Setting up OMV to run packages via NGINX without using a port number but the IP address of OMV/folder

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Setting up OMV to run packages via NGINX without using a port number but the IP address of OMV/folder

      I have wanted to run a number of packages so that all I needed to do was to type in the IP address of the OMV/package_name. I also wanted to run these from a separate drive in my case mapped to /media/www/package_name.

      I struggled with the NGINX configuration but there were clues in the way Mysql is implemented in the NGINX .conf files. I thought I would share what I did and if someone can improve on this great.

      Firstly worth saying I have Webmin installed which helps with the configuration and I have included the NGINX plugin for Webmin.

      OMV stores the config in /etc/nginx/sites-available/openmediavault-webgui. (note NGINX only uses these configurations if there is a symlink from the /etc/nginx/sites-enabled folder.

      If you examine this folder it has at the bottom a line which is
      include /etc/nginx/openmediavault-webgui.d/*.conf;

      So this indicates we can include additional configurations in the folder /etc/nginx/openmediavault-webgui.d. And sure enough there is one for Mysql - openmediavault-mysql-management-site.conf.

      The PHP sock is in this line
      fastcgi_pass unix:/var/run/php-fpm-openmediavault-mysql.sock. And you can see the shortcut to the file if you take a look in /var/run. The actual PHP config are held in /etc/php/7.0/fpm/pool.d.

      This is important as I did not want to change the openmediavault-webgui.d so any future changes to OMV would not overwrite my changes.

      These pool.d files are written using the NGINX plugin in OMV. So if you add a Pool via the NGINX plugin it creates the pool.d folder file after first writing the config to the /etc/openmediavault/config.xml. See more about this here openmediavault.readthedocs.io/…opment/internaltools.html

      So I figured that I could use the NGINX plugin to create the pool.d files and the associated symlink in /var/run and create my own nginx .conf files in /etc/nginx/openmediavault-webgui.d folder by copying the openmediavault-mysql-management-site.conf and altering the link to the .sock file. i.e. changing the line fastcgi_pass unix:/var/run/php-fpm-openmediavault-mysql.sock. to fastcgi_pass unix:/var/run/my_new_nginx_name.sock in the copied file.

      I successfully added
      1. Wordpress
      2. Nextcloud
      3. Piwigo
      4. Firefly
      5. Webtrees
      6. Extplorer

      The config was slightly different for each one and Webtrees was particularly tricky for me and the URL was changed to have the server "openmediavault-webgui" in the file /etc/nginx/sites-available/openmediavault-webgui replacing the url after openmediavault-webgui/webtrees which messed by everything. More on Webtrees lower in the post.

      So for Wordpress the NGINX .conf file is (similar for Piwigo and Extplorer and Webtrees)

      Source Code

      1. location /wordpress {
      2. alias /media/www/wordpress;
      3. add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
      4. index index.php;
      5. try_files $uri $uri/ index.php;
      6. location ~ \.php$ {
      7. include fastcgi.conf;
      8. fastcgi_index index.php;
      9. fastcgi_param SCRIPT_FILENAME $request_filename;
      10. fastcgi_pass unix:/var/run/my_sock_name.sock;
      11. }
      12. location = /wordpress/favicon.ico {
      13. access_log off;
      14. log_not_found off;
      15. }
      16. location = /wordpress/robots.txt {
      17. allow all;
      18. access_log off;
      19. log_not_found off;
      20. }
      21. location ~ /wordpress/\. {
      22. deny all;
      23. }
      24. location ~* /wordpress/(?:config)/.*\.php$ {
      25. deny all;
      26. }
      27. location ~* /wordpress/\.(js|css|png|jpg|jpeg|gif|ico)$ {
      28. expires max;
      29. log_not_found off;
      30. }
      31. }
      Display All




      Next Cloud - harder as needed to use root and not Alias

      Source Code

      1. location /nextcloud {
      2. root /media/www;
      3. add_header X-Content-Type-Options nosniff;
      4. add_header X-XSS-Protection "1; mode=block";
      5. add_header X-Robots-Tag none;
      6. add_header X-Download-Options noopen;
      7. add_header X-Permitted-Cross-Domain-Policies none;
      8. add_header Strict-Transport-Security "max-age=15768000;includeSubDomains";
      9. location = /nextcloud/robots.txt {
      10. allow all;
      11. access_log off;
      12. log_not_found off;
      13. }
      14. location = /nextcloud/.well-known/carddav {
      15. return 301 $scheme://$host/nextcloud/remote.php/dav;
      16. }
      17. location = /nextcloud/.well-known/caldav {
      18. return 301 $scheme://$host/nextcloud/remote.php/dav;
      19. }
      20. location /nextcloud/.well-known/acme-challenge {
      21. }
      22. rewrite_log on;
      23. # set max upload size
      24. client_max_body_size 512M;
      25. fastcgi_buffers 64 4K;
      26. # Enable gzip but do not remove ETag headers
      27. gzip on;
      28. gzip_vary on;
      29. gzip_comp_level 4;
      30. gzip_min_length 256;
      31. gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
      32. gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
      33. # Uncomment if your server is build with the ngx_pagespeed module
      34. # This module is currently not supported.
      35. #pagespeed off;
      36. location /nextcloud/{
      37. # rewrite ^ /nextcloud/index.php$request_uri;
      38. # rewrite ^/nextcloud/(.*) /nextcloud/$1;
      39. rewrite ^ /nextcloud/index.php$uri;
      40. }
      41. location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
      42. deny all;
      43. }
      44. location ~ ^/nextcloud(?:\.|autotest|occ|issue|indie|db_|console) {
      45. deny all;
      46. }
      47. location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
      48. fastcgi_split_path_info ^(.+?\.php)(/.*)$;
      49. include fastcgi.conf;
      50. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      51. #fastcgi_param SCRIPT_FILENAME /media/13eaa8c9-07ee-4dfc-9d1b-adfae0f0248d/www/nextcloud/$fastcgi_script_name;
      52. #fastcgi_param SCRIPT_FILENAME $request_filename;
      53. fastcgi_param PATH_INFO $fastcgi_path_info;
      54. fastcgi_param HTTPS on;
      55. #Avoid sending the security headers twice
      56. fastcgi_param modHeadersAvailable true;
      57. fastcgi_param front_controller_active true;
      58. fastcgi_pass unix:/var/run/my_sock_name.sock;
      59. fastcgi_intercept_errors on;
      60. fastcgi_request_buffering off;
      61. }
      62. location ~ ^/(?:updater|ocs-provider)(?:$|/) {
      63. try_files /nextcloud/$uri/ =404;
      64. index index.php;
      65. }
      66. location ~ /nextcloud/(?:$|/)\.(?:js|css|woof|svg|html|ttf|png|jpg|jpeg|gif|ico)$ {
      67. expires max;
      68. log_not_found off;
      69. }
      70. # Adding the cache control header for js and css files
      71. # Make sure it is BELOW the PHP block
      72. location ~ \.(?:css|js|woff|svg|gif)$ {
      73. try_files $uri $uri/ /nextcloud/index.php$request_uri;
      74. add_header Cache-Control "public, max-age=15778463";
      75. # Add headers to serve security related headers (It is intended
      76. # to have those duplicated to the ones above)
      77. # Before enabling Strict-Transport-Security headers please read
      78. # into this topic first.
      79. # add_header Strict-Transport-Security "max-age=15768000;
      80. # includeSubDomains; preload;";
      81. add_header X-Content-Type-Options nosniff;
      82. add_header X-XSS-Protection "1; mode=block";
      83. add_header X-Robots-Tag none;
      84. add_header X-Download-Options noopen;
      85. add_header X-Permitted-Cross-Domain-Policies none;
      86. # Optional: Don't log access to assets
      87. access_log off;
      88. }
      89. location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
      90. try_files $uri $uri/ /nextcloud/index.php$request_uri;
      91. # Optional: Don't log access to other assets
      92. access_log off;
      93. }
      94. }
      Display All

      Firefly


      Source Code

      1. location /firefly {
      2. root /media/www/firefly-iii;
      3. index index.php;
      4. try_files $uri $uri/ /firefly/index.php?$query_string;
      5. autoindex on;
      6. sendfile off;
      7. location ~ \.php$ {
      8. include fastcgi.conf;
      9. fastcgi_index index.php;
      10. fastcgi_param SCRIPT_FILENAME $request_filename;
      11. fastcgi_pass unix:/var/run/my_sock_name.sock;
      12. }
      13. location = /firefly/favicon.ico {
      14. access_log off;
      15. log_not_found off;
      16. }
      17. location = /firefly/robots.txt {
      18. allow all;
      19. access_log off;
      20. log_not_found off;
      21. }
      22. location ~ /firefly/\. {
      23. deny all;
      24. }
      25. location ~* /firefly/(?:config)/.*\.php$ {
      26. deny all;
      27. }
      28. location ~* /firefly/\.(js|css|png|jpg|jpeg|gif|ico)$ {
      29. expires max;
      30. log_not_found off;
      31. }
      32. }
      Display All


      So the fix needed for Webtrees was to have another Server block which was not the same as that here /etc/nginx/sites-available/openmediavault-webgui.

      So I copied this file and renamed as a new file matching my site URL.

      Added a symlink from /etc/nginx/sites-enabled

      Inside the new file I needed to change a few lines .....



      Source Code

      1. # server_name openmediavault-webgui;
      2. # change to
      3. server_name my_new_url;
      4. # listen [::]:80 ipv6only=off;
      5. # change to
      6. listen [::]:80 default_server;
      7. # listen [::]:443 ipv6only=off ssl deferred;
      8. # change to
      9. listen [::]:443 default_server;
      10. # include /etc/nginx/openmediavault-webgui.d/*.conf;
      11. # change to
      12. include /etc/nginx/my_new_url_file.d/*.conf;
      Display All
      The Firefly .conf file was then moved to /etc/nginx/my_new_url_file.d/firefly.conf so that it runs under the new server

      The post was edited 3 times, last by mjnaylor8: Added add_header Strict-Transport-Security "max-age=15768000;includeSubDomains"; to nextcloud configuration. Needed as new add-header see . https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ Added add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; to the Wordpress config so images are correctly displayed in the frames. ().