raamdev · February 24, 2023 08:02 · JordanFarrow · Apr 26, 2019
diff --git a/nginx-mamp-macports.txt b/nginx-mamp-macports.txt
 # These steps will get nginx installed on your Mac for local development and
 # testing purposes, to be used alongside MAMP (which already includes Apache).
 # The following steps assume that you're running MAMP and that you already
 # have php-cgi in /Applications/MAMP/bin/php/php5.4.10/bin/php-cgi.
 # The start-nginx and stop-nginx scripts created at the end do not 
 # start or stop MySQL because it is assumed that you normally run MAMP
 # with Apache + MySQL turned on and that you occasionally want to switch 
 # your web server to Nginx for testing purposes and that you leave MySQL running.

 # This process was tested successfully on OS X 10.9.

 # Now let's begin. If you don't already have it, download and install macports: 
 # http://www.macports.org/install.php


 $ sudo port selfupdate
 $ sudo port install nginx

 $ sudo mkdir /var/log/nginx
 $ sudo chown root:wheel /var/log/nginx

 $ cd /opt/local/etc/nginx
 $ sudo mkdir sites-enabled
 $ sudo mkdir global
 $ sudo cp mime.types.default mime.types
 $ mate fastcgi.conf # or vim fastcgi.conf


 fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
 fastcgi_param  CONTENT_LENGTH     $content_length;

 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_param  REQUEST_URI        $request_uri;
 fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 fastcgi_param  HTTPS              $https if_not_empty;

 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

 fastcgi_param  REMOTE_ADDR        $remote_addr;
 fastcgi_param  REMOTE_PORT        $remote_port;
 fastcgi_param  SERVER_ADDR        $server_addr;
 fastcgi_param  SERVER_PORT        $server_port;
 fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;


 $ mate nginx.conf # or vim nginx.conf


 # Nginx Config
 # Note: all Nginx config files follow the WordPress recommendations here: 
 # http://codex.wordpress.org/Nginx
 
 user changeme staff; # set 'changeme' to your username; root and nobody cause permissions issues
 worker_processes  1;

 # Make sure the /var/log/nginx/ directory exists; if not create it and chown root:wheel
 error_log	/var/log/nginx/error.log;

 events {
    worker_connections  1024;
 }
 
 http {
 	
    include				mime.types;
    default_type		application/octet-stream;
    access_log			/var/log/nginx/access.log;
    sendfile        	on;
    #tcp_nopush			on;
 	#gzip				on;
    keepalive_timeout	3;
 	# php max upload limit cannot be larger than this
 	client_max_body_size 13m;
 	index				index.php index.html index.htm;
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 	
 	# Include per-site configuration files
 	include sites-enabled/*;
 }

 $ mate global/restrictions.conf # or vim global/restrictions.conf


 # Global restrictions configuration file.
 # Designed to be included in any server {} block.</p>
 location = /favicon.ico {
 	log_not_found off;
 	access_log off;
 }

 location = /robots.txt {
 	allow all;
 	log_not_found off;
 	access_log off;
 }

 # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~ /\. {
 	deny all;
 }

 # Deny access to any files with a .php extension in the uploads directory
 # Works in sub-directory installs and also in multisite network
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 location ~* /(?:uploads|files)/.*\.php$ {
 	deny all;
 }


 $ mate global/wordpress.conf # or vim global/wordpress.conf


 # WordPress single blog rules.
 # Designed to be included in any server {} block.

 # This order might seem weird - this is attempted to match last if rules below fail.
 # http://wiki.nginx.org/HttpCoreModule
 location / {
 	try_files $uri $uri/ /index.php?$args;
 }

 # Add trailing slash to */wp-admin requests.
 rewrite /wp-admin$ $scheme://$host$uri/ permanent;

 # Directives to send expires headers and turn off 404 error logging.
 location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
 }

 # Uncomment one of the lines below for the appropriate caching plugin (if used).
 #include global/wordpress-wp-super-cache.conf;
 #include global/wordpress-w3-total-cache.conf;

 # Pass all .php files onto a php-fpm/php-fcgi server.
 location ~ \.php$ {
 	# Zero-day exploit defense.
 	# http://forum.nginx.org/read.php?2,88845,page=3
 	# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
 	# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
 	try_files $uri =404;

 	fastcgi_split_path_info ^(.+\.php)(/.+)$;
 	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
 	
 	fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $fastcgi_script_name;
 	fastcgi_param  PATH_INFO $fastcgi_script_name;
    include        /opt/local/etc/nginx/fastcgi.conf;
 }


 $ mate sites-enabled/example.dev.conf # or vim sites-enabled/example.dev.conf


 # Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

 server {
        server_name  _;
        rewrite ^ $scheme://example.dev$request_uri redirect;
 }

 server {
 	server_name example.dev;
 	root /Users/changeme/Sites/example.dev;

 	include global/restrictions.conf;
 	include global/wordpress.conf;
 }


 $ sudo mkdir /opt/local/etc/LaunchDaemons/org.mamp.php-cgi
 $ cd /opt/local/etc/LaunchDaemons/org.mamp.php-cgi
 $ mate org.mamp.php-cgi.plist # or vim org.mamp.php-cgi.plist


 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
  <key>Label</key>
  <string>org.mamp.php-cgi</string>
  <key>ProgramArguments</key>
  <array>
    <string>/Applications/MAMP/bin/php/php5.4.10/bin/php-cgi</string>
    <string>-b127.0.0.1:9000</string>
    <string>-q</string>
  </array>
  <key>EnvironmentVariables</key>
  <dict>
    <key>PHP_FCGI_CHILDREN</key>
    <string>2</string>
    <key>PHP_FCGI_MAX_REQUESTS</key>
    <string>256</string>
  </dict>
  <key>Debug</key><false/>
  <key>Disabled</key><true/>
  <key>KeepAlive</key><true/>
 </dict>
 </plist>


 $ chown root:admin /opt/local/etc/LaunchDaemons/*
 $ sudo ln -s /opt/local/etc/LaunchDaemons/org.mamp.php-cgi/org.mamp.php-cgi.plist /Library/LaunchDaemons/org.mamp.php-cgi.plist

 $ mate /opt/local/bin/start-nginx # or vim /opt/local/bin/start-nginx


 #!/bin/bash
 echo 'Stopping Apache...'
 sudo /Applications/MAMP/Library/bin/apachectl stop
 echo 'Starting nginx and php-cgi daemons...'
 sudo launchctl load -w /Library/LaunchDaemons/org.mamp.php-cgi.plist
 sudo launchctl load -w /Library/LaunchDaemons/org.macports.nginx.plist
 echo 'Loading nginx configuration files from /opt/local/etc/nginx/sites-enabled/...'
 \ls -1A /opt/local/etc/nginx/sites-enabled/


 $ mate /opt/local/bin/stop-nginx # or vim /opt/local/bin/stop-nginx


 #!/bin/bash
 echo 'Stopping nginx and php-cgi daemons...'
 sudo launchctl unload -w /Library/LaunchDaemons/org.mamp.php-cgi.plist
 sudo launchctl unload -w /Library/LaunchDaemons/org.macports.nginx.plist
 echo 'Starting Apache...'
 sudo /Applications/MAMP/Library/bin/apachectl start
 echo 'nginx and php-cgi are now stopped and Apache is running'

 $ chmox +x /opt/local/bin/start-nginx
 $ chmox +x /opt/local/bin/stop-nginx
 $ start-nginx
	# These steps will get nginx installed on your Mac for local development and
	# testing purposes, to be used alongside MAMP (which already includes Apache).
	# The following steps assume that you're running MAMP and that you already
	# have php-cgi in /Applications/MAMP/bin/php/php5.4.10/bin/php-cgi.
	# The start-nginx and stop-nginx scripts created at the end do not
	# start or stop MySQL because it is assumed that you normally run MAMP
	# with Apache + MySQL turned on and that you occasionally want to switch
	# your web server to Nginx for testing purposes and that you leave MySQL running.

	# This process was tested successfully on OS X 10.9.

	# Now let's begin. If you don't already have it, download and install macports:
	# http://www.macports.org/install.php


	$ sudo port selfupdate
	$ sudo port install nginx

	$ sudo mkdir /var/log/nginx
	$ sudo chown root:wheel /var/log/nginx

	$ cd /opt/local/etc/nginx
	$ sudo mkdir sites-enabled
	$ sudo mkdir global
	$ sudo cp mime.types.default mime.types
	$ mate fastcgi.conf # or vim fastcgi.conf


	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param QUERY_STRING $query_string;
	fastcgi_param REQUEST_METHOD $request_method;
	fastcgi_param CONTENT_TYPE $content_type;
	fastcgi_param CONTENT_LENGTH $content_length;

	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param REQUEST_URI $request_uri;
	fastcgi_param DOCUMENT_URI $document_uri;
	fastcgi_param DOCUMENT_ROOT $document_root;
	fastcgi_param SERVER_PROTOCOL $server_protocol;
	fastcgi_param HTTPS $https if_not_empty;

	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

	fastcgi_param REMOTE_ADDR $remote_addr;
	fastcgi_param REMOTE_PORT $remote_port;
	fastcgi_param SERVER_ADDR $server_addr;
	fastcgi_param SERVER_PORT $server_port;
	fastcgi_param SERVER_NAME $server_name;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param REDIRECT_STATUS 200;


	$ mate nginx.conf # or vim nginx.conf


	# Nginx Config
	# Note: all Nginx config files follow the WordPress recommendations here:
	# http://codex.wordpress.org/Nginx

	user changeme staff; # set 'changeme' to your username; root and nobody cause permissions issues
	worker_processes 1;

	# Make sure the /var/log/nginx/ directory exists; if not create it and chown root:wheel
	error_log /var/log/nginx/error.log;

	events {
	worker_connections 1024;
	}

	http {

	include mime.types;
	default_type application/octet-stream;
	access_log /var/log/nginx/access.log;
	sendfile on;
	#tcp_nopush on;
	#gzip on;
	keepalive_timeout 3;
	# php max upload limit cannot be larger than this
	client_max_body_size 13m;
	index index.php index.html index.htm;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	# Include per-site configuration files
	include sites-enabled/*;
	}

	$ mate global/restrictions.conf # or vim global/restrictions.conf


	# Global restrictions configuration file.
	# Designed to be included in any server {} block.</p>
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~ /\. {
	deny all;
	}

	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}


	$ mate global/wordpress.conf # or vim global/wordpress.conf


	# WordPress single blog rules.
	# Designed to be included in any server {} block.

	# This order might seem weird - this is attempted to match last if rules below fail.
	# http://wiki.nginx.org/HttpCoreModule
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;

	# Directives to send expires headers and turn off 404 error logging.
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	access_log off; log_not_found off; expires max;
	}

	# Uncomment one of the lines below for the appropriate caching plugin (if used).
	#include global/wordpress-wp-super-cache.conf;
	#include global/wordpress-w3-total-cache.conf;

	# Pass all .php files onto a php-fpm/php-fcgi server.
	location ~ \.php$ {
	# Zero-day exploit defense.
	# http://forum.nginx.org/read.php?2,88845,page=3
	# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
	# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
	try_files $uri =404;

	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_script_name;
	include /opt/local/etc/nginx/fastcgi.conf;
	}


	$ mate sites-enabled/example.dev.conf # or vim sites-enabled/example.dev.conf


	# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

	server {
	server_name _;
	rewrite ^ $scheme://example.dev$request_uri redirect;
	}

	server {
	server_name example.dev;
	root /Users/changeme/Sites/example.dev;

	include global/restrictions.conf;
	include global/wordpress.conf;
	}


	$ sudo mkdir /opt/local/etc/LaunchDaemons/org.mamp.php-cgi
	$ cd /opt/local/etc/LaunchDaemons/org.mamp.php-cgi
	$ mate org.mamp.php-cgi.plist # or vim org.mamp.php-cgi.plist


	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>Label</key>
	<string>org.mamp.php-cgi</string>
	<key>ProgramArguments</key>
	<array>
	<string>/Applications/MAMP/bin/php/php5.4.10/bin/php-cgi</string>
	<string>-b127.0.0.1:9000</string>
	<string>-q</string>
	</array>
	<key>EnvironmentVariables</key>
	<dict>
	<key>PHP_FCGI_CHILDREN</key>
	<string>2</string>
	<key>PHP_FCGI_MAX_REQUESTS</key>
	<string>256</string>
	</dict>
	<key>Debug</key><false/>
	<key>Disabled</key><true/>
	<key>KeepAlive</key><true/>
	</dict>
	</plist>


	$ chown root:admin /opt/local/etc/LaunchDaemons/*
	$ sudo ln -s /opt/local/etc/LaunchDaemons/org.mamp.php-cgi/org.mamp.php-cgi.plist /Library/LaunchDaemons/org.mamp.php-cgi.plist

	$ mate /opt/local/bin/start-nginx # or vim /opt/local/bin/start-nginx


	#!/bin/bash
	echo 'Stopping Apache...'
	sudo /Applications/MAMP/Library/bin/apachectl stop
	echo 'Starting nginx and php-cgi daemons...'
	sudo launchctl load -w /Library/LaunchDaemons/org.mamp.php-cgi.plist
	sudo launchctl load -w /Library/LaunchDaemons/org.macports.nginx.plist
	echo 'Loading nginx configuration files from /opt/local/etc/nginx/sites-enabled/...'
	\ls -1A /opt/local/etc/nginx/sites-enabled/


	$ mate /opt/local/bin/stop-nginx # or vim /opt/local/bin/stop-nginx


	#!/bin/bash
	echo 'Stopping nginx and php-cgi daemons...'
	sudo launchctl unload -w /Library/LaunchDaemons/org.mamp.php-cgi.plist
	sudo launchctl unload -w /Library/LaunchDaemons/org.macports.nginx.plist
	echo 'Starting Apache...'
	sudo /Applications/MAMP/Library/bin/apachectl start
	echo 'nginx and php-cgi are now stopped and Apache is running'

	$ chmox +x /opt/local/bin/start-nginx
	$ chmox +x /opt/local/bin/stop-nginx
	$ start-nginx