Skip to content

Instantly share code, notes, and snippets.

@rabin-io

rabin-io/fcgi.include.conf

Last active April 1, 2022 06:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save rabin-io/b4908c2e92d4b1dc6db12aead724e0c8 to your computer and use it in GitHub Desktop.
Save rabin-io/b4908c2e92d4b1dc6db12aead724e0c8 to your computer and use it in GitHub Desktop.
Download ZIP
Request Tracker nginx Configuration + systemd service and socket activation units
Raw
fcgi.include.conf
# /opt/rt5/var/nginx/fcgi.include.conf
#fastcgi_pass unix:/run/rt-server.sock;
fastcgi_pass rt_backend;
fastcgi_param SCRIPT_NAME "";
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
Raw
rt-server@.service
# /etc/systemd/system/rt-server@.service
[Unit]
Description=RT Server - %i
After=network.target postgresql.service mysql.service
Wants=postgresql.service mysql.service
[Service]
User=www-data
Group=www-data
StandardOutput = journal
StandardInput = socket
StandardError = journal
ExecStart=/opt/rt5/sbin/rt-server.fcgi
Restart = always
[Install]
WantedBy=multi-user.target
Raw
rt-server@.socket
# /etc/systemd/system/rt-server@.socket
[Unit]
Description=RT Server Listen Socket (%i)
[Socket]
SocketUser=www-data
SocketGroup=www-data
SocketMode=0660
ListenStream=/run/rt-server-%i.sock
Accept=false
[Install]
WantedBy=sockets.target
Raw
rt.conf
# /etc/nginx/sites-enabled/rt.conf
map $scheme $fastcgi_https {
default off;
https on;
}
upstream rt_backend {
server unix:/run/rt-server-1.sock;
server unix:/run/rt-server-2.sock;
server unix:/run/rt-server-3.sock;
server unix:/run/rt-server-4.sock;
}
server {
listen 80;
server_name rt.office.local rt.local;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
server_name rt.office.local rt.local ;
listen 443 default ssl;
#ssl on; # http://stackoverflow.com/questions/8768946/dealing-with-nginx-400-the-plain-http-request-was-sent-to-https-port-error
ssl_certificate /root/.acme.sh/rt.office.local/fullchain.cer;
ssl_certificate_key /root/.acme.sh/rt.office.local/rt.office.local.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
resolver 9.9.9.9;
# The Defualt folder
root /opt/rt5/share/html;
access_log /var/log/nginx/rt-access.log;
error_log /var/log/nginx/rt--error.log;
client_max_body_size 200M;
gzip on;
gzip_min_length 1300;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript application/javascript ;
add_header X-Compression-Ratio "$gzip_ratio";
gzip_disable "MSIE [1-6]\.";
# in case we hard link to the old path (rt/Ticket...), this will redirect to the new one (/Ticket...)
location /rt/ {
#rewrite ^/rt/(.*) https://$server_name/$1 permanent;
rewrite ^/rt/(.*) https://rt.office.local/$1 permanent;
}
location /NoAuth/images/ {
root /opt/rt5;
add_header X-location "NoAuth-images";
try_files
local/html$uri
local/plugins/RT-Extension-JSGantt/html$uri
share/html$uri
@main
;
expires 1M;
}
location ~ /static/(css/)?images/ {
add_header X-location "static-images";
root /opt/rt5/share;
try_files
$uri
local/$uri
#local/RT-Extension-JSGantt/html$uri
share$uri
=442 #@main
;
expires 1M;
}
location /NoAuth/css/ {
add_header X-location "NoAuth-css";
root /opt/rt5/var/nginx/fcgi.storage;
gzip_comp_level 9;
expires 1M;
location ~ squished {
expires max;
}
error_page 404 = @fetch_and_store;
}
location /NoAuth/js/ {
add_header X-location "NoAuth-js";
root /opt/rt5/var/nginx/fcgi.storage;
gzip_comp_level 9;
expires 1M;
location ~ squished {
expires max;
}
error_page 404 = @fetch_and_store;
}
location /NoAuth/RichText/ {
add_header X-location "NoAuth-RichText";
root /opt/rt5/var/nginx/fcgi.storage;
gzip_comp_level 9;
expires 1M;
error_page 404 = @fetch_and_store;
}
# need this to allow mails which are sent only as HTML attachments to render and now show as source.
location ~ ^/Ticket/Attachment/([0-9]+)/([0-9]+)/$
{
add_header X-location 'Ticket Attachment As HTML';
add_header Content-Type text/html;
default_type text/html;
fastcgi_param HTTPS on;
include /opt/rt5/var/nginx/fcgi.include.conf;
}
location / {
# this file was generated by RT nginx plugin
# but it missing the HTTPS directive
fastcgi_param HTTPS on;
include /opt/rt5/var/nginx/fcgi.include.conf;
expires max;
}
location @main {
add_header X-location main/$uri;
# this file was generated by RT nginx plugin
# but it missing the HTTPS directive
fastcgi_param HTTPS on;
include /opt/rt5/var/nginx/fcgi.include.conf;
}
location @fetch_and_store {
add_header X-location fetch_and_store/$uri;
# this file was generated by RT nginx plugin
# but it missing the HTTPS directive
fastcgi_param HTTPS on;
include /opt/rt5/var/nginx/fcgi.include.conf;
root /opt/rt5/var/nginx/fcgi.storage;
fastcgi_store on;
fastcgi_store_access user:rw group:rw all:r;
fastcgi_temp_path /opt/rt5/var/nginx/fcgi.temp;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment