/wiki.neuromatch.io/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Log Rotation

See Logging

in /etc/logrotate.d/nginx

/var/log/nginx/mediawiki* {
  rotate 50
  size 100M
  dateext
  dateformat -%Y-%m-%d
  missingok
  compress
  sharedscripts
  postrotate
        [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
  endscript
}