docs: add SVR.JS mod notes and split "CGI/SCGI/JSGI/PHP" page into two separate pages
This commit is contained in:
parent
80ecfd14d6
commit
faf033d3c4
4 changed files with 177 additions and 53 deletions
|
@ -20,5 +20,9 @@
|
||||||
"ssjseperator": {
|
"ssjseperator": {
|
||||||
"type": "separator"
|
"type": "separator"
|
||||||
},
|
},
|
||||||
"api": "SVR.JS API"
|
"api": "SVR.JS API",
|
||||||
|
"apiseperator": {
|
||||||
|
"type": "separator"
|
||||||
|
},
|
||||||
|
"mod-notes": "SVR.JS mod notes"
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,55 +68,3 @@ YellowSquare 1.0.3 and newer work with web root outside SVR.JS installation dire
|
||||||
|
|
||||||
For security reasons, you may disable directory listing for _jsgi-bin_ (and also other directories) through _disableDirectoryListing_ or _disableDirectoryListingVHost_ options in SVR.JS configuration.
|
For security reasons, you may disable directory listing for _jsgi-bin_ (and also other directories) through _disableDirectoryListing_ or _disableDirectoryListingVHost_ options in SVR.JS configuration.
|
||||||
|
|
||||||
# FastCGI/PHP-FPM
|
|
||||||
|
|
||||||
In order to use FastCGI with SVR.JS, you need to install GreenRhombus mod. [Download the mod.](https://svrjs.org/mods)
|
|
||||||
|
|
||||||
## GreenRhombus notes
|
|
||||||
|
|
||||||
GreenRhombus' path and FastCGI server address can be configured in _greenrhombus-config.json_ file in the SVR.JS install directory.
|
|
||||||
|
|
||||||
Example configuration (with FastCGI server listening with port):
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"path": "/fastcgi",
|
|
||||||
"host": "localhost",
|
|
||||||
"port": 7000
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Example configuration (with FastCGI server listening on socket):
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"path": "/fastcgi",
|
|
||||||
"socketPath": "/run/fastcgi.sock"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
You can configure file extensions outside of path specified in _greenrhombus-config.json_ file handled by GreenRhombus in _greenrhombus-scriptexts.json_ file in SVR.JS installation directory like this:
|
|
||||||
|
|
||||||
```json
|
|
||||||
[".php"]
|
|
||||||
```
|
|
||||||
|
|
||||||
## PHP-FPM
|
|
||||||
|
|
||||||
GreenRhombus supports running PHP files through PHP-FPM. If you want to use GreenRhombus only for PHP-FPM, configure _greenrhombus-config.json_ like this (in this case we're using socket in `/run/php/php8.2-fpm.sock`; you can check it in PHP-FPM configuration file, e.g. `/etc/php/8.2/fpm/pool.d/www.conf`; configure it without _path_ property):
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"socketPath": "/run/php/php8.2-fpm.sock"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
And configure _greenrhombus-scriptexts.json_ like this:
|
|
||||||
|
|
||||||
```json
|
|
||||||
[".php"]
|
|
||||||
```
|
|
||||||
|
|
||||||
PHP-FPM may run on different user than SVR.JS web server, so you may need to set permissions for the user, which PHP-FPM runs on.
|
|
||||||
|
|
||||||
If you are using PHP-FPM only for SVR.JS, you can set the _listen.owner_ and _listen.group_ properties to _svrjs_ in the PHP-FPM configuration file (e.g. `/etc/php/8.2/fpm/pool.d/www.conf`).
|
|
||||||
|
|
56
pages/docs/config/fastcgi-php-fpm.md
Normal file
56
pages/docs/config/fastcgi-php-fpm.md
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
---
|
||||||
|
title: FastCGI/PHP-FPM
|
||||||
|
---
|
||||||
|
|
||||||
|
# FastCGI/PHP-FPM
|
||||||
|
|
||||||
|
In order to use FastCGI with SVR.JS, you need to install GreenRhombus mod. [Download the mod.](https://svrjs.org/mods)
|
||||||
|
|
||||||
|
## GreenRhombus notes
|
||||||
|
|
||||||
|
GreenRhombus' path and FastCGI server address can be configured in _greenrhombus-config.json_ file in the SVR.JS install directory.
|
||||||
|
|
||||||
|
Example configuration (with FastCGI server listening with port):
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"path": "/fastcgi",
|
||||||
|
"host": "localhost",
|
||||||
|
"port": 7000
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Example configuration (with FastCGI server listening on socket):
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"path": "/fastcgi",
|
||||||
|
"socketPath": "/run/fastcgi.sock"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
You can configure file extensions outside of path specified in _greenrhombus-config.json_ file handled by GreenRhombus in _greenrhombus-scriptexts.json_ file in SVR.JS installation directory like this:
|
||||||
|
|
||||||
|
```json
|
||||||
|
[".php"]
|
||||||
|
```
|
||||||
|
|
||||||
|
## PHP-FPM
|
||||||
|
|
||||||
|
GreenRhombus supports running PHP files through PHP-FPM. If you want to use GreenRhombus only for PHP-FPM, configure _greenrhombus-config.json_ like this (in this case we're using socket in `/run/php/php8.2-fpm.sock`; you can check it in PHP-FPM configuration file, e.g. `/etc/php/8.2/fpm/pool.d/www.conf`; configure it without _path_ property):
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"socketPath": "/run/php/php8.2-fpm.sock"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
And configure _greenrhombus-scriptexts.json_ like this:
|
||||||
|
|
||||||
|
```json
|
||||||
|
[".php"]
|
||||||
|
```
|
||||||
|
|
||||||
|
PHP-FPM may run on different user than SVR.JS web server, so you may need to set permissions for the user, which PHP-FPM runs on.
|
||||||
|
|
||||||
|
If you are using PHP-FPM only for SVR.JS, you can set the _listen.owner_ and _listen.group_ properties to _svrjs_ in the PHP-FPM configuration file (e.g. `/etc/php/8.2/fpm/pool.d/www.conf`).
|
116
pages/docs/mod-notes.md
Normal file
116
pages/docs/mod-notes.md
Normal file
|
@ -0,0 +1,116 @@
|
||||||
|
---
|
||||||
|
title: SVR.JS mod notes
|
||||||
|
---
|
||||||
|
|
||||||
|
# SVR.JS mod notes
|
||||||
|
|
||||||
|
## Berno
|
||||||
|
|
||||||
|
Current version of Berno allows SSI only in _.shtml_ files. Berno includes parts from very old version of RedBrick (1.x) to handle "exec" SSI directives.
|
||||||
|
|
||||||
|
## easy-waf integration
|
||||||
|
|
||||||
|
**NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.**
|
||||||
|
|
||||||
|
Configuration file is _easywaf-config.json_ inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at [its GitHub page](https://github.com/timokoessler/easy-waf). This mod requires _easy-waf_ Node.JS module.
|
||||||
|
|
||||||
|
From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values:
|
||||||
|
|
||||||
|
* _serverConfig_ - server configuration object passed to _nodemailer_
|
||||||
|
* _from_ - source e-mail address
|
||||||
|
* _to_ - destination e-mail address
|
||||||
|
|
||||||
|
These versions support sending email in case of blocked request (requires _nodemailer_ module).
|
||||||
|
|
||||||
|
From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in _easywaf-hooks.js_ inside SVR.JS installation directory.
|
||||||
|
|
||||||
|
Example _easywaf-hooks.js_ code:
|
||||||
|
|
||||||
|
```js
|
||||||
|
//EasyWAF hooks. For more information read the easy-waf documentation in GitHub.
|
||||||
|
|
||||||
|
function preBlockHook(req, moduleInfo, ip) {
|
||||||
|
//You can add exceptions for WAF. In this example we do add exception for "cgi-bin".
|
||||||
|
if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false;
|
||||||
|
//We're also adding XSS exception for YaBB forum software to prevent false positives
|
||||||
|
if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function postBlockHook(req, moduleInfo, ip) {
|
||||||
|
//You can, for example send an e-mail notification or log it into file.
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = {postBlockHook: postBlockHook, preBlockHook: preBlockHook};
|
||||||
|
```
|
||||||
|
|
||||||
|
From easy-waf-integration 1.2.4, there are additional configuration properties:
|
||||||
|
|
||||||
|
* _maxRequestCheckedSize_ - maximum size of the request body (in bytes) to be checked. Default is `65536` (64 KiB).
|
||||||
|
* _maxRequestCheckedSizeStrict_ - option to enable strict request body limits. If the limits are exceeded, then the server will return a 413 Content Too Large error. Default is `false`.
|
||||||
|
|
||||||
|
If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy_ property in _easy-waf_ configuration.
|
||||||
|
|
||||||
|
Example _easywaf-config.json_ file:
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"modules" : {
|
||||||
|
"xss": {
|
||||||
|
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/"
|
||||||
|
},
|
||||||
|
"noSqlInjection": {
|
||||||
|
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
|
||||||
|
},
|
||||||
|
"crlfInjection": {
|
||||||
|
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mailConfig": {
|
||||||
|
"serverConfig": {
|
||||||
|
"host": "localhost",
|
||||||
|
"port": 25,
|
||||||
|
"secure": false,
|
||||||
|
"ignoreTLS": true
|
||||||
|
},
|
||||||
|
"from": "svrjs@localhost",
|
||||||
|
"to": "sysadmin@localhost"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
_View the [change log.](/changelog/easy-waf-integration)_
|
||||||
|
|
||||||
|
## forward-proxy-mod
|
||||||
|
|
||||||
|
_Notes are in the [SVR.JS documentation.](/docs/config/forward-proxy-notes)_
|
||||||
|
_View the [change log.](/changelog/forward-proxy-mod)_
|
||||||
|
|
||||||
|
## GreenRhombus
|
||||||
|
|
||||||
|
_Notes are in the [SVR.JS documentation.](/docs/config/fastcgi-php-fpm)_
|
||||||
|
_View the [change log.](/changelog/greenrhombus)_
|
||||||
|
|
||||||
|
## Next.js integration
|
||||||
|
|
||||||
|
The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server.
|
||||||
|
|
||||||
|
_View the [change log.](/changelog/nextjs-integration)_
|
||||||
|
|
||||||
|
## OrangeCircle
|
||||||
|
|
||||||
|
_Notes moved to [SVR.JS documentation.](/docs/config/cgi-scgi-jsgi-php)_
|
||||||
|
_View the [change log.](/changelog/orangecircle)_
|
||||||
|
|
||||||
|
## RedBrick
|
||||||
|
|
||||||
|
_Notes moved to [SVR.JS documentation.](/docs/config/cgi-scgi-jsgi-php)_
|
||||||
|
_View the [change log.](/changelog/redbrick)_
|
||||||
|
|
||||||
|
## reverse-proxy-mod
|
||||||
|
|
||||||
|
_Notes moved to [SVR.JS documentation.](/docs/config/reverse-proxy-config)_
|
||||||
|
_View the [change log.](/changelog/reverse-proxy-mod)_
|
||||||
|
|
||||||
|
## YellowSquare
|
||||||
|
|
||||||
|
_Notes moved to [SVR.JS documentation.](/docs/config/cgi-scgi-jsgi-php)_
|
||||||
|
_View the [change log.](/changelog/yellowsquare)_
|
Loading…
Reference in a new issue