Configure the TCAdmin website to run with Nginx

From TCAdmin 2.0 Documentation
Jump to: navigation, search

Install Nginx

Follow these instructions to install the latest version of Nginx: http://nginx.org/en/linux_packages.html Note: The Nginx version included in your distro might be outdated. It is recommended to install the latest version from the Nginx website.


Configure TCAdmin to Execute the Fastcgi Server

If you are running Debian or Ubunto with Mono 4 install the mono-fastcgi-server4 package:

apt-get install mono-fastcgi-server4

(optional) You can install HyperFastCgi which should give better performance and memory usage. TCAdmin will automatically detect HyperFastCgi and use it instead of the mono fastcgi. https://github.com/xplicit/HyperFastCgi


If you are running CentOS with Mono 4 make sure you have the xsp package:

yum install xsp

Edit the file /home/tcadmin/Monitor/tcadmin-config. Change this line:

ENABLE_FASTCGI_SERVER="False"

to:

ENABLE_FASTCGI_SERVER="True"

If the line doesn't exist add it at the end.

Then restart the monitor service:

/home/tcadmin/Monitor/monitor-service restart

Configure Nginx

Edit the file /etc/nginx/nginx.conf and change:

user nginx;

to:

user tcadmin;

Then execute these commands:

chown --recursive tcadmin:tcadmin /var/lib/nginx
service nginx restart

Configure the control panel website

Create the file /etc/nginx/conf.d/default.conf with the following content. If it already exists rename the existing file to default.conf.old. If you plan on using a certificate from Let's Encrypt you must update the value of server_name. If you are using the control panel with the new MVC templates use the default.conf from this page: MVC_Templates#Linux_Nginx_configuration_.28optional.29

upstream tcadmin-fcgi {
        ip_hash;
        server unix:/home/tcadmin/Temp/fastcgi-socket-1;
        keepalive 32;
}

server {
        #the following line is required if you want to configure with Let's Encrypt
        #server_name tcadmin.yourdomain.com;
        fastcgi_temp_path /home/tcadmin/Temp 1 2;
        client_body_temp_path /home/tcadmin/Temp 1 2;
        listen   8880;
        #access_log   /home/tcadmin/Logs/nginx.log;
        root /home/tcadmin/ControlPanel;
        index index.html index.htm default.aspx Default.aspx;

        #Support for Let's encrypt tools
        location /.well-known {
               try_files $uri $uri/ =404;
        }
        
        #Static files are served by nginx
        location ~ \.(css|js|txt|xml|jpg|png|gif|ico)$ {
               gzip            on;
               gzip_min_length 1000;
               gzip_proxied    expired no-cache no-store private auth;
               gzip_types      text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
        }

        #Everything else served by fastcgi server
        location / {
               fastcgi_ignore_client_abort on;
               fastcgi_index Default.aspx;
               fastcgi_pass tcadmin-fcgi;
               include fastcgi_params;
               fastcgi_split_path_info ^(.+\.as[pmh]x)(.*)$;
               fastcgi_param PATH_INFO $fastcgi_path_info;
               fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
               fastcgi_keep_conn on;
               fastcgi_buffering off;
               gzip            off;
               client_max_body_size 100m;
       }
}

After creating the file restart the nginx server:

service nginx restart

Configure the website to allow secure connections

Create a self signed certificate

The default certificate and private key used by TCAdmin are not compatible with nginx. You must create new ones. Execute the following commands. When it asks for a passphrase enter a word that you can remember. If you already have a certificate place the files in the Monitor folder, make tcadmin the owner and update the paths in the ssl_certificate and ssl_certificate_key parameters.

cd /home/tcadmin/Monitor
openssl genrsa -des3 -out nginx.key 2048

Execute this command. Enter the passphrase that you used in the first step. You can leave all other values blank.

openssl req -new -key nginx.key -out nginx.csr

Execute this command. Enter the passphrase that you used in the first step.

mv nginx.key nginx.key.org
openssl rsa -in nginx.key.org -out nginx.key

Execute this command to create the certificate file.

openssl x509 -req -days 7300 -in nginx.csr -signkey nginx.key -out nginx.crt

Add the following lines to /etc/nginx/conf.d/default.conf under listen 8880;.

listen   8881 ssl;
ssl_certificate /home/tcadmin/Monitor/nginx.crt;
ssl_certificate_key /home/tcadmin/Monitor/nginx.key;

After updating the file restart the nginx server:

service nginx restart

Change the default ports

If you change the default ports in /etc/nginx/conf.d/default.conf make sure you update the values of WEB_PORT and SECURE_WEB_PORT in /home/tcadmin/Monitor/tcadmin-config and restart the monitor service:

/home/tcadmin/Monitor/monitor-service restart

Enable logging

Logging is commented out in the above configuration. You can enable it by changing #access_log to access_log and reloading the nginx service. That will create a single log file that can get huge after a few days. You can configure log rotation with these instructions: http://www.nginxtips.com/how-to-rotate-nginx-logs/


Common Errors

Object reference error when logging in

This should only happen the first time you log in after changing the web server.

Port already in use

If Nginx says the port is already in use make sure you configured TCAdmin to start the fastcgi server instead of the built in web server and restarted the monitor. Also check if there is a process using port 8880 and kill it:

netstat -tlnp|grep 8880

Website doesn't load

Try starting nginx:

service nginx start