Difference between revisions of "Configure the TCAdmin website to run with Nginx"
| (82 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Install Nginx == | == Install Nginx == | ||
| − | '''The following instructions are provided for your convenience. We do not provide support for installing Nginx on your server.''' For detailed instructions read the Nginx manual or your distro's manual. | + | <!-- '''The following instructions are provided for your convenience. We do not provide support for installing Nginx on your server.''' For detailed instructions read the Nginx manual or your distro's manual. --> |
| + | Follow these instructions to install the latest version of Nginx: | ||
| + | http://nginx.org/en/linux_packages.html | ||
| + | '''Note: The Nginx version included in your distro might be outdated. It is recommended to install the latest version from the Nginx website.''' | ||
| + | |||
| + | |||
| + | <!-- | ||
=== CentOS === | === CentOS === | ||
<source lang="bash"> | <source lang="bash"> | ||
| − | yum install epel-release | + | yum -y install epel-release |
| − | yum install nginx | + | yum -y install nginx |
| + | chkconfig nginx on | ||
</source> | </source> | ||
| Line 11: | Line 18: | ||
<source lang="bash"> | <source lang="bash"> | ||
apt-get install nginx | apt-get install nginx | ||
| + | update-rc.d -f nginx defaults | ||
</source> | </source> | ||
| + | --> | ||
| + | |||
| + | == Configure TCAdmin to Execute the Fastcgi Server == | ||
| + | If you are running Debian or Ubunto with Mono 4 install the mono-fastcgi-server4 package: | ||
| + | <source lang="bash">apt-get install mono-fastcgi-server4</source> | ||
| − | == | + | If you are running CentOS with Mono 4 make sure you have the xsp package: |
| + | <source lang="bash">yum install xsp</source> | ||
| + | |||
| + | ===Use HyperFastCgi (optional)=== | ||
| + | You can install HyperFastCgi which should give better performance and memory usage. TCAdmin will automatically detect HyperFastCgi and use it instead of the mono fastcgi. https://github.com/xplicit/HyperFastCgi | ||
| + | |||
| + | |||
| + | ===Update tcadmin-config=== | ||
Edit the file '''/home/tcadmin/Monitor/tcadmin-config'''. Change this line: | Edit the file '''/home/tcadmin/Monitor/tcadmin-config'''. Change this line: | ||
<source lang="bash">ENABLE_FASTCGI_SERVER="False"</source> | <source lang="bash">ENABLE_FASTCGI_SERVER="False"</source> | ||
to: | to: | ||
<source lang="bash">ENABLE_FASTCGI_SERVER="True"</source> | <source lang="bash">ENABLE_FASTCGI_SERVER="True"</source> | ||
| − | |||
| − | |||
Then restart the monitor service: | Then restart the monitor service: | ||
| Line 26: | Line 44: | ||
</source> | </source> | ||
| + | == Configure Nginx == | ||
| + | |||
| + | Edit the file '''/etc/nginx/nginx.conf''' and change: | ||
| + | user nginx; | ||
| + | to: | ||
| + | user tcadmin; | ||
| − | + | Then execute this command: | |
| − | + | <source lang="bash">service nginx restart</source> | |
| − | <source lang="bash"> | ||
| − | |||
| − | |||
| − | </source> | ||
=== Configure the control panel website === | === Configure the control panel website === | ||
| − | Create the file '''/etc/nginx/conf.d/default.conf''' with the following content. If it already exists rename the existing file to default.conf.old. | + | Create the file '''/etc/nginx/conf.d/default.conf''' with the following content. If it already exists rename the existing file to default.conf.old. If you plan on using a certificate from Let's Encrypt you must update the value of server_name. |
| − | server { | + | If you are using the control panel with '''ASP.NET themes''' instead of MVC [[ASPX_Nginx_Configuration_File|use this configuration file]] |
| + | |||
| + | <!-- | ||
| + | #IMPORTANT: This file is for TCAdmin 2.0.127 and earlier or if you have MVC templates disabled. | ||
| + | upstream tcadmin-fcgi { | ||
| + | ip_hash; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-1; | ||
| + | keepalive 32; | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | #the following line is required if you want to configure with Let's Encrypt | ||
| + | #server_name tcadmin.yourdomain.com; | ||
| + | fastcgi_temp_path /home/tcadmin/Temp 1 2; | ||
| + | client_body_temp_path /home/tcadmin/Temp 1 2; | ||
listen 8880; | listen 8880; | ||
#access_log /home/tcadmin/Logs/nginx.log; | #access_log /home/tcadmin/Logs/nginx.log; | ||
| + | root /home/tcadmin/ControlPanel; | ||
| + | index index.html index.htm default.aspx Default.aspx; | ||
| + | #Support for Let's encrypt tools | ||
| + | location /.well-known { | ||
| + | try_files $uri $uri/ =404; | ||
| + | } | ||
| + | |||
| + | #Static files are served by nginx | ||
| + | location ~ \.(css|js|txt|xml|jpg|png|gif|ico)$ { | ||
| + | gzip on; | ||
| + | gzip_min_length 1000; | ||
| + | gzip_proxied expired no-cache no-store private auth; | ||
| + | gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; | ||
| + | } | ||
| + | |||
| + | #Everything else served by fastcgi server | ||
location / { | location / { | ||
| − | + | fastcgi_ignore_client_abort on; | |
| − | + | fastcgi_index Default.aspx; | |
| − | + | fastcgi_pass tcadmin-fcgi; | |
| − | + | include fastcgi_params; | |
| − | + | fastcgi_split_path_info ^(.+\.as[pmh]x)(.*)$; | |
| − | + | fastcgi_param PATH_INFO $fastcgi_path_info; | |
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_keep_conn on; | ||
| + | fastcgi_buffering off; | ||
| + | fastcgi_read_timeout 600s; | ||
| + | gzip on; | ||
| + | client_max_body_size 100m; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | --> | ||
| + | |||
| + | upstream tcadmin-fcgi { | ||
| + | ip_hash; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-1; | ||
| + | keepalive 32; | ||
| + | } | ||
| + | |||
| + | upstream tcadmin-fcgi-mvc { | ||
| + | ip_hash; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-mvc-1; | ||
| + | keepalive 32; | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | #the following line is required if you want to configure with Let's Encrypt | ||
| + | #server_name tcadmin.yourdomain.com; | ||
| + | fastcgi_temp_path /home/tcadmin/Temp 1 2; | ||
| + | client_body_temp_path /home/tcadmin/Temp 1 2; | ||
| + | listen 8880; | ||
| + | #access_log /home/tcadmin/Logs/nginx.log; | ||
| + | root /home/tcadmin/ControlPanel.MVC; | ||
| + | index index.html index.htm default.aspx Default.aspx; | ||
| + | |||
| + | #Support for Let's encrypt tools | ||
| + | location /.well-known { | ||
| + | try_files $uri $uri/ =404; | ||
} | } | ||
| + | |||
| + | #Everything else served by fastcgi server | ||
| + | location / { | ||
| + | root /home/tcadmin/ControlPanel.MVC; | ||
| + | fastcgi_ignore_client_abort on; | ||
| + | fastcgi_pass tcadmin-fcgi-mvc; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_split_path_info ^(.+\.as[pmh]x)(.*)$; | ||
| + | fastcgi_param PATH_INFO $fastcgi_path_info; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_keep_conn on; | ||
| + | fastcgi_buffering off; | ||
| + | fastcgi_read_timeout 600s; | ||
| + | gzip on; | ||
| + | client_max_body_size 100m; | ||
| + | } | ||
| + | |||
| + | #Everything else served by fastcgi server | ||
| + | location /Aspx { | ||
| + | root /home/tcadmin/ControlPanel; | ||
| + | fastcgi_ignore_client_abort on; | ||
| + | fastcgi_index Default.aspx; | ||
| + | fastcgi_pass tcadmin-fcgi; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_split_path_info ^(.+\.as[pmh]x)(.*)$; | ||
| + | fastcgi_param PATH_INFO $fastcgi_path_info; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_keep_conn on; | ||
| + | fastcgi_buffering off; | ||
| + | fastcgi_read_timeout 600s; | ||
| + | gzip off; | ||
| + | client_max_body_size 100m; | ||
| + | } | ||
} | } | ||
| − | After creating the file | + | |
| + | After creating the file restart the nginx server: | ||
<source lang="bash"> | <source lang="bash"> | ||
| − | service nginx | + | service nginx restart</source> |
| − | </source> | ||
== Configure the website to allow secure connections == | == Configure the website to allow secure connections == | ||
| − | === Create a self signed certificate === | + | === Get a certificate from Let's Encrypt (optional) === |
| − | Execute the following commands. When it asks for a passphrase enter a word that you can remember. | + | * This requires that you don't have any other web server running on port 80(except nginx). |
| + | * In your .conf edit this line with your sub domain or domain. | ||
| + | #server_name tcadmin.yourdomain.com; | ||
| + | * Install certbot and python3-certbot-nginx packages. https://certbot.eff.org/docs/install.html#operating-system-packages | ||
| + | * Execute this command. Replace YOUR-DOMAIN-NAME-HERE with your sub domain or domain. | ||
| + | certbot --nginx --register-unsafely-without-email -d YOUR-DOMAIN-NAME-HERE | ||
| + | * If the command executes successfully you should be able to access your control panel using <nowiki>https://YOUR-DOMAIN-NAME-HERE</nowiki> | ||
| + | |||
| + | === Create a self signed certificate (optional) === | ||
| + | The default certificate and private key used by TCAdmin are not compatible with nginx. You must create new ones. Execute the following commands. When it asks for a passphrase enter a word that you can remember. '''If you already have a certificate place the files in the Monitor folder, make tcadmin the owner and update the paths in the ssl_certificate and ssl_certificate_key parameters.''' | ||
<source lang="bash"> | <source lang="bash"> | ||
cd /home/tcadmin/Monitor | cd /home/tcadmin/Monitor | ||
| Line 74: | Line 202: | ||
<source lang="bash">openssl x509 -req -days 7300 -in nginx.csr -signkey nginx.key -out nginx.crt</source> | <source lang="bash">openssl x509 -req -days 7300 -in nginx.csr -signkey nginx.key -out nginx.crt</source> | ||
| − | Add | + | Add the following lines to '''/etc/nginx/conf.d/default.conf''' under '''listen 8880;'''. |
| − | + | listen 8881 ssl; | |
| − | + | ssl_certificate /home/tcadmin/Monitor/nginx.crt; | |
| − | + | ssl_certificate_key /home/tcadmin/Monitor/nginx.key; | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | After updating the file | + | After updating the file restart the nginx server: |
<source lang="bash"> | <source lang="bash"> | ||
| − | service nginx | + | service nginx restart |
</source> | </source> | ||
| Line 106: | Line 220: | ||
== Enable logging == | == Enable logging == | ||
| − | Logging is commented out in the above | + | Logging is commented out in the above configuration. You can enable it by changing #access_log to access_log and reloading the nginx service. That will create a single log file that can get huge after a few days. You can configure log rotation with these instructions: http://www.nginxtips.com/how-to-rotate-nginx-logs/ |
| + | |||
| + | <!-- | ||
| + | == Advanced Configuration (optional) == | ||
| + | === Configuring multiple fastcgi server processes === | ||
| + | A control panel website with many users connected simultaneously may require additional fastcgi processes to handle the load. You can specify the number of processes in /home/tcadmin/Monitor/tcadmin-config. Change this line: | ||
| + | FASTCGI_SERVERS="1" | ||
| + | to: | ||
| + | FASTCGI_SERVERS="5" | ||
| + | |||
| + | If the line doesn't exist add it at the end. | ||
| + | |||
| + | To configure the monitor to check the health of these processes edit /home/tcadmin/Monitor/TCAdminMonitor.exe.config. Change this line: | ||
| + | <add key="TCAdmin.CheckWebHealth" value="False" /> | ||
| + | to: | ||
| + | <add key="TCAdmin.CheckWebHealth" value="True" /> | ||
| + | |||
| + | If the line doesn't exist add it under <appSettings>. Then restart the monitor service. | ||
| + | |||
| + | To configure nginx add the correct number of servers to the "upstream tcadmin-fcgi" section in your /etc/nginx/conf.d/default.conf. For example: | ||
| + | upstream tcadmin-fcgi { | ||
| + | ip_hash; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-1; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-2; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-3; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-4; | ||
| + | server unix:/home/tcadmin/Temp/fastcgi-socket-5; | ||
| + | } | ||
| − | ==Common | + | After updating the file restart the nginx service: |
| + | service nginx restart | ||
| + | |||
| + | --> | ||
| + | |||
| + | ==Common Errors== | ||
=== Object reference error when logging in=== | === Object reference error when logging in=== | ||
This should only happen the first time you log in after changing the web server. | This should only happen the first time you log in after changing the web server. | ||
| Line 115: | Line 261: | ||
If Nginx says the port is already in use make sure you configured TCAdmin to start the fastcgi server instead of the built in web server and restarted the monitor. Also check if there is a process using port 8880 and kill it: | If Nginx says the port is already in use make sure you configured TCAdmin to start the fastcgi server instead of the built in web server and restarted the monitor. Also check if there is a process using port 8880 and kill it: | ||
<source lang="bash">netstat -tlnp|grep 8880</source> | <source lang="bash">netstat -tlnp|grep 8880</source> | ||
| + | |||
| + | === Website doesn't load === | ||
| + | Try starting nginx: | ||
| + | <source lang="bash">service nginx start</source> | ||
| + | |||
| + | === Website errors every few minutes === | ||
| + | Edit /home/tcadmin/Monitor/TCAdminMonitor.exe.config. Change the value of TCAdmin.CheckWebHealth to False and restart the monitor. | ||
Latest revision as of 14:39, 3 July 2023
Contents
Install Nginx
Follow these instructions to install the latest version of Nginx: http://nginx.org/en/linux_packages.html Note: The Nginx version included in your distro might be outdated. It is recommended to install the latest version from the Nginx website.
Configure TCAdmin to Execute the Fastcgi Server
If you are running Debian or Ubunto with Mono 4 install the mono-fastcgi-server4 package:
apt-get install mono-fastcgi-server4
If you are running CentOS with Mono 4 make sure you have the xsp package:
yum install xsp
Use HyperFastCgi (optional)
You can install HyperFastCgi which should give better performance and memory usage. TCAdmin will automatically detect HyperFastCgi and use it instead of the mono fastcgi. https://github.com/xplicit/HyperFastCgi
Update tcadmin-config
Edit the file /home/tcadmin/Monitor/tcadmin-config. Change this line:
ENABLE_FASTCGI_SERVER="False"
to:
ENABLE_FASTCGI_SERVER="True"
Then restart the monitor service:
/home/tcadmin/Monitor/monitor-service restart
Configure Nginx
Edit the file /etc/nginx/nginx.conf and change:
user nginx;
to:
user tcadmin;
Then execute this command:
service nginx restart
Configure the control panel website
Create the file /etc/nginx/conf.d/default.conf with the following content. If it already exists rename the existing file to default.conf.old. If you plan on using a certificate from Let's Encrypt you must update the value of server_name.
If you are using the control panel with ASP.NET themes instead of MVC use this configuration file
upstream tcadmin-fcgi {
ip_hash;
server unix:/home/tcadmin/Temp/fastcgi-socket-1;
keepalive 32;
}
upstream tcadmin-fcgi-mvc {
ip_hash;
server unix:/home/tcadmin/Temp/fastcgi-socket-mvc-1;
keepalive 32;
}
server {
#the following line is required if you want to configure with Let's Encrypt
#server_name tcadmin.yourdomain.com;
fastcgi_temp_path /home/tcadmin/Temp 1 2;
client_body_temp_path /home/tcadmin/Temp 1 2;
listen 8880;
#access_log /home/tcadmin/Logs/nginx.log;
root /home/tcadmin/ControlPanel.MVC;
index index.html index.htm default.aspx Default.aspx;
#Support for Let's encrypt tools
location /.well-known {
try_files $uri $uri/ =404;
}
#Everything else served by fastcgi server
location / {
root /home/tcadmin/ControlPanel.MVC;
fastcgi_ignore_client_abort on;
fastcgi_pass tcadmin-fcgi-mvc;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.as[pmh]x)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_keep_conn on;
fastcgi_buffering off;
fastcgi_read_timeout 600s;
gzip on;
client_max_body_size 100m;
}
#Everything else served by fastcgi server
location /Aspx {
root /home/tcadmin/ControlPanel;
fastcgi_ignore_client_abort on;
fastcgi_index Default.aspx;
fastcgi_pass tcadmin-fcgi;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.as[pmh]x)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_keep_conn on;
fastcgi_buffering off;
fastcgi_read_timeout 600s;
gzip off;
client_max_body_size 100m;
}
}
After creating the file restart the nginx server:
service nginx restart
Configure the website to allow secure connections
Get a certificate from Let's Encrypt (optional)
- This requires that you don't have any other web server running on port 80(except nginx).
- In your .conf edit this line with your sub domain or domain.
#server_name tcadmin.yourdomain.com;
- Install certbot and python3-certbot-nginx packages. https://certbot.eff.org/docs/install.html#operating-system-packages
- Execute this command. Replace YOUR-DOMAIN-NAME-HERE with your sub domain or domain.
certbot --nginx --register-unsafely-without-email -d YOUR-DOMAIN-NAME-HERE
- If the command executes successfully you should be able to access your control panel using https://YOUR-DOMAIN-NAME-HERE
Create a self signed certificate (optional)
The default certificate and private key used by TCAdmin are not compatible with nginx. You must create new ones. Execute the following commands. When it asks for a passphrase enter a word that you can remember. If you already have a certificate place the files in the Monitor folder, make tcadmin the owner and update the paths in the ssl_certificate and ssl_certificate_key parameters.
cd /home/tcadmin/Monitor openssl genrsa -des3 -out nginx.key 2048
Execute this command. Enter the passphrase that you used in the first step. You can leave all other values blank.
openssl req -new -key nginx.key -out nginx.csr
Execute this command. Enter the passphrase that you used in the first step.
mv nginx.key nginx.key.org openssl rsa -in nginx.key.org -out nginx.key
Execute this command to create the certificate file.
openssl x509 -req -days 7300 -in nginx.csr -signkey nginx.key -out nginx.crt
Add the following lines to /etc/nginx/conf.d/default.conf under listen 8880;.
listen 8881 ssl; ssl_certificate /home/tcadmin/Monitor/nginx.crt; ssl_certificate_key /home/tcadmin/Monitor/nginx.key;
After updating the file restart the nginx server:
service nginx restart
Change the default ports
If you change the default ports in /etc/nginx/conf.d/default.conf make sure you update the values of WEB_PORT and SECURE_WEB_PORT in /home/tcadmin/Monitor/tcadmin-config and restart the monitor service:
/home/tcadmin/Monitor/monitor-service restart
Enable logging
Logging is commented out in the above configuration. You can enable it by changing #access_log to access_log and reloading the nginx service. That will create a single log file that can get huge after a few days. You can configure log rotation with these instructions: http://www.nginxtips.com/how-to-rotate-nginx-logs/
Common Errors
Object reference error when logging in
This should only happen the first time you log in after changing the web server.
Port already in use
If Nginx says the port is already in use make sure you configured TCAdmin to start the fastcgi server instead of the built in web server and restarted the monitor. Also check if there is a process using port 8880 and kill it:
netstat -tlnp|grep 8880
Website doesn't load
Try starting nginx:
service nginx start
Website errors every few minutes
Edit /home/tcadmin/Monitor/TCAdminMonitor.exe.config. Change the value of TCAdmin.CheckWebHealth to False and restart the monitor.