Page not found – ShopingServer Wiki

Nginx Redirect Mobile / Smart Phone Traffic To Mobile Version Of the Web Site

msrxp — Sat, 06 Jan 2018 10:08:23 +0000

I am a new nginx user and I would like to redirect all mobile / smart phone users from www.example.com to m.example.com domain. How do I detect a mobile phone browser in nginx?

How do I redirect all mobile users to sub-domain using regex based rules?

And How can I automatically redirects visitors on mobile devices to its mobile version at http://m.example.com/ and also allow mobile devices to the desktop website at www.example.com if visiting via http://www.example.com/?desktop=true?

You can easily redirect all mobile users using nginx as follows:

m.example.com – Mobile domain name. Make sure app is configured to display same page as served on www.example.com

All desktop clients need to use www.example.com. However, m.example.com i.e. all mobile phone user can browser desktop version if visiting via www.example.com/?desktop=true

Make sure line Disallow: /*? added to /robots.txt on www.example.com

/robots.txt – It is a good idea to block all bots on m.example.com. This ensures that mobile users will see lightweight page; but all bots refer to your main site. This is SEO feature. Sample /robots.txt for m.example.com

User-agent: *

Disallow: /

From the robots.org page:

The “User-agent: *” means this section applies to all robots. The “Disallow: /” tells the robot that it should not visit any pages on the site. Bad robots can ignore your /robots.txt.

Especially malware robots that scan the web for security vulnerabilities, and email address harvesters used by spammers will pay no attention. However, good robots such as Googlebot will follow your /robots.txt file.

Sample /robots.txt for www.example.com:

User-agent: *

Disallow: /*?

Nginx configurations

Edit the nginx.conf file and append the following after server directive:

set $mobile_rewrite do_not_perform;

chi http_user_agent for mobile / smart phones ##

if ($http_user_agent ~* (android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino ) {

set $mobile_rewrite perform;

}

if ($http_user_agent ~* ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-) ) {

set $mobile_rewrite perform;

}

redirect to m.example.com ##

if ($mobile_rewrite = perform) {

rewrite ^ http://m.example.com$request_uri? redirect;

break;

}

Adding exceptions

You can allow user to browse and view desktop version of your site if url has www.example.com/?desktop=true. You can set cookie as follows:

set $force_dt_cookie ;

if ($args ~ desktop=true ) {

set $mobile_rewrite do_not_perform;

set $force_dt_cookie desktop=true ;

}

add_header Set-Cookie $force_dt_cookie;

if ($http_cookie ~ desktop=true ) {

set $mobile_rewrite do_not_perform;

}

Save and close the file. Restart or reload the nginx server, enter:

# /usr/sbin/nginx -s reload

# /etc/init.d/nginx reload

Test it

Use the curl command as follows to see redirection:

curl -I -A UserAgentString http://www.example.com

curl -I -A Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3 http://www.example.com

curl -I -A Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3 http://www.example.com/?desktop=true

References

Mobile browser detection with Nginx.

Mobile redirection with Nginx.

HowTo: Create a Self-Signed SSL Certificate on Nginx For CentOS / RHEL

msrxp — Sat, 06 Jan 2018 09:17:46 +0000

operate a small web site on Cloud server powered by CentOS Linux v6.4. I would like to encrypt my site’s information and create a more secure connection. How do I create a self-signed SSL certificate on Nginx for CentOS/Fedora or Red Hat Enterprise Linux based server?

The ssl encrypts your connection. For example, a visit to https://www.cyberciti.biz/ result into the following:

All pages were encrypted before being transmitted over the Internet.

Encryption makes it very difficult to unauthorized person to view information traveling between client browser and nginx server.

A note about a self-signed certificates vs a third party issued certificates

Fig.01: Cyberciti.biz connection encrypted and verified by a third party CA called GeoTrust, Inc.

Usually, an SSL certificate issued by a third party. It provides privacy and security between two computers (client and server) on a public network by encrypting traffic. CA (Certificate Authorities) may issue you a SSL certificate that verify the organizational identity (company name), location, and server details.

A self-signed certificate encrypt traffic between client (browser) and server. However, it can not verify the organizational identity. You are not depend upon third party to verify your location and server details.

Our sample setup

Domain name: theos.in

Directory name: /etc/nginx/ssl/theos.in

SSL certificate file for theos.in: /etc/nginx/ssl/theos.in/self-ssl.crt

ssl certificate key for theos.in: /etc/nginx/ssl/theos.in/self-ssl.key

Nginx configuration file for theos.in: /etc/nginx/virtual/theos.in.conf

Step #1: Make sure SSL aware nginx installed

Simply type the following command to verify nginx version and feature:

$ /usr/sbin/nginx -V

Sample outputs

nginx version: nginx/1.4.3

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)

TLS SNI support enabled

configure arguments: –prefix=/etc/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf

…

….

If nginx is not installed, type the following command to download and install nginx using yum command:

# yum install nginx

See how to install Nginx web server On CentOS Linux 6 or Red Hat Enterprise Linux 6 using yum command for more information.

Step #2: Create a directory

Type the following mkdir command to create a directory to store your ssl certificates:

# mkdir -p /etc/nginx/ssl/theos.in

Use the following cd command to change the directory:

# cd /etc/nginx/ssl/theos.in

Step #3: Create an SSL private key

To generate an SSL private key, enter:

# openssl genrsa -des3 -out self-ssl.key 1024

OR better try 2048 bit key:

# openssl genrsa -des3 -out self-ssl.key 2048

Sample outputs:

Generating RSA private key, 1024 bit long modulus

…++++++

……………++++++

e is 65537 (0x10001)

Enter pass phrase for self-ssl.key: Type-Your-PassPhrase-Here

Verifying – Enter pass phrase for self-ssl.key: Retype-Your-PassPhrase-Here

Warning: Make sure you remember passphrase. This passphrase is required to access your SSL key while generating csr or starting/stopping ssl.

Step #4: Create a certificate signing request (CSR)

To generate a CSR, enter:

# openssl req -new -key self-ssl.key -out self-ssl.csr

Sample outputs:

Enter pass phrase for self-ssl.key: Type-Your-PassPhrase-Here

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter . , the field will be left blank.

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:Delhi

Locality Name (eg, city) [Default City]:New Delhi

Organization Name (eg, company) [Default Company Ltd]:nixCraft LTD

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server s hostname) []:theos.in

Email Address []:webmaster@nixcraft.com

Please enter the following extra attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Step #5: Remove passphrase for nginx (optional)

You can remove passphrase from self-ssl.key for nginx server, enter:

# cp -v self-ssl.{key,original}

# openssl rsa -in self-ssl.original -out self-ssl.key

# rm -v self-ssl.original

Sample outputs:

Enter pass phrase for self-ssl.original: Type-Your-PassPhrase-Here

writing RSA key

Step #6: Create certificate

Finally, generate SSL certificate i.e. sign your SSL certificate with your own .csr file for one year:

# openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt

Sample outputs:

Signature ok

subject=/C=IN/ST=Delhi/L=New Delhi/O=nixCraft LTD/OU=IT/CN=theos.in/emailAddress=webmaster@nixcraft.com

Getting Private key

Step #7: Configure the Certificate for nginx

Edit /etc/nginx/virtual/theos.in.conf, enter:

# vi /etc/nginx/virtual/theos.in.conf

The general syntax is as follows for nginx SSL configuration:

server {

#for ipv4

listen 443 ssl http2;

#for ipv6

#listen [::]:443 ssl http2;

ssl_certificate /path/to/self-ssl.crt;

ssl_certificate_key /path/to/self-ssl.key;

server_name theos.in;

location / {

….

…

….

}

Here is my sample config for theos.in:

server {

###########################[Note]##############################

## Note: Replace IP and server name as per your actual setup ##

###############################################################

## IP:Port and server name

listen 75.126.153.211:443 ssl http2;

server_name theos.in;

## SSL settings

ssl_certificate /etc/nginx/ssl/theos.in/self-ssl.crt;

ssl_certificate_key /etc/nginx/ssl/theos.in/self-ssl.key;

## SSL caching/optimization

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:50m;

ssl_session_timeout 1d;

ssl_session_tickets off;

## SSL log files

access_log /var/log/nginx/theos.in/ssl_theos.in_access.log;

error_log /var/log/nginx/theos.in/ssl_theos.in_error.log;

## Rest of server config goes here

location / {

proxy_set_header Accept-Encoding ;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-By $server_addr:$server_port;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

## Hey, ADD YOUR location / specific CONFIG HERE ##

## STOP: YOUR location / specific CONFIG HERE ##

}

Step #8: Restart/reload nginx

Type the following command

# /usr/sbin/nginx -t

Sample outputs:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

To gracefully restart/reload nginx server, type the following command:

# /etc/init.d/nginx reload

# /usr/sbin/nginx -s reload

# service nginx reload

Step #9: Open TCP HTTPS port # 443

Type the following command to open port # 443 for everyone:

# /sbin/iptables -A INPUT -m state –state NEW -p tcp –dport 443 -j ACCEPT

Save new firewall settings:

# service iptables save

See how to setup firewall for a web server for more information.

Step 10: Test it

Fire a browser and type the following url:

https://theos.in/

Sample outputs:

Fig.02: SSL connection is not verified due to self-signed certificate. Click the “Add Exception” button to continue.

Step 11: Verify SSL certificats

You can verify SSL Certificate using the following command:

# openssl verify pem-file

# openssl verify self-ssl.crt

Nginx: 301 Redirect To A Domain Name

msrxp — Sat, 06 Jan 2018 09:15:11 +0000

am a new Nginx web server user. How do I redirect to a different domain using nginx (say example.org to example.com) permanently?

You need to use HttpRewriteModule module to change URI using regular expressions (PCRE), and to redirect and select configuration depending on variables.

rewrite directive

This directive changes URI in accordance with the regular expression and the replacement string. Directives are carried out in order of appearance in the configuration file. You can use this directive in the following context:

server

location

Nginx 301 rewrite syntax

The syntax is:

rewrite regex replacement [ flag ]

Flags can be any of the following:

last – completes processing of current rewrite directives and restarts the process (including rewriting) with a search for a match on the URI from all available locations.

break – completes processing of current rewrite directives and non-rewrite processing continues within the current location block only.

redirect – returns temporary redirect with code 302; it is used if the substituting line begins with http://

permanent – returns permanent redirect with code 301

Example: Redirect to a different domain with nginx

In this example, redirect all traffic as follows:

From: To:

example.org example.com

example.org/foo.html example.com/foo.html

example.org/show.php?arg=value example.com/show.php?arg=value

example.org/dir1/dir2/bar.cgi example.com//dir1/dir2/bar.cgi

Edit nginx.conf or your virtual host config and update server context as follows:

server {

server_name .example.org;

rewrite ^ http://example.com$request_uri? permanent;

# rest of config, if any goes below … #

}

Finally, restart/reload your nginx server, type:

# nginx -t && nginx -s reload

How do I test and verify HTTP 301 redirect?

You need to use curl command:

$ curl -I http://example.org/

$ curl -I http://example.org/foo/bar.html

Sample outputs:

HTTP/1.1 301 Moved Permanently

Server: nginx

Date: Mon, 18 Nov 2013 12:29:08 GMT

Connection: keep-alive

Keep-Alive: timeout=60

Location: http://example.com/foo/bar.html

Vary: Accept-Encoding

X-Galaxy: Andromeda-2

Nginx: 301 Redirect To A Domain Name

msrxp — Sat, 06 Jan 2018 09:12:37 +0000

am a new Nginx web server user. How do I redirect to a different domain using nginx (say example.org to example.com) permanently?

You need to use HttpRewriteModule module to change URI using regular expressions (PCRE), and to redirect and select configuration depending on variables.

rewrite directive

server

location

Nginx 301 rewrite syntax

The syntax is:

rewrite regex replacement [ flag ]

Flags can be any of the following:

last – completes processing of current rewrite directives and restarts the process (including rewriting) with a search for a match on the URI from all available locations.

break – completes processing of current rewrite directives and non-rewrite processing continues within the current location block only.

redirect – returns temporary redirect with code 302; it is used if the substituting line begins with http://

permanent – returns permanent redirect with code 301

Example: Redirect to a different domain with nginx

In this example, redirect all traffic as follows:

From: To:

example.org example.com

example.org/foo.html example.com/foo.html

example.org/show.php?arg=value example.com/show.php?arg=value

example.org/dir1/dir2/bar.cgi example.com//dir1/dir2/bar.cgi

Edit nginx.conf or your virtual host config and update server context as follows:

server {

server_name .example.org;

rewrite ^ http://example.com$request_uri? permanent;

# rest of config, if any goes below … #

}

Finally, restart/reload your nginx server, type:

# nginx -t && nginx -s reload

How do I test and verify HTTP 301 redirect?

You need to use curl command:

$ curl -I http://example.org/

$ curl -I http://example.org/foo/bar.html

Sample outputs:

HTTP/1.1 301 Moved Permanently

Server: nginx

Date: Mon, 18 Nov 2013 12:29:08 GMT

Connection: keep-alive

Keep-Alive: timeout=60

Location: http://example.com/foo/bar.html

Vary: Accept-Encoding

X-Galaxy: Andromeda-2

Nginx: Allow All But Block Certain POST Request URLS For Selected Spammer IP Address/CIDR

omid — Sat, 06 Jan 2018 09:02:02 +0000

am a small business and ecom site owner. I also run a WordPress based blog to connect with my customers. However, I get too much spam from certain IPs and net-blocks. How do I block access to certain url(s) such as example.com/blog/wp-comments-post.php for selected IP address and CIDRs? How do I allow everyone including IP address 1.2.3.4 to access my blog but block IP address 1.2.3.4 accessing only example.com/blog/wp-comments-post.php? How do I block POST requests for selected IPs/CIDR on nginx?

Nginx comes with a simple module called ngx_http_access_module to allow or deny access to IP address. You can also create a config file and block certain urls using the following method.

Step #1: Create spammers.conf file

Create a file called /etc/nginx/spammers.conf, enter:

# vi /etc/nginx/spammers.conf

You need to use the ngx_http_geo_module. This modile creates variables with values depending on the client IP address or CIDR. The syntax is:

geo $var_name {

default value1;

ip value2;

cidr value2;

}

In this example, block IPs/CIDRs – 101.0.71.27, 101.0.79.181, 101.0.79.27, 100.42.192.0/20, 101.192.0.0/14, and 148.248.0.0/16:

# spammers.conf #

geo $spammers_ip_cidrs {

## allow all ##

default no;

## block these bad ips/cidrs/spammers ##

101.0.71.27 yes;

101.0.79.181 yes;

101.0.79.27 yes;

100.42.192.0/20 yes;

101.192.0.0/14 yes;

148.248.0.0/16 yes;

}

Step #2: Update nginx.conf

Edit nginx.conf, enter:

# vi /etc/nginx/nginx.conf

Add the following in http section:

include /etc/nginx/spammers.conf;

Find your server section and add the following to match your POST request url:

location ~* /blog/wp-comments-post\.php$ {

if ( $spammers_ip_cidrs = yes ) {

## show default or custom forbidden page. To create black-hole use 444 code

return 403;

}

Here is a sample config directive for reverse proxy server:

server {

listen 75.126.153.206:80;

server_name www.cyberciti.biz;

access_log /var/log/nginx/access.log main;

error_log /var/log/nginx/error.log;

root /nfs/ha/root/nginx;

index index.html;

custom error pages put them at /nfs/ha/root/nginx location ##

error_page 404 /error-page-404.html;

location /error-page-404.html {

internal;

}

error_page 403 /error-page-403.html;

location = /error-page-403.html {

internal;

}

location section ##

location / {

proxy_pass http://backendapache;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

proxy_set_header Host www.cyberciti.biz;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location ~* /blog/wp-comments-post\.php$ {

if ( $spammers_ip_cidrs = yes ) {

return 403;

}

## add rest of config for matching url here ##

}

Save and close the file. Restart / reload nginx server, enter:

# service nginx reload

A visitor with an IP address 75.126.153.206 can browser your entire blog but will not able to post any comments. He/she (most likely a bot) will get an error code forbidden 403. A sample 403 error page:

Fig. 01: Custom nginx 403 page for www.cyberciti.biz

See how to create a custom 403/404 page using nginx for more information.

How do I find out spammers IP address?

Use the grep command as follows:

grep /blog/wp-comments-post.php access_1.log

Find all url /blog/wp-comments-post.php accessed on 30/Nov/2013 ##

last sort is bad ##

grep 30/Nov/2013 | grep /blog/wp-comments-post.php /path/to/archives/access_1.log | awk { print $1} | sort | uniq -c | sort -nr > spam.txt

Sample outputs:

$ cat spam.txt

22304 221.234.211.192

22133 221.235.67.111

11174 142.4.113.57

11110 192.184.37.126

4235 37.0.122.237

…

No sane person will try to submit comment 22304 times. So you can block all those IPs. You can automate the entire procedure by writing a shell/python/perl script. The writing of such script is left as an exercise to the readers.

HowTo: Enable Nginx Status Page

omid — Sat, 06 Jan 2018 08:54:40 +0000

pache has status page that can provide data about Apache. How do I enable and display such page using nginx server? How do I enable nginx status page on Linux or Unix-like operating systems?

Like Aapache (httpd), nginx has status page to give you information about Nginx’s server health including Active connections and other data. You can use this info to fine tune your server. Please note that you will get stats for entire Nginx server running. This can not be used to get info per virtual host i.e. you will get data for entire Nginx server only.

Make sure HttpStubStatusModule compiled

Type the following command to verify that HttpStubStatusModule is compiled and available to you:

nginx -V | grep –color -o http_stub_status

Enable Nginx status page on Linux/Unix

Edit nginx.conf, enter:

# vi nginx.conf

Update your server { ….. } block/context as follows (see how to deny access to IP address on nginx):

location /nginx_status {

# Turn on nginx stats

stub_status on;

# I do not need logs for stats

access_log off;

# Security: Only allow access from 192.168.1.100 IP #

allow 192.168.1.100;

# Send rest of the world to /dev/null #

deny all;

}

Feel free to replace 192.168.1.100 with your actual IP address. This is a security feature as you do not want to show your status to the whole world.

Restart / reload nginx server

Type the following command to reload nginx:

# service nginx reload

# nginx -s reload

How do I view nginx status page?

Fire a browser and type the url:

example.com/nginx_status

1.2.3.4/nginx_status

www.cyberciti.biz/nginx_status

Sample outputs:

Gif 01: Nginx status page in action (note I am refreshing screen to show you demo)

Nginx: Redirect Backend Traffic Based Upon Client IP Address

omid — Sat, 06 Jan 2018 08:43:50 +0000

have four Apache backend servers in front of nginx reverse proxy server. How do I make sure nginx reverse proxy load balancer always send specific client IP address (say IP 1.2.3.4) request to http://apachereadwrite/ backend and rest to http://apachereadonly/ backend?

Nginx web server does support if conditional configuration. You can redirect and/or select configuration depending on client ip address. In this case you need to use the variable called $remote_addr which can be used to retrieve information about the users ip address. This is useful if you want to give file upload capabilities to your own office IP address and read-only capabilities to the rest of the world based upon client IP address or vpn address:

File upload is disabled on

server {A,B,C} via php

+——+ +—–+ +—–+ +—–+

| | | | | | | |

Backends | A | | B | | C | | D | File upload enabled

| | | | | | | |

+–+—+ +-+—+ +–+–+ +-+—+

| | | |

+——–+———+——-+

+—+—+

| |

+——-+

nginx reverse proxy server

Edit the file /etc/php.ini on server {A,B,C}, type:

# vi /etc/php.ini

Make the following changes to /etc/php.ini:

# Disallow uploading altogether this makes moving or injecting bad scripts/code onto your web server more difficult

file_uploads = Off

# Disallow treatment of file requests as fopen calls

allow_url_fopen = Off

allow_url_include = Off

Restart Apache server on {A,B,C}. Make sure file upload is enabled on server A by editing php.ini and setting the following entries:

file_uploads = On

upload_max_filesize=2M

post_max_size=4M

Nginx syntax

The syntax is as follows:

if ( $remote_addr ~* ip-address-here ) {

proxy_pass http://YOUR-BACKEND-HERE;

}

First set default proxy_pass:

Default backend is apachereadonly ##

proxy_pass http://apachereadonly;

Check for client ip address:

If IP is 1.2.3.4 send backend to apachereadwrite ##

if ( $remote_addr ~* 1.2.3.4 ) {

proxy_pass http://apachereadwrite;

}

Examples

Edit nginx.conf file, enter:

# vi nginx.conf

Edit/append as follows:

## apachereadonly backend ##

upstream apachereadonly {

server 10.10.11.10:8011;

server 10.10.11.11:8011;

server 10.10.11.12:8011;

ip_hash;

}

## apachereadwrite backend ##

upstream apachereadwrite {

server 10.10.11.13:8011;

}

## config ##

location / {

proxy_set_header Accept-Encoding ;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-By $server_addr:$server_port;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

## default backend

proxy_pass http://apachereadonly;

## send traffic to apachereadwrite backend if ip is 1.2.3.4 ##

if ( $remote_addr ~* 1.2.3.4 ) {

proxy_pass http://apachereadwrite;

}

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

}

## rest of config ##

Save and close the file. Restart / reload nginx server:

# /etc/init.d/nginx reload

# /usr/sbin/nginx -s reload

Install LEMP (Linux, Nginx, MySQL and PHP) Stack on Ubuntu Linux 14.04 LTS

omid — Fri, 05 Jan 2018 16:15:55 +0000

‘m a new Ubuntu Linux user. How do I install the LEMP stack on an Ubuntu Linux 14.04 LTS server using command line options to serve dynamic web apps?

As one of the most popular Linux distribution in the world, Ubuntu has released the latest version on April 17, 2014. The latest version is 14.04 with code name Trusty Tahr. Ubunt 14.04 is a LTS (Long Term Support) version. This means that Ubuntu 14.04 will be supported for the next 5 years from the release date. In this tutorial we will cover Nginx, MySQL and PHP installation on Ubuntu Linux v14.04.

What is new in Ubuntu 14.04 (Trusty Tahr) version?

You may see it on cyberciti.biz or visit the Ubuntu home page at ubuntu.com.

Nginx Installation

Nginx is one of the robust web server in Linux world. Nginx is a free, open source, high performance HTTP server and reverse proxy, as weell as an IMAP/POP3 proxy server. Now, we are going to install Nginx web server.

First, make sure system is upto date:

$ sudo apt-get update

$ sudo apt-get upgrade

#1 – Download and Install Nginx

The easiest way to download and install Nginx is using apt-get command. Here is the command:

$ sudo apt-get install nginx

Fig.01: Download and Install Nginx on Ubuntu Linux

Just wait until installation is get done on the system.

#2 – Test Nginx

Once it get done, you can open your browser and type url http://localhost or http://your_ip_address to test it. If everything goes normal, you will see Nginx welcome page:

Fig.02: Welcome nginx page on Ubuntu Linux

MySQL Installation On Ubuntu

MySQL is one of the most powerful database management system in Linux world. Next, we are going to install it with PHP support.

#1 – Install MySQL and PHP support

Type the following command:

$ sudo apt-get install mysql-server php5-mysql

Fig.03: Ubuntu Linux Install MySQL to Manage Site Data with PHP

During the installation, MySQL will ask you to enter MySQL root password, other wise the installation will not continue. Type the password you want, then press OK to continue the installation.

#2 – Test MySQL

Once mysql installation finished, we can test it. Open your console and type the following command:

$ mysql -u root -p

Fig.04: Ubuntu test Mysql installation

If you type your password correctly, the you will see the mysql prompt.

#3 – Securing access to MySQL

If we are going to use MySQL as a production database, we may want to secure it. MySQL provides a shell script to help us securing it. Just type the following command on your console:

$ sudo mysql_secure_installation

Here are the steps to do it.

ENTER YOUR ROOT PASSWORD
Enter your current root password to continue to the next step.
Fig.05: MySQL enter your root db password
2.CHANGE THE ROOT PASSWORD
If you want to change it, press Y. Otherwise, press N.
Fig.06: MySQL security
3.REMOVE ANONYMOUS USER
It is recommended to remove anonymous user to mitigate risk who can log in into your database.
Fig.07: MySQL security
4.DISALLOW ROOT LOGIN REMOTELY
To make sure that no one remote your database as root from another machines, we need to disallow root login remotely.
Fig.08: MySQL security
5.REMOVE TEST DATABASE
Sometimes some MySQL installation will create a database named Ã«testÃ for testing purpose. We can remove it if we donÃt use it.
Fig.09: MySQL security
6.RELOAD PRIVILEGE TABLES
Then we need to reloading the privilege tables to ensure all changes made so far will take effect immediately.
Fig.10: MySQL security
7.DONE
Fig.11: MySQL security
PHP Installation For Server Side Scripting
Since PHP is popular, a lot of websites is built using PHP language. As of January 2013, PHP was installed on more than 240 millions websites. Now we are going to install PHP on Ubuntu 14.04
#1 – Download and install PHP
As usual, we can download and install PHP using apt-get command. Just type the following command on your Ubuntu console or over the ssh based session:
$ sudo apt-get install php5-fpm

Fig.12: Install PHP for Server Side Processing on Ubuntu

And wait for the installation to complete.

Configure Nginx to work with PHP and MySQL Server on Ubuntu

Now we have all components installed. The next step is we need to configure Nginx with PHP and MySQL. Let’s start to configure them.

#1 – Configure PHP5-FPM

PHP5-FPM configuration file is located at /etc/php5/fpm/php.ini. Open it with your text editor

$ sudo vi /etc/php5/fpm/php.ini

Change this parameter, from:

cgi.fix_pathinfo=1

to:

cgi.fix_pathinfo=0

Save and close the file and then restart php5-fpm service, type:

$ sudo service php5-fpm restart

#2 – Configure Nginx

Nginx configuration file is located at /etc/nginx/nginx.conf. But basically, we don’t need to touch it. The configuration of nginx website is located in /etc/nginx/sites-available/default file.

Open it, and uncomment lines:

location ~ \.php$ {

fastcgi_split_path_info ^(.+\.php)(/.+)$;

# # NOTE: You should have cgi.fix_pathinfo = 0; in php.ini

# # With php5-cgi alone:

# fastcgi_pass 127.0.0.1:9000;

# # With php5-fpm:

fastcgi_pass unix:/var/run/php5-fpm.sock;

fastcgi_index index.php;

include fastcgi_params;

}

Then restart the services.

$ sudo service nginx restart

Please make sure, on Ubuntu 14.04, we cannot use fastcgi_pass 127.0.0.1:9000. So make sure that the line is commented. Otherwise, on my machine, I got this error :

$ tail /var/log/nginx/error.log

2014/11/04 16:57:04 [emerg] 3216#0: fastcgi_pass directive is not allowed here in /etc/nginx/sites-enabled/default:59

2014/11/04 16:58:21 [emerg] 3256#0: fastcgi_pass directive is not allowed here in /etc/nginx/sites-enabled/default:59

On Ubuntu 14.04, I use the following line:

fastcgi_pass unix:/var/run/php5-fpm.sock

When I restart the Nginx and I still got the following error message:

2014/11/04 17:02:05 [emerg] 3295#0: fastcgi_pass directive is not allowed here in /etc/nginx/sites-enabled/default:61

2014/11/04 17:04:58 [emerg] 3410#0: fastcgi_pass directive is not allowed here in /etc/nginx/sites-enabled/default:61

Please make sure that you already uncomment this line:

location ~ \.php$ {

#3 – Configure MySQL

After the configuration section is done, now we need to test them to make sure that our configuration is working as required. On Ubuntu 14.04 the root document folder is located in /usr/share/nginx/html. So create a file called /usr/share/nginx/html/phpinfo.php with the following code:

After restarting PHP-FPM and Nginx, open the browser and browse to the php file, we got only a blank screen. No error message on the screen. No error message on PHP-FPM and Nginx log file.

Then we changed /usr/share/nginx/html/phpinfo.php file code on the root document of Nginx, as follows:

And then open the browser again and type url http://your_ip_address/phpinfo.php

It seem that by default, we can not use short php-tag like this:

To enable short php tag, we need to change the value of short_open_tag parameter on php.ini file:

Change the value from Off to On. Then restart your php5-fpm :

sudo service php5-fpm restart

Then try again to test your phpinfo file. Next, we will see if the MySQL support is enabled or not. Scroll down the php configuration screen on your browser, if you see MySQL block there, then MySQL support already enabled.

You are now ready to use Nginx, PHP5 and MySQL on Ubuntu server. I hope this quick article help anyone who wish to install Linux, Nginx, PHP and MySQL on Ubuntu 14.04.

This quick tutorial was contributed by Pungki Arianto. You can too contribute to nixCraft.

Debian 8 and Ubuntu 14.04 LTS Install Suhosin PHP Extension To Protect Your Server

msrxp — Fri, 05 Jan 2018 14:59:33 +0000

uhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. How can I install suhosin extension on a Debian v8.x or Ubuntu Linux 14.04 LTS server?

Suhosin (Korean ìˆ˜í˜¸ì‹ , meaning guardian-angel) is used to securing PHP web applications such as WordPress and others. Suhosin comes as the extension and the patch. Both parts can be installed separately and have no dependencies to each other.

How To Installing Suhosin on Debian and Ubuntu [Binary Method]

Type the following command on a Ubuntu Linux 14.04 LTS server:

sudo -s

echo deb http://repo.suhosin.org/ ubuntu-trusty main >> /etc/apt/sources.list

apt-get update

Debian Linux 8.x user type the following command:

sudo -s

echo deb http://repo.suhosin.org/ debian-jessie main >> /etc/apt/sources.list

apt-get update

Sample outputs:

Ign http://security.ubuntu.com trusty-security InRelease

Get:1 http://security.ubuntu.com trusty-security Release.gpg [933 B]

Get:2 http://security.ubuntu.com trusty-security Release [63.5 kB]

Ign http://archive.ubuntu.com trusty InRelease

Ign http://archive.ubuntu.com trusty-updates InRelease

Get:3 http://security.ubuntu.com trusty-security/main amd64 Packages [319 kB]

Hit http://archive.ubuntu.com trusty Release.gpg

Ign http://repo.suhosin.org ubuntu-trusty InRelease

Get:4 http://security.ubuntu.com trusty-security/restricted amd64 Packages [8,875 B]

Get:5 http://security.ubuntu.com trusty-security/universe amd64 Packages [111 kB]

Get:6 http://archive.ubuntu.com trusty-updates Release.gpg [933 B]

Get:7 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [3,683 B]

Get:8 http://repo.suhosin.org ubuntu-trusty Release.gpg [816 B]

Get:9 http://security.ubuntu.com trusty-security/main Translation-en [172 kB]

Hit http://archive.ubuntu.com trusty Release

Get:10 http://repo.suhosin.org ubuntu-trusty Release [1,074 B]

Get:11 http://archive.ubuntu.com trusty-updates Release [63.5 kB]

Get:12 http://repo.suhosin.org ubuntu-trusty/main amd64 Packages [722 B]

Hit http://security.ubuntu.com trusty-security/multiverse Translation-en

Hit http://archive.ubuntu.com trusty/main amd64 Packages

Hit http://security.ubuntu.com trusty-security/restricted Translation-en

Hit http://security.ubuntu.com trusty-security/universe Translation-en

Hit http://archive.ubuntu.com trusty/restricted amd64 Packages

Hit http://archive.ubuntu.com trusty/universe amd64 Packages

Hit http://archive.ubuntu.com trusty/multiverse amd64 Packages

Hit http://archive.ubuntu.com trusty/main Translation-en

Hit http://archive.ubuntu.com trusty/multiverse Translation-en

Ign http://repo.suhosin.org ubuntu-trusty/main Translation-en_US

Hit http://archive.ubuntu.com trusty/restricted Translation-en

Ign http://repo.suhosin.org ubuntu-trusty/main Translation-en

Hit http://archive.ubuntu.com trusty/universe Translation-en

Get:13 http://archive.ubuntu.com trusty-updates/main amd64 Packages [584 kB]

Get:14 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [11.8 kB]

Get:15 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [297 kB]

Get:16 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [12.0 kB]

Hit http://archive.ubuntu.com trusty-updates/main Translation-en

Hit http://archive.ubuntu.com trusty-updates/multiverse Translation-en

Hit http://archive.ubuntu.com trusty-updates/restricted Translation-en

Hit http://archive.ubuntu.com trusty-updates/universe Translation-en

Ign http://archive.ubuntu.com trusty/main Translation-en_US

Ign http://archive.ubuntu.com trusty/multiverse Translation-en_US

Ign http://archive.ubuntu.com trusty/restricted Translation-en_US

Ign http://archive.ubuntu.com trusty/universe Translation-en_US

Fetched 1,651 kB in 6s (250 kB/s)

Reading package lists… Done

The repository suhosin.org is signed with key, so install it with wget command:

Run as root user ##

wget https://sektioneins.de/files/repository.asc

sudo apt-key add repository.asc

Sample outputs:

Fig.01: Installing key

Next, type the following apt-get command to install the php5-suhosin-extension package, run:

sudo apt-get install php5-suhosin-extension

Sample outputs:

Fig.02: Installing php5-suhosin-extension package

Enable the php5-suhosin-extension

sudo php5enmod php5-suhosin

Restart php5-fpm on a Ubuntu LTS 14.04

sudo /sbin/restart php5-fpm

Restart php5-fpm on a Debian Linux 8.0

sudo systemctl restart php5-fpm

Test it

Create a file called test.php:

sudo vi /var/www/test.php

Append the following code:

phpinfo();

Save and close the file. You can open the Browser and type the following url:

http://server-ip-here/test.php

http://1.2.3.4/test.php

Sample outputs:

Fig.03: Suhosin enabled on server

Configuration

You need to edit the file /etc/php5/mods-available/suhosin.ini, enter:

# vi /etc/php5/mods-available/suhosin.ini

You can see comma separated whitelist of functions are not allowed to be called:

suhosin.executor.func.blacklist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand

suhosin.executor.eval.whitelist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand

Save and close the file. You need to restart php5-fpm. I suggest you see the configuration page for a complete list of possible configuration options.

How to install Composer on Debian / Ubuntu Linux

msrxp — Fri, 05 Jan 2018 13:53:38 +0000

I‘m trying to upgrade my Mediawiki installation and I’m getting an error that read as follows:

Error: your composer.lock file is not up to date, run “composer update” to install newer dependencies

How do I install composer command for my PHP installation on Debian or Ubuntu Linux running LAMP or LEMP stack?

How do I Install and use Composer on running Ubuntu Linux server and fix this problem for mediawiki installation and/or manage and install PHP packages and dependencies for my project?

Composer is a dependency manager tool for PHP. It installs and updates the libraries for your project. It is not a package manager like yum command or apt-get command.

It is desgined to use with each individual project like Mediawiki or your own custom app written in PHP.

There are many open source projects and frameworks written in php use Composer to manage and install their packages and dependencies.

In this tutorial you will learn how to install composer globally on Debian or Ubuntu Linux server. The following instructions should also work with RHEL/CentOS Linux 7.x or any other modern Linux distro.

The problem

When you try to update mediawiki to v1.26.0 using the following command:

[wwwuser@server1.cyberciti.biz:~/wiki]$ php update.php

You will will get the following error:

MediaWiki 1.26.0 Updater

composer/semver: not installed, 1.0.0 required.

liuggio/statsd-php-client: 1.0.12 installed, 1.0.16 required.

oyejorge/less.php: not installed, 1.7.0.9 required.

mediawiki/at-ease: not installed, 1.1.0 required.

oojs/oojs-ui: 0.11.3 installed, 0.12.12 required.

wikimedia/assert: not installed, 0.2.2 required.

wikimedia/cdb: 1.0.1 installed, 1.3.0 required.

wikimedia/composer-merge-plugin: 1.0.0 installed, 1.3.0 required.

wikimedia/ip-set: not installed, 1.0.1 required.

wikimedia/utfnormal: 1.0.2 installed, 1.0.3 required.

wikimedia/wrappedstring: not installed, 2.0.0 required.

zordius/lightncandy: 0.18 installed, 0.21 required.

Error: your composer.lock file is not up to date, run composer update to install newer dependencies

To fix this problem you need to install the composer tool.

Installation

Make sure curl and php-cli, curl and related tools are installed on your Debian or Ubuntu server (14.04 LTS or older):

$ sudo apt-get install curl php5-cli git

Sample outputs:

Reading package lists… Done

Building dependency tree

Reading state information… Done

php5-cli is already the newest version.

The following extra packages will be installed:

git-man libcurl3 liberror-perl patch rsync

Suggested packages:

gettext-base git-daemon-run git-daemon-sysvinit git-doc git-el git-email

git-gui gitk gitweb git-arch git-bzr git-cvs git-mediawiki git-svn ed

diffutils-doc openssh-server

The following NEW packages will be installed:

curl git git-man libcurl3 liberror-perl patch rsync

0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.

Need to get 4,011 kB of archives.

After this operation, 23.4 MB of additional disk space will be used.

Do you want to continue? [Y/n] y

Get:1 http://archive.ubuntu.com/ubuntu/ trusty-updates/main libcurl3 amd64 7.35.0-1ubuntu2.5 [173 kB]

Get:2 http://archive.ubuntu.com/ubuntu/ trusty-updates/main rsync amd64 3.1.0-2ubuntu0.1 [283 kB]

Get:3 http://archive.ubuntu.com/ubuntu/ trusty-updates/main curl amd64 7.35.0-1ubuntu2.5 [123 kB]

Get:4 http://archive.ubuntu.com/ubuntu/ trusty/main liberror-perl all 0.17-1.1 [21.1 kB]

Get:5 http://archive.ubuntu.com/ubuntu/ trusty-updates/main git-man all 1:1.9.1-1ubuntu0.1 [698 kB]

Get:6 http://archive.ubuntu.com/ubuntu/ trusty-updates/main git amd64 1:1.9.1-1ubuntu0.1 [2,627 kB]

Get:7 http://archive.ubuntu.com/ubuntu/ trusty-updates/main patch amd64 2.7.1-4ubuntu2.3 [86.4 kB]

Fetched 4,011 kB in 1s (2,181 kB/s)

Selecting previously unselected package libcurl3:amd64.

(Reading database … 16719 files and directories currently installed.)

Preparing to unpack …/libcurl3_7.35.0-1ubuntu2.5_amd64.deb …

Unpacking libcurl3:amd64 (7.35.0-1ubuntu2.5) …

Selecting previously unselected package rsync.

Preparing to unpack …/rsync_3.1.0-2ubuntu0.1_amd64.deb …

Unpacking rsync (3.1.0-2ubuntu0.1) …

Selecting previously unselected package curl.

Preparing to unpack …/curl_7.35.0-1ubuntu2.5_amd64.deb …

Unpacking curl (7.35.0-1ubuntu2.5) …

Selecting previously unselected package liberror-perl.

Preparing to unpack …/liberror-perl_0.17-1.1_all.deb …

Unpacking liberror-perl (0.17-1.1) …

Selecting previously unselected package git-man.

Preparing to unpack …/git-man_1%3a1.9.1-1ubuntu0.1_all.deb …

Unpacking git-man (1:1.9.1-1ubuntu0.1) …

Selecting previously unselected package git.

Preparing to unpack …/git_1%3a1.9.1-1ubuntu0.1_amd64.deb …

Unpacking git (1:1.9.1-1ubuntu0.1) …

Selecting previously unselected package patch.

Preparing to unpack …/patch_2.7.1-4ubuntu2.3_amd64.deb …

Unpacking patch (2.7.1-4ubuntu2.3) …

Processing triggers for ureadahead (0.100.0-16) …

Setting up libcurl3:amd64 (7.35.0-1ubuntu2.5) …

Setting up rsync (3.1.0-2ubuntu0.1) …

Removing any system startup links for /etc/init.d/rsync …

update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match rsync Default-Stop values (none)

Adding system startup for /etc/init.d/rsync …

/etc/rc0.d/K20rsync -> ../init.d/rsync

/etc/rc1.d/K20rsync -> ../init.d/rsync

/etc/rc6.d/K20rsync -> ../init.d/rsync

/etc/rc2.d/S20rsync -> ../init.d/rsync

/etc/rc3.d/S20rsync -> ../init.d/rsync

/etc/rc4.d/S20rsync -> ../init.d/rsync

/etc/rc5.d/S20rsync -> ../init.d/rsync

Setting up curl (7.35.0-1ubuntu2.5) …

Setting up liberror-perl (0.17-1.1) …

Setting up git-man (1:1.9.1-1ubuntu0.1) …

Setting up git (1:1.9.1-1ubuntu0.1) …

Setting up patch (2.7.1-4ubuntu2.3) …

Processing triggers for libc-bin (2.19-0ubuntu6.6) …

Processing triggers for ureadahead (0.100.0-16) …

If you are using Ubuntu Linux 16.04 LTS or newer and want to use PHP 7.x, run:

$ sudo apt install curl php7.0-cli git

Install composer tool

Next install composer on Debian or Ubuntu Linux in /usr/local/bin/ directory as follows:

$ curl -sS https://getcomposer.org/installer | sudo php — –install-dir=/usr/local/bin –filename=composer

Sample outputs:

Fig.01: Installing composer on your server running Ubuntu Linux

Verify composer

To verify installation type:

$ composer

$ /usr/local/bin/composer

The Sample outputs:

______

/ ____/___ ____ ___ ____ ____ ________ _____

/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/

/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /

\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/

/_/

Composer version 1.0-dev (1c525b76f81123af180743d31c208c29351cf931) 2015-12-09 15:47:26

Usage:

command [options] [arguments]

Options:

-h, –help Display this help message

-q, –quiet Do not output any message

-V, –version Display this application version

–ansi Force ANSI output

–no-ansi Disable ANSI output

-n, –no-interaction Do not ask any interactive question

–profile Display timing and memory usage information

-d, –working-dir=WORKING-DIR If specified, use the given directory as working directory.

-v|vv|vvv, –verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:

about Short information about Composer

archive Create an archive of this composer package

browse Opens the package s repository URL or homepage in your browser.

clear-cache Clears composer s internal package cache.

clearcache Clears composer s internal package cache.

config Set config options

create-project Create new project from a package into given directory.

depends Shows which packages depend on the given package

diagnose Diagnoses the system to identify common errors.

dump-autoload Dumps the autoloader

dumpautoload Dumps the autoloader

global Allows running commands in the global composer dir ($COMPOSER_HOME).

help Displays help for a command

home Opens the package s repository URL or homepage in your browser.

info Show information about packages

init Creates a basic composer.json file in current directory.

install Installs the project dependencies from the composer.lock file if present, or falls back on the composer.json.

licenses Show information about licenses of dependencies

lint Run the lint script as defined in composer.json.

list Lists commands

phpcs Run the phpcs script as defined in composer.json.

remove Removes a package from the require or require-dev

require Adds required packages to your composer.json and installs them

run-script Run the scripts defined in composer.json.

search Search for packages

self-update Updates composer.phar to the latest version.

selfupdate Updates composer.phar to the latest version.

show Show information about packages

status Show a list of locally modified packages

suggests Show package suggestions

test Run the test script as defined in composer.json.

update Updates your dependencies to the latest version according to composer.json, and updates the composer.lock file.

validate Validates a composer.json and composer.lock

How does composer work?

To use Composer you need to create or use composer.json file supplied by your vendor such as mediawiki. This file defines the dependencies of php app or project. Here is sample file from mediawiki project:

{

name : mediawiki/core ,

description : Free software wiki application developed by the Wikimedia Foundation and others ,

keywords : [ mediawiki , wiki ],

homepage : https://www.mediawiki.org/ ,

authors : [

{

name : MediaWiki Community ,

homepage : https://www.mediawiki.org/wiki/Special:Version/Credits

}

license : GPL-2.0+ ,

support : {

issues : https://bugs.mediawiki.org/ ,

irc : irc://irc.freenode.net/mediawiki ,

wiki : https://www.mediawiki.org/

require : {

composer/semver : 1.0.0 ,

cssjanus/cssjanus : 1.1.1 ,

ext-iconv : * ,

liuggio/statsd-php-client : 1.0.16 ,

oyejorge/less.php : 1.7.0.9 ,

mediawiki/at-ease : 1.1.0 ,

oojs/oojs-ui : 0.12.12 ,

php : >=5.3.3 ,

psr/log : 1.0.0 ,

wikimedia/assert : 0.2.2 ,

wikimedia/cdb : 1.3.0 ,

wikimedia/composer-merge-plugin : 1.3.0 ,

wikimedia/ip-set : 1.0.1 ,

wikimedia/utfnormal : 1.0.3 ,

wikimedia/wrappedstring : 2.0.0 ,

zordius/lightncandy : 0.21

}

How do I install dependencies defined in composer.json file?

Simply type the following command to download and install all dependencies for your app/project:

$ composer install

OR switch to core project directory such as /var/www/html/wiki and run:

$ cd /var/www/html/wiki && composer install –no-dev

Sample outputs:

Loading composer repositories with package information

Installing dependencies from lock file

Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.

– Removing composer/semver (1.0.0)

– Removing oyejorge/less.php (v1.7.0.9)

– Removing mediawiki/at-ease (v1.1.0)

– Removing wikimedia/avro (v1.7.7)

– Removing nmred/kafka-php (v0.1.4)

– Removing wikimedia/ip-set (1.0.1)

– Removing firebase/php-jwt (v2.1.0)

– Removing symfony/process (v2.7.3)

– Removing ruflin/elastica (2.2.0)

– Removing wikimedia/wrappedstring (v2.0.0)

– Removing monolog/monolog (1.14.0)

– Removing kzykhys/pygments (v1.0.0)

– Removing wikimedia/assert (v0.2.2)

– Removing wikimedia/composer-merge-plugin (v1.3.0)

– Installing wikimedia/composer-merge-plugin (v1.0.0)

Downloading: 100%

– Removing liuggio/statsd-php-client (v1.0.16)

– Installing liuggio/statsd-php-client (v1.0.12)

Downloading: 100%

– Removing oojs/oojs-ui (v0.12.12)

– Installing oojs/oojs-ui (v0.11.3)

Downloading: 100%

– Removing wikimedia/cdb (1.3.0)

– Installing wikimedia/cdb (1.0.1)

Downloading: 100%

– Removing wikimedia/utfnormal (v1.0.3)

– Installing wikimedia/utfnormal (v1.0.2)

Downloading: 100%

– Removing zordius/lightncandy (v0.21)

– Installing zordius/lightncandy (v0.18)

Downloading: 100%

– Installing leafo/lessphp (v0.5.0)

Downloading: 100%

Generating optimized autoload files

The above will also create composer.lock file which can be used to update the dependencies later on to the latest version.

How do I update composer.lock file?

If there is no .lock file, this tool will create one based on the dependencies from the .json file. To fetch the dependent libraries to newer versions, run the following command i.e. if you have an existing composer.lock file you will need to run it as follows:

$ composer update

OR switch to core project directory such as /var/www/html/wiki and run:

$ cd /var/www/html/wiki/ && composer update –no-dev

Sample outputs:

ComposerHookHandler::onPreUpdate

Deprecation Notice: The Composer\Package\LinkConstraint\VersionConstraint class is deprecated, use Composer\Semver\Constraint\Constraint instead. in phar:///usr/local/bin/composer/src/Composer/Package/LinkConstraint/VersionConstraint.php:17

Deprecation Notice: The Composer\Package\LinkConstraint\LinkConstraintInterface interface is deprecated, use Composer\Semver\Constraint\ConstraintInterface instead. in phar:///usr/local/bin/composer/src/Composer/Package/LinkConstraint/LinkConstraintInterface.php:17

Updating dependencies

– Removing leafo/lessphp (v0.5.0)

– Removing wikimedia/composer-merge-plugin (v1.0.0)

– Installing wikimedia/composer-merge-plugin (v1.3.0)

Downloading: Connecting…

Downloading: 100%

– Removing liuggio/statsd-php-client (v1.0.12)

– Installing liuggio/statsd-php-client (v1.0.16)

Downloading: Connecting…

Downloading: 100%

– Installing mediawiki/at-ease (v1.1.0)

Downloading: 100%

– Removing oojs/oojs-ui (v0.11.3)

– Installing oojs/oojs-ui (v0.12.12)

Downloading: 100%

– Removing wikimedia/cdb (1.0.1)

– Installing wikimedia/cdb (1.3.0)

Downloading: 100%

– Removing wikimedia/utfnormal (v1.0.2)

– Installing wikimedia/utfnormal (v1.0.3)

Downloading: 100%

– Removing zordius/lightncandy (v0.18)

– Installing zordius/lightncandy (v0.21)

Downloading: 100%

– Installing composer/semver (1.0.0)

Downloading: 100%

– Installing oyejorge/less.php (v1.7.0.9)

Downloading: 100%

– Installing wikimedia/assert (v0.2.2)

Downloading: 100%

– Installing wikimedia/ip-set (1.0.1)

Downloading: 100%

– Installing wikimedia/wrappedstring (v2.0.0)

Downloading: 100%

Writing lock file

Generating optimized autoload files

Finally updating mediawiki to version 1.26.0

Now mediawiki will be updated without any problem as composer already fetched required libs for your php app:

$ cd /var/www/html/wiki/

$ php update.php

Command summary

This tutorial described how to install the composer and update mediawiki. But, if you just need the composer tool for your own project, just run the following commands:

$ sudo apt-get install curl php5-cli git

$ sudo curl -sS https://getcomposer.org/installer | sudo php — –install-dir=/usr/local/bin –filename=composer

$ composer

Now create your own .json file:

$ cd /my/cool/project/

$ vi composer.json

Install the dependencies for your project from composer.json, enter:

$ composer install

To update the dependencies for your project:

$ composer update

And, there you have it composer installed and working for your LAMP project. For further information please see the official composer project documentation here.